auth-nxdomain

[Barry Margolin]

In article <002c01bfcbe1$82141ea0$796486c3 at noc.uoa.gr>,
Nikos Voutsinas <nvoutsin at noc.uoa.gr> wrote:
>
>> In article <002301bfcbc5$97890b40$796486c3 at noc.uoa.gr>,
>> Nikos Voutsinas <nvoutsin at noc.uoa.gr> wrote:
>> >How can I declare the auth-nxdomain?
>>
>> What do you mean by this?
>
>Hello again,
>
>I have an OpenView asking me for PTR records, for the most of the router
>devices there in not a PTR records . So I want to avoid asking authoritative
>servers and get each time the same response [Error: 3(Name Error)]

Your local nameserver should be caching the negative responses, so it
shouldn't need to ask the authoritative server repeatedly.  What version of
BIND are you running on your caching server?

>I also want to convince the resolrver  on the machine ,where the OpenView is
>running not to asking me again and again for not existent PTR records.

Most resolvers don't do any caching.  nscd is the only common exception I
can think of.

>That's why I need negative cache.

Current versions of the BIND server have a negative cache.

>I' ve also read that I should check for the auth-nxdomain option to flag
>cashed negative responses as authoritative.
>How can I enable or disable this feature?

In named.conf, you can put:

options {
  auth-nxdomain no;
};

to disable auth-nxdomain.  It's enabled by default.

>Do you have any other solution ?
>
>>
>> >       Also Is there any way to increase the
>> >"TTL" of negative cashed responses?
>>
>> The MinTTL field of the SOA record specifies the negative cache TTL.
>>
>
>So there isn't any option like Solaris's  nscd for negative time to live
>time

There's a "max-ncache-ttl" option you can put in the named.conf file.  It
defaults to 3 hours, and is capped at 7 days.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.