[Pdns-users] pdns recursor max-negative-ttl

Sergey Alexanov freak at volia.net
Thu Sep 28 12:13:37 UTC 2006 

> Hello,
> 
> can anybody suggest me about following behavior of powerdns recusrsor:
> 
> my system:
> # uname -rs
> FreeBSD 6.1-RELEASE-p3
> 
> pdns recursor version: 3.1.1
> 
> 
> i trying to adjust the max-negative-ttl in recursor.conf :
> # grep max-negative-ttl /usr/local/etc/recursor.conf
> max-negative-ttl=1
> 
> and try to test this value:
> 
> for example i choose domain vfhc.com :
> # dig vfhc.com ns +short
> ns2.afternic.com.
> ns1.afternic.com.
> 
> and filter it's auth nameservers by ipf:
> # ipfstat -hion
> 0 @1 block out quick from any to 69.64.176.160/32
>                 ^^^^^^^^^^ - ns1.afternic.com
> 0 @2 block out quick from any to 72.4.160.112/32
>                 ^^^^^^^^^^ - ns2.afternic.com
> 
> after restarting recursor (flushing the cache) off course i get:
> # dig vfhc.com @127.0.0.1
> 
> ; <<>> DiG 9.3.2 <<>> vfhc.com @127.0.0.1
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42817
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;vfhc.com.                      IN      A
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 28 14:36:47 2006
> ;; MSG SIZE  rcvd: 26
> 
> then removing blocking rules from ipfilter and restarting it i get same 
> answer:
> # /etc/rc.d/ipfilter reload
> 
> # date
> Thu Sep 28 14:39:43 EEST 2006
> 
> # dig vfhc.com @127.0.0.1
> 
> ; <<>> DiG 9.3.2 <<>> vfhc.com @127.0.0.1
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39597
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;vfhc.com.                      IN      A
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 28 14:39:47 2006
> ;; MSG SIZE  rcvd: 26
> 
> # date
> Thu Sep 28 14:40:49 EEST 2006
> 
> # dig vfhc.com @127.0.0.1 +short a
> 69.64.176.165
> 
> by this list of commands and issues i try to tell about strange behavior 
> max-nagative-ttl agrgument, when i set max-neg-ttl to 1, i expect flush 
> negative entry in 1 second, but in real i see varying interval from 4 to 
> 60 (and above) seconds.
> 
> and addition question: i cant find about value 0 of max-negative-ttl, is 
> zero mean - no cache negative entries?

just now test max-negative-ttl=0
i got positive answer from recursor in 45 seconds after reloading firewall.

????
> 
> thanks for your answers.
> 
> 
> 


-- 
Sergey Alexanov
SA1215-RIPE
freak at volia.net

More information about the Pdns-users mailing list