top | item 28754253

(no title)

mnordhoff | 4 years ago

Resolvers typically cache successful "does not exist" responses for no more than 1-3 hours. (And authoritative servers often have a lower negative TTL.)

(There's a corner case related to DNSSEC that can make it go higher, but that's being worked on, and isn't relevant here.)

In this situation, the nameservers were just down. I haven't done exhaustive research, but the resolvers I'm aware of cache that kind of thing for no more than 15 minutes.

discuss

withinboredom|4 years ago

If there’s a chain of caches 3 deep, a 15 minute cache on bad responses will take 45 minutes to clear.