Understanding TTL in "rndc dumpdb"-output
Tom
tomtux007 at gmail.com
Wed Oct 24 04:34:11 UTC 2018
Hi Michal
Thank you for this feedback.
I've checked the serve-stale status, which is currently off.
# rndc serve-stale status
_default: off (stale-answer-ttl=1 max-stale-ttl=604800)
_bind: off (stale-answer-ttl=1 max-stale-ttl=604800)
Is this a normal behavior, that in the "rndc dumpdb" nevertheless the
TTL in the form of "serve-stale" is shown (even if the
serve-stale-status = off)?
Thank you.
Tom
On 23.10.18 10:25, Michał Kępień wrote:
>> After querying my resolver for "testbla11.example.com", I receive a NXDOMAIN
>> response with a minimum-ttl (in the soa) of 3600.
>> When I afterwards dump the cache of my resolver (9.12.2-P1) with "rndc
>> dumpdb" and look for the negative ttl, then a value much bigger than 3600 is
>> shown (608363):
>> # grep testbla /var/named/data/named_dump.db
>> testbla11.example.com. 608363 \-ANY ;-$NXDOMAIN
>>
>> This number decrements every second.
>>
>> What is this number? The same behavior for positive answers too. The
>> A-record for "www.google.com" has a TTL for 300 seconds. In the "rndc
>> dumpdb"-output I have a value for 605082.
>
> This happens due to the serve-stale feature being available in BIND 9.12
> and later, with max-stale-ttl set to 604800 by default (note that this
> does *not* mean serving stale answers is enabled by default). The TTLs
> you are seeing in the cache dump essentially indicate how much longer
> any given record will be kept in the cache database. The serve-stale
> "offset" is indicated in a comment near the top of the dump; I am fairly
> sure it will say "; using a 604800 second stale ttl" in your case.
>
More information about the bind-users
mailing list