How to determine a proper value for "cache-min-ttl"

StackOverflow https://stackoverflow.com/questions/21799834

  •  12-10-2022
  •  | 
  •  

Question

I use Unbound as a local DNS cache resolver on my FreeBSD 10 desktop, however, I'm not sure how to decide a proper value for "cache-min-ttl" in its configuration file. I have searched on Google but there seems to be little clear answers. Currently, 1800 is my choice but not for sure. Here's my configuration file of Unbound:

server:
    interface: 0.0.0.0
    verbosity: 1
    cache-min-ttl: 1800
    logfile: /var/unbound/unbound.log
    pidfile: /var/run/local_unbound.pid

forward-zone:
      name: "."
      forward-addr: 114.114.114.114        # 114 DNS
      forward-addr: 114.114.115.115        # 114 DNS
      forward-addr: 8.8.8.8        # Google Public DNS
      forward-addr: 8.8.4.4        # Google Public DNS
      forward-addr: 199.85.126.10        # Norton DNS
      forward-addr: 199.85.127.10        # Norton DNS
Was it helpful?

Solution

For a desktop, you don't need to write a config file yourself. The script local-unbound-setup will do that for you automatically. The automatically generated setup looks like this:

# Generated by local-unbound-setup
server:
        username: unbound
        directory: /var/unbound
        chroot: /var/unbound
        pidfile: /var/run/local_unbound.pid
        auto-trust-anchor-file: /var/unbound/root.key

(The nameservers that you have in resolv.conf will be added to /var/unbound/forward.conf. See /usr/sbin/local-unbound-setup.)

This means that cache-min-ttl is kept at its default value which, according to the unbound.conf(5) manual page, is zero;

   cache-min-ttl: <seconds>
          Time to live minimum for  RRsets  and  messages  in  the  cache.
          Default  is  0.  If the the minimum kicks in, the data is cached
          for longer than the domain owner intended, and thus less queries
          are  made  to look up the data.  Zero makes sure the data in the
          cache is as the domain owner intended, higher values, especially
          more  than an hour or so, can lead to trouble as the data in the
          cache does not match up with the actual data any more.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top