[Dnsmasq-discuss] min-cache-ttl overriding neg-ttl

Simon Kelley simon at thekelleys.org.uk
Wed Sep 21 11:45:21 UTC 2022 


On 20/09/2022 23:54, Glenn Fowler wrote:
> Hi,
> 
> I am caching positive responses for 40 minutes (min-cache-ttl), but want 
> negative responses cached for only 1 minute. If the forward zone server 
> is down momentarily, all of the queries during that time could result in 
> an erroneous negative response that gets cached for 40 minutes and 
> unreachable during that time instead of the desired 1 minute.

This is not the case: you need to distinguish between  a reply which 
says "this domain/RR does not exist" and no response or an error from 
the server. The later is never cached. If the forward zone server is 
down it can't answer and so can't put anything in the cache.

> 
> With neg-ttl working as expected, a retry after the 1 minute mark would 
> result in a positive response.

See above, in this case there will be error responses until the upstream 
server recovers.

> 
> In general, negative responses shouldn't have a high TTL.

neg-ttl is only a fall-back should a negative response not contain TTL 
information, so making it override min-cache-ttl won't affect the normal 
case where negative repliues have an SOA record which specifies the TTL.

There might be an argument for not making min-cache-ttl apply to 
negative caching, but I'm not sure that makes sense. min-cache-ttl is a 
dangerous option which comes with caveats anyway, if it breaks stuff, 
just switch it off.

Simon.

> 
> On Tue, Sep 20, 2022 at 4:59 PM Geert Stappers via Dnsmasq-discuss 
> <dnsmasq-discuss at lists.thekelleys.org.uk 
> <mailto:dnsmasq-discuss at lists.thekelleys.org.uk>> wrote:
> 
>     On Tue, Sep 20, 2022 at 10:41:29AM -0400, Glenn Fowler wrote:
>      > Hello,
>      >
>      > I have observed that if min-cache-ttl time is greater than
>     neg-ttl time,
>      > then the neg-ttl time is ignored and negative responses are
>     cached at the
>      > min-cache-ttl time.
>      >
>      > The expected behavior should be that neg-ttl is independent of
>      > min-cache-ttl.
> 
>     What are the negative effects of it?   (a.k.a. With which priority needs
>     it further attention?)
> 
> 
>      > In searching I did find that unbound had the exact same issue:
>      > https://github.com/NLnetLabs/unbound/issues/533
>     <https://github.com/NLnetLabs/unbound/issues/533>
>      >
>      > I am on v2.86 on OpenWrt
>      >
>      > Thank you
> 
>     Thanks for what?
> 
> 
>     Groeten
>     Geert Stappers
>     -- 
>     Silence is hard to parse
> 
>     _______________________________________________
>     Dnsmasq-discuss mailing list
>     Dnsmasq-discuss at lists.thekelleys.org.uk
>     <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
>     https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>     <https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list