Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: DNS look up fail - negative caching time-out  (Read 2080 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10414
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
DNS look up fail - negative caching time-out
« on: October 21, 2019, 03:32:09 PM »

Say I do a dns lookup of a name of mine and the lookup fails as the name is undefined. Then I define it, as a CNAME. Now I go back and do another lookup. I assume my machine’s o/s will cache the negative result, the ‘not found’?

But for how long will the negative caching be in effect, until it then looks it up again and finds it works?

Is there somewhere where you yourself can specify a negative caching result lifetime?
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6718
Re: DNS look up fail - negative caching time-out
« Reply #1 on: October 21, 2019, 03:46:24 PM »

depends on software.

windows allows it (but you dont use windows)
pfsense/opnsense allow it as they use unbound which allows it.  But you use a firebrick and I have no idea on firebrick's.

Also do you use your router as a dns resolver or just forwarder?
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: DNS look up fail - negative caching time-out
« Reply #2 on: October 21, 2019, 07:47:05 PM »

From the dnsmasq man page:

--neg-ttl=<time>
              Negative replies from upstream servers normally contain time-to-live information in SOA records which dnsmasq uses for caching. If the replies from
              upstream servers omit this information, dnsmasq does not cache the reply. This option gives a default value for time-to-live (in seconds) which
              dnsmasq uses to cache negative replies even in the absence of an SOA record.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10414
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: DNS look up fail - negative caching time-out
« Reply #3 on: October 22, 2019, 03:16:09 AM »

The Firebrick is used as a resolver, caching. So it is perhaps negative responses cached by the firebrick ? Or could it be negative cached by iOS first, as with ms windows?
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6718
Re: DNS look up fail - negative caching time-out
« Reply #4 on: October 22, 2019, 11:58:29 AM »

Could be either or even both, depends on your configuration.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10414
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: DNS look up fail - negative caching time-out
« Reply #5 on: October 22, 2019, 12:02:13 PM »

Indeed, thanks for reminding me - I had forgotten about the effect of the behaviour of o/s itself and caching relay / proxy dns servers in routers.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6718
Re: DNS look up fail - negative caching time-out
« Reply #6 on: October 22, 2019, 12:11:06 PM »

Browsers even can mess with it as well, they can cache dns themselves, so you have many redundant systems caching dns data in some situations.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE
 

anything