;; ANSWER SECTION:
dnsbl.spfbl.net. 1440 IN SOA dnsbl.spfbl.net.
dnsbl.spfbl.net. 2015102500 1800 900 604800 86400
Em 25/10/2015 05:59, Dave Warren via Unbound-users escreveu:
On 2015-10-24 22:55, Alexandre J. Correa (Onda) via Unbound-users wrote:
Hello,
My first e-mail comes with some questions.. :)
1- Unbound can cache NXDOMAIN responses ?
2- Unbound can change/force the TTL of NXDOMAIN as i define ??
the purpose of force/change TTL of NXDOMAIN is for a project to fight
SPAM ak. SPFBL[1].
Because of the project´s success here (Brazil), i need to increase
the cache of NXDOMAIN on mirror servers to lower cpu usage...
afaik, TTL of NXDOMAIN came from SOA records, but in my tests,
unbound cache responses for only 4 seconds ..
if i flood with 20 queries like:
# dig @localhost 1.0.0.127.dnsbl.spfbl.net
the first query goes to 'central' server -- OK, expected (cache is
empty)
the others 19 queries came from cache -- OK, expected
waiting 10 seconds, and flood again..
the first query goes to 'central' server -- NOT OK, expected come
from local cache ...
How i can force the TTL of NXDOMAIN using unbound ??
What is the negative result TTL if you use this command:
dig 1.0.0.127.dnsbl.spfbl.net +trace +nodnssec
The server matrix.spfbl.net. doesn't respond from here, but using
Spamhaus, the tail of the +trace command would show this:
dig 1.0.0.127.xbl.spamhaus.org +trace +nodnssec
xbl.spamhaus.org. 150 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1510250741 3600 600 432000 150
;; Received 108 bytes from 217.149.192.170#53(a.ns.spamhaus.org) in
161 ms
This tells us that the response can only be cached for 150 seconds.
Unbound has a "cache-max-negative-ttl", but no minimum is listed at
https://unbound.net/documentation/unbound.conf.html
--
Sds.
Alexandre Jeronimo Correa
Sócio-Administrador
Office: +55 34 3351 3077
Onda Internet
www.onda.net.br
