davew at hireahit.com
Sun Oct 25 07:59:23 UTC 2015
On 2015-10-24 22:55, Alexandre J. Correa (Onda) via Unbound-users wrote:
> My first e-mail comes with some questions.. :)
> 1- Unbound can cache NXDOMAIN responses ?
> 2- Unbound can change/force the TTL of NXDOMAIN as i define ??
> the purpose of force/change TTL of NXDOMAIN is for a project to fight
> SPAM ak. SPFBL.
> Because of the project´s success here (Brazil), i need to increase the
> cache of NXDOMAIN on mirror servers to lower cpu usage...
> afaik, TTL of NXDOMAIN came from SOA records, but in my tests, unbound
> cache responses for only 4 seconds ..
> if i flood with 20 queries like:
> # dig @localhost 220.127.116.11.dnsbl.spfbl.net
> the first query goes to 'central' server -- OK, expected (cache is empty)
> the others 19 queries came from cache -- OK, expected
> waiting 10 seconds, and flood again..
> the first query goes to 'central' server -- NOT OK, expected come from
> local cache ...
> How i can force the TTL of NXDOMAIN using unbound ??
What is the negative result TTL if you use this command:
dig 18.104.22.168.dnsbl.spfbl.net +trace +nodnssec
The server matrix.spfbl.net. doesn't respond from here, but using
Spamhaus, the tail of the +trace command would show this:
dig 22.214.171.124.xbl.spamhaus.org +trace +nodnssec
xbl.spamhaus.org. 150 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1510250741 3600 600 432000 150
;; Received 108 bytes from 126.96.36.199#53(a.ns.spamhaus.org) in 161 ms
This tells us that the response can only be cached for 150 seconds.
Unbound has a "cache-max-negative-ttl", but no minimum is listed at
More information about the Unbound-users