apeschar
commented
1 year ago I believe that the last field in the SOA record should be set to a much lower value (eg, 1 or 60) to prevent NXDOMAIN responses from being cached for a long term. It's currently 86400, which may lead to NXDOMAIN responses being cached for up to a day.
joohoi
There doesn't appear to be a way to set minTTL for nxdomain replies at this time. This would be very helpful to prevent upstream dns servers from breaking how acme-dns works. I'm running into this issue currently with an infoblox based dhcp/dns server upstream. It holds onto the nxdomain reply for an hour+ and never checks back with acme-dns till it's too late and the letsencrypt request has expired.