BIND caching of nxdomain responses
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Nov 8 12:30:40 UTC 2021
On Fri, 2021-10-22 at 13:22 -0400, Dan Hanks wrote:
> On Fri, Oct 22, 2021 at 9:57 AM Dan Hanks <danhanks at gmail.com> wrote:
> > Greetings,
> >
> > As I understand RFC 2308, when receiving an NXDOMAIN response, and when deciding how long to cache that NXDOMAIN response, a resolver should use whichever value is lower of the SOA TTL, and the SOA.minimum value as the length of time to cache the NXDOMAIN.
>
> I interpret this to mean that an authoritative resolver should set the
> TTL on the SOA record included in the AUTHORITY section of an NXDOMAIN
> response to be the minimum of the zone SOA TTL, and the SOA.minimum
> field. It does not look like Route53 is doing this.
Indeed, Route53 is not doing this, but they should. I spoke to them
about this some time ago, and they do intend to fix it, as far as I
understand.
See also
https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021362.html
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the bind-users
mailing list