max-ncache-ttl

[Barry Margolin]

In article <9seu63$gfb at pub3.rc.vix.com>,
England, Robert <england at northamerica.exchange.agere.com> wrote:
>We seem to be experiencing an steady stream of DNS domains that we are not
>able to locate. A fair amount of these DNS domains are valid domains, they
>resolve on one of my DNS server but not the other? 
>For one reason or another at any given time one of our two DNS servers that
>handle all external DNS look-ups caches a negative response. 

What's probably happening is that there's disagreement among the
authoritative servers for the domain.  The name exists on some servers but
not on the others.  If you ask a server in the second group you'll get an
NXDOMAIN error and cache it.

>I have set "max-ncache-ttl"  to 900 this seems to have helped, but not
>eliminated the intermittent lookup failure for a valid domain name. 
>Is it wise to lower the limit to say 600 or 300? I know doing so will
>increase the load on the servers but is there any other reason why I should
>not do that?

Not only will it increase the load on your servers, but all the other
servers out there due to your increased number of queries.

>One other question, As I stated earlier we have 2 DNS server that handle all
>external DNS lookups. Is there that much latency on the internet that a
>request times out with out being able to find the name on the first try? Or
>are there a lot of DNS domains and or DNS servers that are not configured
>correctly? I sometimes find myself troubleshooting other companies DNS
>issues because it affects our company's ability to get important email
>though to a partner. Any thought would be helpful.

There are lots of domains (especially reverse domains) that aren't
configured correctly.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.