## page was renamed from DNS/TTL/negative-caching
## page was copied from DNS/negative-caching/TTL
== DNS/TTL/negative-caching ==
<<TableOfContents()>>

RFC2308 では3時間程度を推奨していた。(これは長すぎる。BIND defaultだが）
{{{
JP zoneのように900(15分)くらいがよさそう。
}}}
-- ToshinoriMaeno <<DateTime(2017-10-30T10:05:00+0900)>>


Optimizing Negative Caching Time in DNS

 . https://securityblog.switch.ch/2016/05/02/optimizing-negative-caching-time-in-dns/

{{{
A lower negative caching time is more user-friendly
}}}
ch ccTLDは'''15分'''に設定しているとのこと。-- ToshinoriMaeno <<DateTime(2017-10-29T10:18:59+0900)>>

== resolver default ==
{{{
For the negative caching time, the maximum default values from well known resolvers are as follows:

    BIND: 10800 (3 hours)
    Unbound: 3600 (1 hour)
    PowerDNS: 3600 (1 hour)
    Windows DNS: 900 (15 minutes)
}}}

=== BIND ===
max-ncache-ttl seconds; default 10800 (3hours)

古くて、長すぎる。1時間以下にすべきである。できれば、10分くらいに。

http://www.zytrax.com/books/dns/ch7/hkpng.html#max-ncache-ttl

=== unbound ===
cache-max-negative-ttl: <seconds>
     Time to live maximum for negative responses, these have a SOA in
     the authority section that is limited in time.  Default is 3600.

Knot resolverには見当たらない。(怖い）

[[DNS/サーバ調査/SOA]]
{{{
com 900/86400
net 900/86400
org 900/86400
}}}
== zone SOA ==
{{{
JP 900/900
dns.ne.jp 3600/3600
dnsv.jp  86400/300
xserver  86400/3600
lolipop  86400/86400
iij.ad.jp 2880/900
}}}