minimum cache times?

Mark Andrews marka at isc.org
Fri Oct 8 00:32:45 UTC 2010 

In message <4CADEF52.2020108 at arcor.de>, Christoph Weber-Fahr writes:
> Hello,
> 
> On 07.10.2010 02:40, Mark Andrews wrote:
> > In message <4CAD0856.9010408 at arcor.de>, Christoph Weber-Fahr writes:
> >> Well, I was talking about minimum values, and, especially,
> >> a min-ncache-ttl, i.e. a minimum for negative caching.
> >>
> >> My point of view is that of a the operator of a very busy DNS resolver/c=
> ache
> >> infrastructure.
> >>
> >> For anecdotal evidence, I present this:
> >>
> >> http://blog.boxedice.com/2010/09/28/watch-out-for-millions-of-ipv6-dns-a=
> aaa-r
> >> equests/
> >>
> >> Now this ostensibly is about how bad IPv6 is for DNS (no comment),
> >> but somewhere down comes the interesting tidbit: apparently there
> >> are commercial DNS providers (dyn.com in this case) who recommend
> >> and default to 60 seconds as SOA value for negative caching in their
> >> customer zones.
> > =
> 
> > For a dynamic DNS provider where A RRsets come and go 60 seconds
> > is about right.  =
> 
> 
> This isn' about dynamic DNS. To quote:
> 
> " Dyn Inc. is a world leader in managed DNS, providing
> =93rock-solid=94 DNS solutions for everyone. "
> 
> The quoted case is about a standard DNS customer having a
> normal, hosted web server who uses dyn.com for DNS hosting.

And TTLs, both positive and negative need to be tuned for the usage
model.  Some usage models require small TTLs some don't.

>From what I can see they provided feedback that there was unexpected
traffic within a short period of time which is what I would expect
from a managed service.

> >> RIPE's recommended default is 1 hour.
> >
> > Aimed at a different user base.
> 
> Actually, no. This case is exactly what RIPE recommends the 1h for.

Sorry 1 hour is ridiculously long if I have a machine that is coming
and going from the net and needs to remove the A records when it is
off the net.

If applications honoured 0.0.0.0 as I exist but don't know my address
one could leave a 0.0.0.0 record in the DNS and not need a small
negative TTL.

If you just need quick change over to a different set of addresses
then a longer negative TTL is appropriate.

> > It's also pretty good evidence that it is time to
> > set up IPv6 for that name.  There are obviously plenty of clients
> > out there willing to connect over IPv6 if only the server supported
> > it.
> 
> But it's not my name, and I have no control over it; nor do I have
> control over millions of other names customers of ours are resolving,
> using our infrastructure.
> 
> Short negative caching times are convenient for Domain owners
> but troublesome for cache owners; and my main question is
> does or will Bind provide the means to mitigate at least
> the more egregious cases.

Which assumes you have a better understanding of why the TTL is
short in the first place.

> A min-ncache-ttl might be a way to do that.
> 
> > Or one might actually turn on IPv6.  Plenty of unsatisfied demand out
> > there.
> 
> Correct but irrelevant.
> 
> > Well a little more bandwidth.  Percentage wise DNS is small compared
> > to all the other traffic out there.
> 
> Bandwidth is not the problem. DNS work is. Recursive resolving is much more
> costly in terms of resolver capacity than answering from cache.
> 
> Regards,
> 
> Christoph Weber-Fahr
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list