On 2015-10-24 22:55, Alexandre J. Correa (Onda) via Unbound-users wrote:
Hello,
My first e-mail comes with some questions.. :)
1- Unbound can cache NXDOMAIN responses ?
2- Unbound can change/force the TTL of NXDOMAIN as i define ??
the purpose of force/change TTL of NXDOMAIN is for a project to fight
SPAM ak. SPFBL[1].
Because of the project´s success here (Brazil), i need to increase the
cache of NXDOMAIN on mirror servers to lower cpu usage...
afaik, TTL of NXDOMAIN came from SOA records, but in my tests, unbound
cache responses for only 4 seconds ..
if i flood with 20 queries like:
# dig @localhost 1.0.0.127.dnsbl.spfbl.net
the first query goes to 'central' server -- OK, expected (cache is empty)
the others 19 queries came from cache -- OK, expected
waiting 10 seconds, and flood again..
the first query goes to 'central' server -- NOT OK, expected come from
local cache ...
How i can force the TTL of NXDOMAIN using unbound ??
What is the negative result TTL if you use this command:
dig 1.0.0.127.dnsbl.spfbl.net +trace +nodnssec
The server matrix.spfbl.net. doesn't respond from here, but using
Spamhaus, the tail of the +trace command would show this:
dig 1.0.0.127.xbl.spamhaus.org +trace +nodnssec
xbl.spamhaus.org. 150 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1510250741 3600 600 432000 150
;; Received 108 bytes from 217.149.192.170#53(a.ns.spamhaus.org) in 161 ms
This tells us that the response can only be cached for 150 seconds.
Unbound has a "cache-max-negative-ttl", but no minimum is listed at
https://unbound.net/documentation/unbound.conf.html
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
