[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: Re: DNS Negative Caching
From: Rich Goodson <rgoodson () gronkulator ! com>
Date: 2015-08-31 15:23:54
Message-ID: A997D9BC-0788-4E98-A35A-59194C2F052C () gronkulator ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I have a feeling that the discussion regarding SOA fields didn’t really answer your \
question, Harshith.
Yes, negative results (NXDOMAIN) are usually cached for the amount of time specified \
in the last field of the SOA. This field was originally named “Minimum”, but is since \
used for NXDOMAIN TTL.
The default amount of time that NXDOMAIN answers will be cached on iterative \
resolvers for the zone shown below is 3 hours.
In your lwresd config file, however, you have man-ncache-ttl defined as 300 seconds. \
I have not used lwresd much, but I know it supports BIND style config files, so I \
assume that lwresd will override the value sent by the authoritative server and only \
cache NXDOMAIN answers for your zone for 5 minutes, just like BIND would do, given \
that same config directive.
You can test this behavior by doing ‘dig’ commands against your lightweight resolver \
to see what TTL it has cached for a particular zone or RR.
—Rich
> On Aug 25, 2015, at 5:46 AM, Harshith Mulky <harshith.mulky@outlook.com> wrote:
>
> I have a confusion on how the clients respond to and cache when particularly we \
> receive negative replies from a DNS Server, particularly NXDOMAIN or SERVFAIL \
> responses
> on the DNS Zone file we have these records
> $ORIGIN e164.arpa.
> @ IN SOA picardvm2.e164.arpa. e164-contacts.e164.arpa. (
> 2002022404 ; serial
> 3H ; refresh
> 15 ; retry
> 1w ; expire
> 3h ; minimum
> )
>
> so 3h is basically the amount of time clients are asked to cache negative results.
>
> Now on the client side at lwresd.conf, if I have
>
> max-ncache-ttl 300
>
> Will the client override the default 3h value sent as response from the DNS Sever \
> for the zone e164.arpa
>
> How are Negative responses usually cached?
>
> Thanks
> Harshith
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users \
> <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
> bind-users mailing list
> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users \
> <https://lists.isc.org/mailman/listinfo/bind-users>
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space;" class="">I have a feeling that the \
discussion regarding SOA fields didn’t really answer your question, Harshith.<div \
class=""><br class=""></div><div class="">Yes, negative results (NXDOMAIN) are \
usually cached for the amount of time specified in the last field of the SOA. This \
field was originally named “Minimum”, but is since used for NXDOMAIN TTL.</div><div \
class=""><br class=""></div><div class="">The default amount of time that NXDOMAIN \
answers will be cached on iterative resolvers for the zone shown below is 3 hours. \
</div><div class=""><br class=""></div><div class="">In your lwresd config \
file, however, you have man-ncache-ttl defined as 300 seconds. I have not used \
lwresd much, but I know it supports BIND style config files, so I assume that \
lwresd will override the value sent by the authoritative server and only cache \
NXDOMAIN answers for your zone for 5 minutes, just like BIND would do, given that \
same config directive.</div><div class=""><br class=""></div><div class="">You can \
test this behavior by doing ‘dig’ commands against your lightweight resolver to see \
what TTL it has cached for a particular zone or RR.</div><div class=""><br \
class=""></div><div class="">—Rich</div><div class=""><br class=""><div><blockquote \
type="cite" class=""><div class="">On Aug 25, 2015, at 5:46 AM, Harshith Mulky <<a \
href="mailto:harshith.mulky@outlook.com" class="">harshith.mulky@outlook.com</a>> \
wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">I have a \
confusion on how the clients respond to and cache when particularly we receive \
negative replies from a DNS Server, particularly NXDOMAIN or SERVFAIL responses<br \
class=""><br class="">on the DNS Zone file we have these records<br class="">$ORIGIN \
e164.arpa.<br class="">@ IN SOA \
picardvm2.e164.arpa. e164-contacts.e164.arpa. (<br \
class="">   \
; \
2002022404 ; serial<br \
class="">   \
; \
3H ; refresh<br class=""> & \
nbsp; \
15 ; retry<br class=""> &nb \
sp; \
1w ; expire<br class=""> &n \
bsp; <span \
class="Apple-converted-space"> </span><b class="">3h</b><span \
class="Apple-converted-space"> </span>; minimum<br \
class="">   \
; \
)<br class=""><br class="">so 3h is basically the amount of time clients are asked to \
cache negative results.<br class=""><br class="">Now on the client side at \
lwresd.conf, if I have<span class="Apple-converted-space"> </span><br \
class=""><br class="">max-ncache-ttl 300<br class=""><br class="">Will the client \
override the default 3h value sent as response from the DNS Sever for the zone \
e164.arpa<br class=""><br class=""><br class="">How are Negative responses usually \
cached?<br class=""><br class="">Thanks<br class="">Harshith<br class=""></div><span \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; \
display: inline !important;" \
class="">_______________________________________________</span><br \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; \
display: inline !important;" class="">Please visit<span \
class="Apple-converted-space"> </span></span><a \
href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family: Calibri; \
font-size: 16px; font-style: normal; font-variant: normal; font-weight: normal; \
letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-text-stroke-width: 0px;" \
class="">https://lists.isc.org/mailman/listinfo/bind-users</a><span \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; \
display: inline !important;" class=""><span \
class="Apple-converted-space"> </span>to unsubscribe from this list</span><br \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; \
display: inline !important;" class="">bind-users mailing list</span><br \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a \
href="mailto:bind-users@lists.isc.org" style="font-family: Calibri; font-size: 16px; \
font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: \
normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; \
-webkit-text-stroke-width: 0px;" class="">bind-users@lists.isc.org</a><br \
style="font-family: Calibri; font-size: 16px; font-style: normal; font-variant: \
normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a \
href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family: Calibri; \
font-size: 16px; font-style: normal; font-variant: normal; font-weight: normal; \
letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-text-stroke-width: 0px;" \
class="">https://lists.isc.org/mailman/listinfo/bind-users</a></div></blockquote></div><br \
class=""></div></body></html>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic