NXDOMAIN cache
Dave Warren
davew at hireahit.com
Mon Oct 26 19:26:28 UTC 2015
On 2015-10-25 09:20, Stephane Bortzmeyer via Unbound-users wrote:
> On Sun, Oct 25, 2015 at 12:59:23AM -0700,
> Dave Warren via Unbound-users <unbound-users at unbound.net> wrote
> a message of 58 lines which said:
>
>> Unbound has a "cache-max-negative-ttl", but no minimum is listed at
>> https://unbound.net/documentation/unbound.conf.html
> I disagree, there is:
>
> cache-min-ttl: <seconds>
> Time to live minimum for RRsets and messages in the cache.
> Default is 0. If the minimum kicks in, the data is
> cached for ...
>
> Note that, unlike cache-max-ttl, it is a violation of the protocol
> and, of you use it, horrible things may happen.
Doesn't this control minimum TTLs on all queries, not just negative
results?
At least in the context of a mail server, over-caching negative results
will only cause a small amount of pain whereas over-caching positive
results may cause real deliverability problems.
If this instance of Unbound only handles DNSBL traffic and nothing else,
then it's possibly not-too-dangerous, at least if the minimum is kept
reasonable. A handful of minutes, perhaps?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the Unbound-users
mailing list