Negative cache being ignored.
he at uninett.no
Tue Oct 17 12:21:39 UTC 2017
> In this example, trying to lookup a CAA record for a domain:
> # time host -t CAA jhmnet.net 192.168.136.181
> real 0m3.876s
> Run this again, immediately after:
> real 0m0.016s
> Implying the cache is working as expected. (cache-max-negative-ttl: 120)
> However, after about ~9 seconds, the query goes back to taking
> 3-4 seconds, implying its not. Sure enough a tcpdump on the
> host running unbound shows it trying to access the jhmnet.net
> Auth server(s)
> Why is unbound not respecting the 2 (120second) min max-negative-ttl?
The situation with jhmnet.net is that it's completely off the
air, because neither of the two delegated-to name servers serve
the zone, so you have a "double lame delegation".
Negative caching revolves around negative authoritative answers,
and this isn't that -- the resolver simply wasn't able to get any
More information about the Unbound-users