Issue with Minumum Value for named9
Jeremy C. Reed
jreed at isc.org
Fri Sep 21 13:13:18 UTC 2012
On Fri, 21 Sep 2012, Robert JR wrote:
> i have the minimum value in my dns server as 60 mins, and my TTL is 60
> Seconds , but still when users hit a non exist record , the other dns hold
> the negative cache for 60 secs instead of 60 mins .. ? why ?
> $TTL 60
> @ IN SOA NS1.TEST.BIZ. Abuse.TEST.BIZ. (
> 201208281 ; serial, todays date + todays serial #
> 8H ; refresh, seconds
> 2H ; retry, seconds
> 4W ; expire, seconds
> 1H ) ; minimum, seconds
> Although my configuration above, all DNS servers that query my server, cache
> the non exist record for 60 seconds only and not 60 mins
> As mentioned in my configuration ? any ideas why ?
See RFC 2308 in regards to Caching Negative Answers about how the auth
server returns an SOA for a NXDOMAIN:
``When the authoritative server creates this record its TTL
is taken from the minimum of the SOA.MINIMUM field and SOA's TTL.''
It used the the smaller TTL.
I often see the reverse -- for example, the SOA's TTL is 7200 and the
MINIMUM is 3600, so the returned record (in the auth section) has the
TTL as 3600.
More information about the bind-users