BIND caching of nxdomain responses

Peter van Dijk peter.van.dijk at
Mon Nov 8 12:30:40 UTC 2021

On Fri, 2021-10-22 at 13:22 -0400, Dan Hanks wrote:
> On Fri, Oct 22, 2021 at 9:57 AM Dan Hanks <danhanks at> wrote:
> > Greetings,
> > 
> > As I understand RFC 2308, when receiving an NXDOMAIN response, and when deciding how long to cache that NXDOMAIN response, a resolver should use whichever value is lower of the SOA TTL, and the SOA.minimum value as the length of time to cache the NXDOMAIN.
> I interpret this to mean that an authoritative resolver should set the
> TTL on the SOA record included in the AUTHORITY section of an NXDOMAIN
> response to be the minimum of the zone SOA TTL, and the SOA.minimum
> field. It does not look like Route53 is doing this.

Indeed, Route53 is not doing this, but they should. I spoke to them
about this some time ago, and they do intend to fix it, as far as I

See also

Kind regards,
Peter van Dijk

More information about the bind-users mailing list