Bug 818 - https://bugzilla.redhat.com/show_bug.cgi?id=1360222
https://bugzilla.redhat.com/show_bug.cgi?id=1360222
Status: REOPENED
Product: unbound
Classification: Unclassified
Component: server
1.5.8
x86_64 Linux
: P5 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-13 17:47 CEST by Reindl Harald
Modified: 2016-08-15 11:18 CEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Reindl Harald 2016-08-13 17:47:18 CEST
see also https://bugzilla.redhat.com/show_bug.cgi?id=1360222

unbound running as recursion cache on a inbound mailserver using DNSBL/URIBL with some forwarding RBL zones to a local "rbldnsd"

server:
 cache-min-ttl: 3600
 cache-max-ttl: 43200
 cache-max-negative-ttl: 60

as far as i understand "cache-max-negative-ttl" only positive responses for RBL/DNSBL on a inbound MX should be cached for an hour - today i added one IP to our own rbldnsd which is configured like below as forwarder for unbound

15 minutes later i passed the spam message again to spamd - no hit
reastarted unbound hard - RBL hits, our own as well as external ones and 2 URIBL

my understanding of "cache-max-negative-ttl" is that in case of NXDOMAIN responses it should hit after 60 seconds and only postitive hits should be cached for 60 minutes

forward-zone:
 name: "dnsbl.thelounge.net."
 forward-addr: 127.0.0.1@1053
Comment 1 Ralph Dolmans 2016-08-15 10:58:47 CEST
Hi Harald,

The cache-min-ttl setting applies to all cache responses (both positive and negative). Your value of 3600 therefore overwrites the cache-max-negative-ttl value.

Regards,
-- Ralph
Comment 2 Reindl Harald 2016-08-15 11:18:40 CEST
that makes not much sense on a inbound MX especially  when one defines the behavior for NXDOMAIN responses

you set "cache-min-ttl" to a higher value to ignore the very low TTL of RBL's and in case of a large spam flood not exceed their free limits while at the same time you want a new abuser which is not listed at the first contact but makes it to 5 or more RBL's within a view minutes rejected before the 1 hour

so i guess it needs two different settings

cache-min-positive-ttl: 3600
cache-max-negative-ttl: 60