minimum cache times?

Christoph Weber-Fahr cwf-ml at arcor.de
Thu Oct 7 16:03:30 UTC 2010 

Hello,

On 07.10.2010 02:40, Mark Andrews wrote:
> In message <4CAD0856.9010408 at arcor.de>, Christoph Weber-Fahr writes:
>> Well, I was talking about minimum values, and, especially,
>> a min-ncache-ttl, i.e. a minimum for negative caching.
>>
>> My point of view is that of a the operator of a very busy DNS resolver/cache
>> infrastructure.
>>
>> For anecdotal evidence, I present this:
>>
>> http://blog.boxedice.com/2010/09/28/watch-out-for-millions-of-ipv6-dns-aaaa-r
>> equests/
>>
>> Now this ostensibly is about how bad IPv6 is for DNS (no comment),
>> but somewhere down comes the interesting tidbit: apparently there
>> are commercial DNS providers (dyn.com in this case) who recommend
>> and default to 60 seconds as SOA value for negative caching in their
>> customer zones.
> 
> For a dynamic DNS provider where A RRsets come and go 60 seconds
> is about right.  

This isn' about dynamic DNS. To quote:

" Dyn Inc. is a world leader in managed DNS, providing
“rock-solid” DNS solutions for everyone. "

The quoted case is about a standard DNS customer having a
normal, hosted web server who uses dyn.com for DNS hosting.

>> RIPE's recommended default is 1 hour.
>
> Aimed at a different user base.

Actually, no. This case is exactly what RIPE recommends the 1h for.

> It's also pretty good evidence that it is time to
> set up IPv6 for that name.  There are obviously plenty of clients
> out there willing to connect over IPv6 if only the server supported
> it.

But it's not my name, and I have no control over it; nor do I have
control over millions of other names customers of ours are resolving,
using our infrastructure.

Short negative caching times are convenient for Domain owners
but troublesome for cache owners; and my main question is
does or will Bind provide the means to mitigate at least
the more egregious cases.

A min-ncache-ttl might be a way to do that.

> Or one might actually turn on IPv6.  Plenty of unsatisfied demand out
> there.

Correct but irrelevant.

> Well a little more bandwidth.  Percentage wise DNS is small compared
> to all the other traffic out there.

Bandwidth is not the problem. DNS work is. Recursive resolving is much more
costly in terms of resolver capacity than answering from cache.

Regards,

Christoph Weber-Fahr

More information about the bind-users mailing list