serve-expired: "yes" and cache-min-ttl: 30 unsafe?

Nick Urbanik nicku at nicku.org
Thu Oct 25 07:10:37 UTC 2018


Dear Folks,

Thank you for an excellent piece of software.

I am puzzled by the behaviour of our multi-level DNS system which
answered many queries for names having shorter TTLs with SERVFAIL.

By multilevel, I mean clients talk to one server, which forwards to
another, and for some clients, there is a third level of caching.

So it was unwise to add:
serve-expired: "yes"
cache-min-ttl: 30

to the server section of these DNS servers running unbound 1.6.8 on
up to date RHEL 7?  Please could anyone cast some light on why this
was so?  I will be spending some time examining the cause.

If you need more information, please let me know.
-- 
Nick Urbanik             http://nicku.org           nicku at nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24



More information about the Unbound-users mailing list