DNSKEY NODATA responses not cached

Chris Thompson cet1 at cam.ac.uk
Tue Jan 11 15:52:35 UTC 2011

On Jan 11 2011, Alexander Gall wrote:

>It appears that NODATA responses for qtype=DNSKEY are not cached if
>DNSSEC validation is enabled (tested with 9.7.2-P3).  What is the
>rationale behind this?

I confirm the effect (same release). Or rather, the NODATA does get cached,
as shown by a "!DNSKEY" count in the statistics display, but a new request
goes back to the authoritative servers again anyway, as shown by the outgoing
queries count and by the SOA in the authority section of the NODATA response
having its original value.

Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list