negative cache
Click on the red underlined text to get to the source
...
"Negative caching" - the storage of knowledge that something does not
exist. We can store the knowledge that a record has a particular
...
... a record does not exist. It is the storage of knowledge that
something does not exist, cannot or does not give an answer that we
call negative caching.
...
...
This section deals with errors encountered when implementing negative
caching of NXDOMAIN responses.
...
...
Negative caching in resolvers is no-longer optional, if a resolver
caches anything it must also cache ...
... History of Negative Caching ...
...
This section presents a potted history of negative caching in the DNS
and forms no part of the technical specification ...
... that our experience with his JEEVES DNS resolver had pointed out the
need for some kind of negative caching scheme. Paul suggested that
we simply cache authoritative errors, using the SOA MINIMUM value for
...
... included a search path mechanism that was used pretty heavily at
several sites (including my own), so CHIVES also included a negative
caching mechanism based on SOA MINIMUM values. The basic strategy
was to cache authoritative error codes ...
... (pre-VJ) TCP retransmission algorithm, so negative caching resulted
in drasticly better DNS response time for our users, mailer daemons,
...
...
As far as I know, CHIVES was the first resolver to implement negative
caching. CHIVES was developed during the twilight years of TOPS-20,
so it never ran on very many machines, but the few machines that it
did run on were the ones that were too critical ...
...
When we started getting field experience with CHIVES's negative
caching code, it became clear that the SOA MINIMUM value was often
large enough to cause the same kinds of problems for negative caching
...
... When we started getting field experience with CHIVES's negative
caching code, it became clear that the SOA MINIMUM value was often
large enough to cause the same kinds of problems for negative caching
as the huge TTLs in RRs ...
... secondary server would authoritatively deny all knowledge of its
zones if it couldn't contact the primaries on reboot). So we started
running the negative cache TTLs through the MAXTTL check too, and
continued to experiment.
...
... queries. Since
(for reasons that now escape me) we only had the single MAXTTL
parameter rather than separate ones for positive and negative
caching, it's not clear how much effect this setting of MAXTTL had on
the negative caching code.
...
... parameter rather than separate ones for positive and negative
caching, it's not clear how much effect this setting of MAXTTL had on
the negative caching code.
...
...
CHIVES also included a second, somewhat controversial mechanism which
took the place of negative caching in some cases. The CHIVES
resolver daemon could be configured to load DNS master files, giving
...
... authoritative zone data, and one which could generate normal
iterative queries. This cut down on the need for negative caching in
cases where usage was predictably heavy (e.g., the resolver on
XX.LCS.MIT ...
... search path for everything because there were too many
different sub-zones at CMU for zone shadowing to be practical for
them, so they relied pretty heavily on negative caching even for
local traffic.
...
...
Overall, I still think the basic design we used for negative caching
was pretty reasonable: the zone administrator specified how long to
...
...
While not the first attempt to get negative caching into BIND, in
July 1993, BIND 4.9.2 ALPHA, Anant Kumar of ISI supplied code that
...
... ALPHA, Anant Kumar of ISI supplied code that
implemented, validation and negative caching (NCACHE). This code had
a 10 minute TTL ...
... NCACHE). This code had
a 10 minute TTL for negative caching and only cached the indication
that there was a negative response, NXDOMAIN or NOERROR_NODATA. This
is the origin of the NODATA pseudo ...
...
With negative caching it might be possible to propagate a denial of
service attack by spreading a NXDOMAIN message with a very high TTL.
...
... denial of
service attack by spreading a NXDOMAIN message with a very high TTL.
Without negative caching that would be much harder. A similar effect
could be achieved previously by spreading a bad A record, so that the
...