ttl for negative responses is not following rfc2308

Chris Thompson cet1 at
Fri Aug 19 14:42:36 UTC 2011

On Aug 19 2011, 刘明星:) wrote:

>I test BIND 9.7.2-P2 and thus find the ttl for negative responses is
>not following rfc2308, and instead check the $TTL. If the TTL is smaller
>than 3h, negative ttl is set to the TTL, otherwise to check mimum TTL.
>If the value is smaller than 3h, negative ttl is set to the ttl,
>otherwise set to 3h(10800)

Why do you say this is "not following RFC 2308"? To quote from that
document (end of section 5)

| As with caching positive responses it is sensible for a resolver to
| limit for how long it will cache a negative response as the protocol
| supports caching for up to 68 years.  Such a limit should not be
| greater than that applied to positive answers and preferably be
| tunable.  Values of one to three hours have been found to work well
| and would make sensible a default.  Values exceeding one day have
| been found to be problematic.

BIND's default cutoff value of 3 hours can be altered by using
max-ncache-ttl option if you need to.

Chris Thompson
Email: cet1 at

More information about the bind-users mailing list