max-cache-ttl usage and best-practices

Fr34k freaknetboy at yahoo.com
Tue Mar 13 21:35:14 UTC 2012



Hi All,


I wanted some feedback on max-cache-ttl usage and best-practices, please.


The BIND 9 ARM says:
"max-cache-ttl Sets the maximum time for which the server will cache ordinary (positive) answers. The
default is one week (7 days). A value of zero may cause all queries to return SERVFAIL, because
of lost caches of intermediate RRsets (such as NS and glue AAAA/A records) in the resolution
process."

I was considering changing this setting to something less than the default of a week with the following potential positive outcomes in mind:

     1 - mitigating cache abuse (e.g., ghost domains),
     2 - reducing the caching of "bad" records (e.g., poor hostname migration planning on the part of external party turns into an emergency on our part to flush the "bad" record(s) from the cache),
     3- or something else for which others may be using this setting for (?)

Perhaps regardless of the above, anyone have some experiences to share?

Thank you.



ADDITIONAL INFO: 


http://dyn.com/dyn-tech-everything-you-ever-wanted-to-know-about-ttls/
     "A good rule of thumb is never have any TTL higher than 1 day as the 
benefits of DNS caching really diminish after that point and it makes 
propagation waits extremely long."


http://en.wikipedia.org/wiki/Time_to_live
     "An older common TTL value for DNS was 86400 seconds, which is 24 hours."  and  "Newer DNS methods that are part of a DR (Disaster Recovery) system may 
have some records deliberately set extremely low on TTL. For example a 
300 second TTL..."


It would not be fair to exclude the negative aspects of some "too low" setting.  For example, contributing to cache misses and, thus, a decrease in performance (a la http://code.google.com/speed/public-dns/docs/performance.html and, to some extent, the data found in the research for http://lib.tkk.fi/Diss/2006/isbn9512282151/article2.pdf).



More information about the bind-users mailing list