On 20/09/2022 23:54, Glenn Fowler wrote:
Hi,
I am caching positive responses for 40 minutes (min-cache-ttl), but want
negative responses cached for only 1 minute. If the forward zone server
is down momentarily, all of the queries during that time could result in
an erroneous negative response that gets cached for 40 minutes and
unreachable during that time instead of the desired 1 minute.
This is not the case: you need to distinguish between a reply which
says "this domain/RR does not exist" and no response or an error from
the server. The later is never cached. If the forward zone server is
down it can't answer and so can't put anything in the cache.
With neg-ttl working as expected, a retry after the 1 minute mark would
result in a positive response.
See above, in this case there will be error responses until the upstream
server recovers.
In general, negative responses shouldn't have a high TTL.
neg-ttl is only a fall-back should a negative response not contain TTL
information, so making it override min-cache-ttl won't affect the normal
case where negative repliues have an SOA record which specifies the TTL.
There might be an argument for not making min-cache-ttl apply to
negative caching, but I'm not sure that makes sense. min-cache-ttl is a
dangerous option which comes with caveats anyway, if it breaks stuff,
just switch it off.
Simon.
On Tue, Sep 20, 2022 at 4:59 PM Geert Stappers via Dnsmasq-discuss
<dnsmasq-discuss@lists.thekelleys.org.uk
<mailto:dnsmasq-discuss@lists.thekelleys.org.uk>> wrote:
On Tue, Sep 20, 2022 at 10:41:29AM -0400, Glenn Fowler wrote:
> Hello,
>
> I have observed that if min-cache-ttl time is greater than
neg-ttl time,
> then the neg-ttl time is ignored and negative responses are
cached at the
> min-cache-ttl time.
>
> The expected behavior should be that neg-ttl is independent of
> min-cache-ttl.
What are the negative effects of it? (a.k.a. With which priority needs
it further attention?)
> In searching I did find that unbound had the exact same issue:
> https://github.com/NLnetLabs/unbound/issues/533
<https://github.com/NLnetLabs/unbound/issues/533>
>
> I am on v2.86 on OpenWrt
>
> Thank you
Thanks for what?
Groeten
Geert Stappers
--
Silence is hard to parse
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
<mailto:Dnsmasq-discuss@lists.thekelleys.org.uk>
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
<https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss