Thanks Shane Before I wrote that I went and dug around looking for examples....and looking at your link I know what I did. I was reading the max-ncache-ttl setting. DOH and double DOH. I am chastised and thanks! tim On Fri, Mar 29, 2024 at 4:09 PM Shane Kerr <shane@time-travellers.org> wrote:
Tim,
On 24/03/2024 20.00, Tim Wicinski wrote:
Some more and apologies as I was thinking the updates were in the git repo which was what confused me.
### TTL Recommendations
Software typically defaults to a maximum stored TTL of 1 or 2 days. A lower TTL will mean removing rarely-used records that have long TTL, and should not have much operational impact from a CPU or network point of view
Where did this 1 or 2 days come from? From most s/w I've seen the default max-cache-ttl is a few hours.
For defaults...
It came from a vague memory of mine from a DNS OARC presentation in the mists of history. I recall some presentation where someone measured this and found that most cache entries disappeared after 1 day, and everything else except for a rounding error after 2 days. Neither DuckDuckGo nor Qwant seem to be able to help me find said presentation, so it might be a LLM-style hallucination in my brain.
I did check defaults from various open source resolvers:
BIND uses 1 week:
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-ma...
Unbound uses 1 day:
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html
Knot Resolver uses 1 day:
https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html#ca...
PowerDNS Recursor uses 1 day:
https://doc.powerdns.com/recursor/settings.html#max-cache-ttl
Cheers,
-- Shane