[dns-operations] RFC2308, negative answer caching, and the largest gTLDs
James Stevens
James.Stevens at jrcs.co.uk
Mon Mar 12 17:05:28 UTC 2018
> If the current negative answers (see below) are being cached longer than 900 seconds then the resolver is broken.
+1
RFC2308 sec 3
Name servers authoritative for a zone MUST include the SOA record of
the zone in the authority section of the response when reporting an
NXDOMAIN or indicating that no data of the requested type exists.
This is required so that the response may be cached. The TTL of this
record is set from the minimum of the MINIMUM field of the SOA record
and the TTL of the SOA itself, and indicates how long a resolver may
cache the negative answer. The TTL SIG record associated with the
SOA record should also be trimmed in line with the SOA's TTL.
"The TTL of this record is set from the minimum of the MINIMUM field of
the SOA record and the TTL of the SOA itself"
min(900,86400) = 900
"and indicates how long a resolver may cache the negative answer"
TTL cache neg = 900
More information about the dns-operations
mailing list