[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone
Daisuke HIGASHI
daisuke.higashi at gmail.com
Fri Jun 28 17:10:38 UTC 2013
Hi,
2013/6/10 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
> cache-min-ttl could perhaps change unbound's behaviour here.
Thank you for your suggestion and I confirmed
that "cache-min-ttl: <small number>" leads Unbound to cache
such ANY-query results.
2013/6/10 Peter Koch <pk at denic.de>:
> I am not convinced that implementing ANY as 'all', encouraging
> false expectations, is really the right thing to do.
> Additionally, in the context of recent events - even if unbound
> would only rarely be run as open recursive - it 'helps' authoritative
> servers to see more queries.
At nameserver-side, giving non-zero TTL for NSEC3PARAM records
might be an workaround against this issue.
Unfortunately OpenDNSSEC decided to set zero-TTL
to NSEC3PARAM of signing zones [1].
[1] https://issues.opendnssec.org/browse/OPENDNSSEC-330
Regards,
--
Daisuke HIGASHI <daisuke.higashi at gmail.com>
More information about the Unbound-users
mailing list