Alexandre J. Correa (Onda) alexandre at onda.net.br
Mon Oct 26 20:35:42 UTC 2015

Yes, this only handles DNSBL records ...

Em 26/10/2015 17:26, Dave Warren via Unbound-users escreveu:
> On 2015-10-25 09:20, Stephane Bortzmeyer via Unbound-users wrote:
>> On Sun, Oct 25, 2015 at 12:59:23AM -0700,
>>   Dave Warren via Unbound-users <unbound-users at unbound.net> wrote
>>   a message of 58 lines which said:
>>> Unbound has a "cache-max-negative-ttl", but no minimum is listed at
>>> https://unbound.net/documentation/unbound.conf.html
>> I disagree, there is:
>>   cache-min-ttl: <seconds>
>>                Time to live minimum for  RRsets  and  messages in  
>> the  cache.
>>                Default  is  0.  If the minimum kicks in, the data is
>>           cached for ...
>> Note that, unlike cache-max-ttl, it is a violation of the protocol
>> and, of you use it, horrible things may happen.
> Doesn't this control minimum TTLs on all queries, not just negative 
> results?
> At least in the context of a mail server, over-caching negative 
> results will only cause a small amount of pain whereas over-caching 
> positive results may cause real deliverability problems.
> If this instance of Unbound only handles DNSBL traffic and nothing 
> else, then it's possibly not-too-dangerous, at least if the minimum is 
> kept reasonable. A handful of minutes, perhaps?


Alexandre Jeronimo Correa

Office: +55 34 3351 3077

Onda Internet

More information about the Unbound-users mailing list