DNS Negative Caching

Rich Goodson rgoodson at gronkulator.com
Mon Aug 31 15:23:54 UTC 2015 

I have a feeling that the discussion regarding SOA fields didn’t really answer your question, Harshith.

Yes, negative results (NXDOMAIN) are usually cached for the amount of time specified in the last field of the SOA. This field was originally named “Minimum”, but is since used for NXDOMAIN TTL.

The default amount of time that NXDOMAIN answers will be cached on iterative resolvers for the zone shown below is 3 hours.  

In your lwresd config file, however, you have man-ncache-ttl defined as 300 seconds.  I have not used lwresd much, but I know it supports BIND style config files, so I assume that  lwresd will override the value sent by the authoritative server and only cache NXDOMAIN answers for your zone for 5 minutes, just like BIND would do, given that same config directive.

You can test this behavior by doing ‘dig’ commands against your lightweight resolver to see what TTL it has cached for a particular zone or RR.

—Rich

> On Aug 25, 2015, at 5:46 AM, Harshith Mulky <harshith.mulky at outlook.com> wrote:
> 
> I have a confusion on how the clients respond to and cache when particularly we receive negative replies from a DNS Server, particularly NXDOMAIN or SERVFAIL responses
> 
> on the DNS Zone file we have these records
> $ORIGIN e164.arpa.
> @   IN     SOA  picardvm2.e164.arpa. e164-contacts.e164.arpa.  (
>                                 2002022404 ; serial
>                                 3H ; refresh
>                                 15 ; retry
>                                 1w ; expire
>                                 3h ; minimum
>                                )
> 
> so 3h is basically the amount of time clients are asked to cache negative results.
> 
> Now on the client side at lwresd.conf, if I have 
> 
> max-ncache-ttl 300
> 
> Will the client override the default 3h value sent as response from the DNS Sever for the zone e164.arpa
> 
> 
> How are Negative responses usually cached?
> 
> Thanks
> Harshith
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150831/a2e2c4ef/attachment.html>

More information about the bind-users mailing list