Bind-8.2.3-REL: negative cache TTL of 3 hours ? [long]

Daniel Roesen droesen at entire-systems.com
Wed Apr 18 00:16:08 UTC 2001 

On Fri, Apr 13, 2001 at 12:03:04PM +0000, Pierre Wendling wrote:
> What is surprising is the 10800 TTL (3 hours) !!! I looked in the
> Cricket book and it says (page 35): "TTL for negatively cached data
> isn't tunable by the domain admin; it's harcoded to 10 minutes"

This is outdated. RFC 2308 describes using the MINIMUM TTL value of
the SOA as negative caching TTL.

>     169.16.172.in-addr.arpa.  2h55m36s IN SOA  romeo.an.sopra. root.romeo.an.sopra. (
>                                         0               ; serial
>                                         8H              ; refresh
>                                         2H              ; retry
>                                         1W              ; expiry
>                                         12H )           ; minimum

Your zone specifies 12 hours negative caching TTL.

> I don't have any clue about where this 3 hours TTL is coming from ...

This is because of BIND limiting the maximum negative caching TTL
to 3 hours, even if you have defined 12H in the SOA.

from http://www.isc.org/products/BIND/docs/config/options.html:

   max-ncache-ttl

   To reduce network traffic and increase performance the server
   stores negative answers. max-ncache-ttl is used to set a maximum
   retention time for these answers in the server is seconds. The
   default max-ncache-ttl is 10800 seconds (3 hours). max-ncache-ttl
   cannot exceed the maximum retention time for ordinary (positive)
   answers (7 days) and will be silently truncated to 7 days if set
   to a value which is greater that 7 days. 

and discussion on why limiting, from RFC 2308:

   As with caching positive responses it is sensible for a resolver to
   limit for how long it will cache a negative response as the protocol
   supports caching for up to 68 years.  Such a limit should not be
   greater than that applied to positive answers and preferably be
   tunable.  Values of one to three hours have been found to work well
   and would make sensible a default.  Values exceeding one day have
   been found to be problematic.


Best regards,
Daniel

-- 
----------------------------------------------------------------------
entire systems GmbH         | droesen at entire-systems.com
Internet Services           | Phone: +49 2624 9550-55 
Ferbachstrasse 12           | Fax:   +49 2624 9550-20
D-56203 Hoehr-Grenzhausen   | http://www.entire-systems.com/
----------------------------------------------------------------------

More information about the bind-users mailing list