[Pdns-users] pdns recursor max-negative-ttl

Thu Sep 28 11:55:03 UTC 2006

Hello,

can anybody suggest me about following behavior of powerdns recusrsor:

my system:
# uname -rs
FreeBSD 6.1-RELEASE-p3

pdns recursor version: 3.1.1

i trying to adjust the max-negative-ttl in recursor.conf :
# grep max-negative-ttl /usr/local/etc/recursor.conf
max-negative-ttl=1

and try to test this value:

for example i choose domain vfhc.com :
# dig vfhc.com ns +short
ns2.afternic.com.
ns1.afternic.com.

and filter it's auth nameservers by ipf:
# ipfstat -hion
0 @1 block out quick from any to 69.64.176.160/32
				^^^^^^^^^^ - ns1.afternic.com
0 @2 block out quick from any to 72.4.160.112/32
				^^^^^^^^^^ - ns2.afternic.com

after restarting recursor (flushing the cache) off course i get:
# dig vfhc.com @127.0.0.1

; <<>> DiG 9.3.2 <<>> vfhc.com @127.0.0.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42817
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;vfhc.com.                      IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 28 14:36:47 2006
;; MSG SIZE  rcvd: 26

then removing blocking rules from ipfilter and restarting it i get same 
answer:
# /etc/rc.d/ipfilter reload

# date
Thu Sep 28 14:39:43 EEST 2006

# dig vfhc.com @127.0.0.1

; <<>> DiG 9.3.2 <<>> vfhc.com @127.0.0.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;vfhc.com.                      IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 28 14:39:47 2006
;; MSG SIZE  rcvd: 26

# date
Thu Sep 28 14:40:49 EEST 2006

# dig vfhc.com @127.0.0.1 +short a
69.64.176.165

by this list of commands and issues i try to tell about strange behavior 
max-nagative-ttl agrgument, when i set max-neg-ttl to 1, i expect flush 
negative entry in 1 second, but in real i see varying interval from 4 to 
60 (and above) seconds.

and addition question: i cant find about value 0 of max-negative-ttl, is 
zero mean - no cache negative entries?

thanks for your answers.

-- 
Sergey Alexanov
SA1215-RIPE
freak at volia.net