Kitz Forum
Internet => General Internet => Topic started by: Weaver on October 21, 2019, 03:32:09 PM
-
Say I do a dns lookup of a name of mine and the lookup fails as the name is undefined. Then I define it, as a CNAME. Now I go back and do another lookup. I assume my machine’s o/s will cache the negative result, the ‘not found’?
But for how long will the negative caching be in effect, until it then looks it up again and finds it works?
Is there somewhere where you yourself can specify a negative caching result lifetime?
-
depends on software.
windows allows it (but you dont use windows)
pfsense/opnsense allow it as they use unbound which allows it. But you use a firebrick and I have no idea on firebrick's.
Also do you use your router as a dns resolver or just forwarder?
-
From the dnsmasq man page:
--neg-ttl=<time>
Negative replies from upstream servers normally contain time-to-live information in SOA records which dnsmasq uses for caching. If the replies from
upstream servers omit this information, dnsmasq does not cache the reply. This option gives a default value for time-to-live (in seconds) which
dnsmasq uses to cache negative replies even in the absence of an SOA record.
-
The Firebrick is used as a resolver, caching. So it is perhaps negative responses cached by the firebrick ? Or could it be negative cached by iOS first, as with ms windows?
-
Could be either or even both, depends on your configuration.
-
Indeed, thanks for reminding me - I had forgotten about the effect of the behaviour of o/s itself and caching relay / proxy dns servers in routers.
-
Browsers even can mess with it as well, they can cache dns themselves, so you have many redundant systems caching dns data in some situations.