Peter:
> On 03/06/16 22:20, Wietse Venema wrote:
> > Postscreen has postscreen_dnsbl_ttl (fixed time limit) or it uses
> > the DNS TTL, limited by postscreen_dnsbl_{min,max}_ttl.
> >
> > Please see Postfix documentatiom, and report a bug if it is incomplete.
>
> dnsblog(8) states, "Otherwise it replies with the query arguments plus
> an empty address list and the reply TTL (-1 if unavailable)." It is
> unclear that this references the negative cache TTL as returned by the
> SOA record included in an NXDOMAIN response.
>
> I had to look at the dnsblog.c source code for this to become clear.
The -1 is not related to caching for negative responses.
The -1 means there was no reply, or the reply contained no TTL
information (which happens with an NXDOMAIN response without authority
records).
Wietse
