Negative Caching TTL

Kevin Darcy kcd at daimlerchrysler.com
Tue Dec 16 22:28:34 UTC 2003


Jim McAtee wrote:

>Can someone explain to me how to best use negative caching TTL.  It's not
>clear to me if setting this value in the SOA record affects how our BIND
>9.2.3 servers answer queries, or if the value is open to interpretation by
>the receiving DNS client.
>
>$TTL 1d
>@ IN SOA ns1.modyssey.net. admin.modyssey.net. (
>                2003101701  ; serial
>                4h          ; refresh
>                30m         ; retry
>                14d         ; expire
>                15m       ) ; negative ttl
>
>With the above, will older BIND servers see the default TTL for records as 1
>day or 15 minutes?
>
The *positive* caching TTL (what's in the $TTL directive if not 
explicitly overridden on a record-by-record basis) determines how long a 
caching nameserver will remember the value(s) of a particular RRset (set 
of records) that it received from an authoritative server or a forwarder.

The *negative* caching TTL (the value of the last field of the SOA RR) 
determines how long a caching nameserver will remember that a particular 
RRset *does*not*exist*, when told by an authoritative server or a 
forwarder. Note that there are 2 different variations of negative 
caching: NXDOMAIN = name doesn't own any records at all, NODATA (a 
pseudo-response-code) = name owns records, but not of the type requested 
(see RFC 2308 for more details).

To put it more simply, the positive caching TTL governs the persistence 
of records that *do* exist in your zone; the negative caching TTL 
governs the persistence of negative responses, i.e. the persistence of 
record sets that could but *don't* exist in your zone, so to speak.

                                                                         
                                                      - Kevin




More information about the bind-users mailing list