Hi Everyone, I have unbound 1.6.4 installed on gentoo and doing recursive lookups.
In this example, trying to lookup a CAA record for a domain: # time host -t CAA jhmnet.net 192.168.136.181 Using domain server: Name: 192.168.136.181 Address: 192.168.136.181#53 Aliases: Host jhmnet.net not found: 2(SERVFAIL) real 0m3.876s user 0m0.008s sys 0m0.008s Run this again, immediately after: # time host -t CAA jhmnet.net 192.168.136.181 Using domain server: Name: 192.168.136.181 Address: 192.168.136.181#53 Aliases: Host jhmnet.net not found: 2(SERVFAIL) real 0m0.016s ... Implying the cache is working as expected. (cache-max-negative-ttl: 120) However, after about ~9 seconds, the query goes back to taking 3-4 seconds, implying its not. Sure enough a tcpdump on the host running unbound shows it trying to access the jhmnet.net Auth server(s) Why is unbound not respecting the 2 (120second) min max-negative-ttl? In the interests of testing, this server is not serving any other dns traffic at all. This is my configuration: ## Simple recursive caching DNS, UDP port 53 ## unbound.conf -- https://calomel.org # server: access-control: 10.0.0.0/16 allow access-control: 127.0.0.0/8 allow access-control: 192.168.0.0/16 allow cache-max-ttl: 120 cache-min-ttl: 0 hide-identity: yes hide-version: yes interface: 0.0.0.0 minimal-responses: yes prefetch: no rrset-roundrobin: yes use-caps-for-id: no verbosity: 1 use-syslog: yes root-hints: /etc/unbound/root.hints auto-trust-anchor-file: /etc/unbound/root.key val-log-level: 2 #https://www.unbound.net/documentation/howto_optimise.html num-threads: 2 msg-cache-slabs: 2 rrset-cache-slabs: 2 infra-cache-slabs: 2 key-cache-slabs: 2 key-cache-size: 128m neg-cache-size: 256m rrset-cache-size: 512m msg-cache-size: 256m outgoing-range: 462 num-queries-per-thread: 231 so-rcvbuf: 4m so-sndbuf: 4m so-reuseport: yes jostle-timeout: 281 # for cacti support extended-statistics: yes statistics-cumulative: yes statistics-interval: 0 note: cache-max-negative-ttl: 120 was set using # unbound-control set_option cache-max-negative-ttl: 120 ok # Thanks in advance.
