On Aug 26 2010, Kevin Oberman wrote:
[...]
The SOA record should have a reasonable TTL, and the "minimum" field in
the SOA should also be set to a reasonable value, no larger than the SOA
TTL. If you don't change your zone data often, then you should let
people cache your negative answers for a useful amount of time (hours,
days).
I really question the desirability of a negative cache TTL of days. If
something is not in DNS when it is first queried for, it will be
negatively cached and will stay that way for a very long time. It is not
unheard of for some information on a new web page to be leaked (at least
internally) prior to the insertion of the record into DNS. An
excessively long negative cache time will keep it unavailable for fat
too long.
Yes, one needs to take into account whether the zone will remain
static, and whether one will have advance notice of a change. But
there are zones whose contents truly do not change for years on
end, and I have no hesitation in using an SOA.minimum value of
24 hours for them. Even though ...
I remember discussions in the DNSEXT WG back when negative caching was
fist implemented as to whether the negative cache time should be limited
and, if so, to how many MINUTES.
Hence BIND's default max-ncache-ttl of 3 hours.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
