Negative cache being ignored.

Havard Eidnes he at
Tue Oct 17 12:21:39 UTC 2017

> In this example, trying to lookup a CAA record for a domain:
> ...
> # time host -t CAA 
> real    0m3.876s 
> Run this again, immediately after:
> real    0m0.016s
> Implying the cache is working as expected. (cache-max-negative-ttl: 120)
> However, after about ~9 seconds, the query goes back to taking
> 3-4 seconds, implying its not. Sure enough a tcpdump on the
> host running unbound shows it trying to access the
> Auth server(s)
> Why is unbound not respecting the 2 (120second) min max-negative-ttl?

The situation with is that it's completely off the
air, because neither of the two delegated-to name servers serve
the zone, so you have a "double lame delegation".

Negative caching revolves around negative authoritative answers,
and this isn't that -- the resolver simply wasn't able to get any
answer whatsoever.


- Håvard

More information about the Unbound-users mailing list