Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nxdomain responses include huge timeouts #342

Open
Wildcarde opened this issue Jun 13, 2023 · 2 comments
Open

nxdomain responses include huge timeouts #342

Wildcarde opened this issue Jun 13, 2023 · 2 comments

Comments

@Wildcarde
Copy link

There doesn't appear to be a way to set minTTL for nxdomain replies at this time. This would be very helpful to prevent upstream dns servers from breaking how acme-dns works. I'm running into this issue currently with an infoblox based dhcp/dns server upstream. It holds onto the nxdomain reply for an hour+ and never checks back with acme-dns till it's too late and the letsencrypt request has expired.
@apeschar
Copy link

I believe that the last field in the SOA record should be set to a much lower value (eg, 1 or 60) to prevent NXDOMAIN responses from being cached for a long term. It's currently 86400, which may lead to NXDOMAIN responses being cached for up to a day.

https://github.com/joohoi/acme-dns/blob/master/dns.go#L65

@joohoi
Copy link
Owner

joohoi commented Sep 14, 2023

Good point, 60sec should be sufficient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@apeschar @joohoi @Wildcarde