Bugzilla – Bug 818
Last modified: 2016-08-15 11:18:40 CEST
see also https://bugzilla.redhat.com/show_bug.cgi?id=1360222
unbound running as recursion cache on a inbound mailserver using DNSBL/URIBL with some forwarding RBL zones to a local "rbldnsd"
as far as i understand "cache-max-negative-ttl" only positive responses for RBL/DNSBL on a inbound MX should be cached for an hour - today i added one IP to our own rbldnsd which is configured like below as forwarder for unbound
15 minutes later i passed the spam message again to spamd - no hit
reastarted unbound hard - RBL hits, our own as well as external ones and 2 URIBL
my understanding of "cache-max-negative-ttl" is that in case of NXDOMAIN responses it should hit after 60 seconds and only postitive hits should be cached for 60 minutes
The cache-min-ttl setting applies to all cache responses (both positive and negative). Your value of 3600 therefore overwrites the cache-max-negative-ttl value.
that makes not much sense on a inbound MX especially when one defines the behavior for NXDOMAIN responses
you set "cache-min-ttl" to a higher value to ignore the very low TTL of RBL's and in case of a large spam flood not exceed their free limits while at the same time you want a new abuser which is not listed at the first contact but makes it to 5 or more RBL's within a view minutes rejected before the 1 hour
so i guess it needs two different settings