On Wed, 10 Oct 2007, Mark Nottingham wrote:
From ipcache.c;if (ttl == 0 || ttl > Config.positiveDnsTtl) ttl = Config.positiveDnsTtl; if (ttl < Config.negativeDnsTtl) ttl = Config.negativeDnsTtl; i->expires = squid_curtime + ttl;As I read this, if the TTL from an upstream resolver happens to be '0', it changes it to whatever positive_dns_ttl is -- even though that also acts as a ceiling for DNS TTLs.
I think this is partly left over from the old days when Squid always used the external dnsserver programs. 'dnsserver' could only report TTLs if the O/S had the libresolv _dns_ttl hack. So "ttl == 0" meant that dnsserver didn't have any TTL value, so it should be set to positive_dns_ttl.
The problem is that this plays havoc with DNS-based load balancers, which will be '0' more often than other DNS entries by nature. Any chance of either;
The only thing I'm worried about is that with true 0 TTL squid will have to make multiple lookups for a single HTTP request. For example, if someone had a long list of 'dst' ACLs then each one could result in a new DNS lookup. AFAIK, the ipcache is the only place where DNS lookups are cached and Squid may refer to the ipcache multiple times for a given HTTP transaction. DW
