Hi All,
I wanted some feedback on max-cache-ttl usage and best-practices, please. The BIND 9 ARM says: "max-cache-ttl Sets the maximum time for which the server will cache ordinary (positive) answers. The default is one week (7 days). A value of zero may cause all queries to return SERVFAIL, because of lost caches of intermediate RRsets (such as NS and glue AAAA/A records) in the resolution process." I was considering changing this setting to something less than the default of a week with the following potential positive outcomes in mind: 1 - mitigating cache abuse (e.g., ghost domains), 2 - reducing the caching of "bad" records (e.g., poor hostname migration planning on the part of external party turns into an emergency on our part to flush the "bad" record(s) from the cache), 3- or something else for which others may be using this setting for (?) Perhaps regardless of the above, anyone have some experiences to share? Thank you. ADDITIONAL INFO: http://dyn.com/dyn-tech-everything-you-ever-wanted-to-know-about-ttls/ "A good rule of thumb is never have any TTL higher than 1 day as the benefits of DNS caching really diminish after that point and it makes propagation waits extremely long." http://en.wikipedia.org/wiki/Time_to_live "An older common TTL value for DNS was 86400 seconds, which is 24 hours." and "Newer DNS methods that are part of a DR (Disaster Recovery) system may have some records deliberately set extremely low on TTL. For example a 300 second TTL..." It would not be fair to exclude the negative aspects of some "too low" setting. For example, contributing to cache misses and, thus, a decrease in performance (a la http://code.google.com/speed/public-dns/docs/performance.html and, to some extent, the data found in the research for http://lib.tkk.fi/Diss/2006/isbn9512282151/article2.pdf). _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
