[Pdns-users] max-negative-ttl does not work
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Wed Jan 9 10:51:01 UTC 2019
Am 09.01.19 um 10:53 schrieb Nico CARTRON:
> On 09-Jan-2019 10:46 CET, <s.priebe at profihost.ag> wrote:
>
>> Hi,
>>
>> Am 09.01.19 um 09:53 schrieb Nico CARTRON:
>>> On 09-Jan-2019 09:39 CET, <s.priebe at profihost.ag> wrote:
>>>
>>>> Hi Nico,
>>>>
>>>> Am 09.01.19 um 09:33 schrieb Nico CARTRON:
>>>>> Hi Stefan,
>>>>>
>>>>> On 09-Jan-2019 09:19 CET, <s.priebe at profihost.ag> wrote:
>>>>>
>>>>>> Dear List,
>>>>>>
>>>>>> i'm trying to get max-negative-ttl to work but i can't.
>>>>>>
>>>>>> # dpkg -s pdns-recursor | grep Version
>>>>>> Version: 4.1.8-1pdns.stretch
>>>>>>
>>>>>> # grep max-negative-ttl /etc/powerdns/recursor.conf
>>>>>> max-negative-ttl=30
>>>>>>
>>>>>> # dig -t A unknowndomainxyz.multi.hiddendomain.de
>>>>>> ...
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26437
>>>>>> ...
>>>>>>
>>>>>> dumped cache:
>>>>>>
>>>>>> # grep "unknowndomainxyz.multi.hiddendomain.de" /cachefile
>>>>>> unknowndomainxyz.multi.hiddendomain.de. 3588 A ; tag 0
>>>>>>
>>>>>> Why is the TTL 3588 when max-negative-ttl is set to 30?
>>>>>
>>>>> Just did a quick check on one of my Recursor, version 4.1.8 running on
>>>>> FreeBSD, and max-negative-ttl works as expected (i.e. if I set it to 30
>>>>> seconds, I correctly get this back, should it be with a dig or when
>>>>> dumping the cache).
>>>>>
>>>>> Did you forget to restart the recursor after having changed the value in
>>>>> the recursor.conf? Cause the 3600 value is the default one.
>>>>
>>>> No it was def. restarted after changing the config.
>>>>
>>>> See below:
>>>> # rec_control get-parameter max-negative-ttl
>>>> max-negative-ttl="30"
>>>>
>>>> Greets,
>>>> Stefan
>>>>
>>>
>>> So I did the test on a Debian Stretch, with the same version as you:
>>>
>>> root at vm-pdns1-lab:/etc/powerdns# dpkg -s pdns-recursor |grep Version
>>> Version: 4.1.8-1pdns.stretch
>>>
>>> and I also got it working.
>>>
>>> Do you mind sharing your entire recursor.conf configuration file?
>>
>> Do i can provide it - just an idea. I'm talking about a Subdomain wich
>> is missing / NXDOAIN - the domain itself exists with a TTL of 3600.
>
> Please share it :)
Config is this one:
allow-from=127.0.0.0/8
dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16,
192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8,
192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24,
240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
local-address=127.0.0.1
max-negative-ttl=30
quiet=yes
setgid=pdns
setuid=pdns
threads=2
version-string=SomeDNS 1.0 $Id $
> Also, please share the domain name you are testing with, not
> "hiddendomain.de" - see
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
>
>> Did you test a subdomain, where the real domain exists?
>
> Yes, the domain I tested with exists indeed.
OK i retested with a different subdomain and indeed it works fine - but
i've no idea what's different.
Real test is / was:
mydomain.multi.uribl.rblserver.de-nserver.de
This is a subdomain DNS delegation to a server running rbldnsd. It seems
it has something todo with rbldnsd - but i understood the option in
powerdns like it ALWAYS overwrites the ttl no matter what kind of answer
it gets.
Greets,
Stefan
More information about the Pdns-users
mailing list