serve-expired: "yes" and cache-min-ttl: 30 unsafe?
nicku at nicku.org
Sun Oct 28 19:20:17 UTC 2018
On 25/10/18 18:10 +1100, Nick Urbanik via Unbound-users wrote:
>I am puzzled by the behaviour of our multi-level DNS system which
>answered many queries for names having shorter TTLs with SERVFAIL.
I mean that SERVFAILs went up to 50% of replies, and current names
with TTLs of around 300 failed to be fetched by the resolver, the last
DNS servers in the chain. What I mean is that adding these two
configuration options (serve-expired: "yes" and cache-min-ttl: 30)
caused an outage. I am trying to understand why.
Any ideas in understanding the mechanism would be very welcome.
>By multilevel, I mean clients talk to one server, which forwards to
>another, and for some clients, there is a third level of caching.
>So it was unwise to add:
>to the server section of these DNS servers running unbound 1.6.8 on
>up to date RHEL 7? Please could anyone cast some light on why this
>was so? I will be spending some time examining the cause.
>If you need more information, please let me know.
Nick Urbanik http://nicku.org nicku at nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
More information about the Unbound-users