DNS Negative Caching (Harshith)

Harshith Mulky harshith.mulky at outlook.com
Wed Sep 2 13:21:28 UTC 2015 

I thank you all for providing me such valuable information on DNS Negative Caching
I would have never thought that so many things would be Applied in deciding what would be cached

I once again thank each one of you and appreciate for the time and valuable feedback

Cheers
Harshith

> From: bind-users-request at lists.isc.org
> Subject: bind-users Digest, Vol 2189, Issue 1
> To: bind-users at lists.isc.org
> Date: Tue, 1 Sep 2015 12:00:01 +0000
> 
> Send bind-users mailing list submissions to
> 	bind-users at lists.isc.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> 	bind-users-request at lists.isc.org
> 
> You can reach the person managing the list at
> 	bind-users-owner at lists.isc.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: DNS Negative Caching (Chris Buxton)
>    2. How does named log update request (liumingxing)
>    3. Re: DNS Negative Caching (Rich Goodson)
>    4. Re: DNSSEC ZSK rollover (Tony Finch)
>    5. Re: How does named log update request (Tony Finch)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 31 Aug 2015 07:19:33 -0700
> From: Chris Buxton <clists at buxtonfamily.us>
> To: Barry Margolin <barmar at alum.mit.edu>
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: DNS Negative Caching
> Message-ID: <9CA7DB5C-6E06-4EC8-A216-16A926CBA130 at buxtonfamily.us>
> Content-Type: text/plain; charset=us-ascii
> 
> On Aug 28, 2015, at 5:27 PM, Barry Margolin <barmar at alum.mit.edu> wrote:
> 
> > Note that if a server is authoritative-only, caching is mostly 
> > irrelevant, so the negative cache TTL doesn't much apply. In this case, 
> > the SOA Minimum is just being used as the default TTL.
> 
> No, that is not correct. When responding negatively, the authoritative server uses the negative caching TTL (the Minimum field) as the TTL of the SOA record in the authority section.
> 
> Chris
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 31 Aug 2015 22:36:30 +0800
> From: liumingxing <liumingxing at cnnic.cn>
> To: bind-users <bind-users at lists.isc.org>
> Subject: How does named log update request
> Message-ID: <2015083122362973447817 at cnnic.cn>
> Content-Type: text/plain; charset="gb2312"
> 
> hi,
>     In my server, I found update need longer time, So I want to check why by checking logs.
>   As we know, named Logging of all dynamic update transactions. In the update channel file, how I can know when the server receives update request?
> 
> 
> 
> 
> 
> 
> Mingxing, Liu
>  
> mail?liumingxing at cnnic.cn
> tel??010?58812467
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150831/a9041efe/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 31 Aug 2015 10:23:54 -0500
> From: Rich Goodson <rgoodson at gronkulator.com>
> To: Harshith Mulky <harshith.mulky at outlook.com>
> Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: Re: DNS Negative Caching
> Message-ID: <A997D9BC-0788-4E98-A35A-59194C2F052C at gronkulator.com>
> Content-Type: text/plain; charset="windows-1252"
> 
> I have a feeling that the discussion regarding SOA fields didn?t really answer your question, Harshith.
> 
> Yes, negative results (NXDOMAIN) are usually cached for the amount of time specified in the last field of the SOA. This field was originally named ?Minimum?, but is since used for NXDOMAIN TTL.
> 
> The default amount of time that NXDOMAIN answers will be cached on iterative resolvers for the zone shown below is 3 hours.  
> 
> In your lwresd config file, however, you have man-ncache-ttl defined as 300 seconds.  I have not used lwresd much, but I know it supports BIND style config files, so I assume that  lwresd will override the value sent by the authoritative server and only cache NXDOMAIN answers for your zone for 5 minutes, just like BIND would do, given that same config directive.
> 
> You can test this behavior by doing ?dig? commands against your lightweight resolver to see what TTL it has cached for a particular zone or RR.
> 
> ?Rich
> 
> > On Aug 25, 2015, at 5:46 AM, Harshith Mulky <harshith.mulky at outlook.com> wrote:
> > 
> > I have a confusion on how the clients respond to and cache when particularly we receive negative replies from a DNS Server, particularly NXDOMAIN or SERVFAIL responses
> > 
> > on the DNS Zone file we have these records
> > $ORIGIN e164.arpa.
> > @   IN     SOA  picardvm2.e164.arpa. e164-contacts.e164.arpa.  (
> >                                 2002022404 ; serial
> >                                 3H ; refresh
> >                                 15 ; retry
> >                                 1w ; expire
> >                                 3h ; minimum
> >                                )
> > 
> > so 3h is basically the amount of time clients are asked to cache negative results.
> > 
> > Now on the client side at lwresd.conf, if I have 
> > 
> > max-ncache-ttl 300
> > 
> > Will the client override the default 3h value sent as response from the DNS Sever for the zone e164.arpa
> > 
> > 
> > How are Negative responses usually cached?
> > 
> > Thanks
> > Harshith
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> > https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150831/a2e2c4ef/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 1 Sep 2015 11:19:27 +0100
> From: Tony Finch <dot at dotat.at>
> To: Evan Hunt <each at isc.org>
> Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: Re: DNSSEC ZSK rollover
> Message-ID: <alpine.LSU.2.00.1509011108040.734 at hermes-2.csi.cam.ac.uk>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> Evan Hunt <each at isc.org> wrote:
> >
> > It is intentional; it spreads out the work of resigning over a longer
> > period of time to reduce the load on the server. (And a lot of people
> > prefer smaller IXFRs anyway.)
> 
> We have tweaked sig-signing-nodes and sig-signing-signatures to make
> incremental signing work in larger chunks. We also have a wee patch (by
> Chris Thompson) which makes the re-signing jitter more clumpy, so RRsets
> are re-signed if their scheduled time is within 5 minutes of the current
> time instead of 5 seconds. This patch might be an answer to a comment in
> this code which says:
> 
> 		/* XXXMPA increase number of RRsets signed pre call */
> 
> https://git.csx.cam.ac.uk/x/ucs/ipreg/bind9.git/commitdiff/2eba83e63a8206d32e12f9f6b763fcdf63294b52
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
> moderate, but rough in southwest Viking. Showers later. Good, occasionally
> poor later.
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 1 Sep 2015 11:34:46 +0100
> From: Tony Finch <dot at dotat.at>
> To: liumingxing <liumingxing at cnnic.cn>
> Cc: bind-users <bind-users at lists.isc.org>
> Subject: Re: How does named log update request
> Message-ID: <alpine.LSU.2.00.1509011128450.734 at hermes-2.csi.cam.ac.uk>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> liumingxing <liumingxing at cnnic.cn> wrote:
> 
> >   As we know, named Logging of all dynamic update transactions. In the
> > update channel file, how I can know when the server receives update
> > request?
> 
> Only at debug level 3, for example:
> 
> 2015-09-01.11:25:55.851 client: debug 3: client 127.0.0.1#60986/key local-ddns: view auth: update
> 
> Other preliminary update checks are at debug level 8, e.g.:
> 
> 2015-09-01.11:32:32.162 update: debug 8: client 127.0.0.1#60986/key local-ddns: view auth: updating zone 'dotat.at/IN': update section prescan OK
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
> moderate, but rough in southwest Viking. Showers later. Good, occasionally
> poor later.
> 
> 
> ------------------------------
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> End of bind-users Digest, Vol 2189, Issue 1
> *******************************************
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150902/94c0a717/attachment.html>

More information about the bind-users mailing list