Closed RIKIKU closed 2 years ago
Yes sorry about this, you are completely right. Changed it to 0
in dd1008ba6c363e8552d3ed87d3c224bb806f16f4 so :latest
should have it soon! Also you might want to use :v2.0.0-beta
which respects this (coded the cache myself π), although it lacks DNSSEC validation for now compared to Unbound.
thanks for the super quick fix for this! I'll take a look at 2.0! π
The unbound config item cache-min-ttl is currently set to 3600 (1 hour).
Setting the minimum TTL to 3600 as is happening here, causes problems with DNS based load balancers like Azure Traffic Manager in the event of failover.
If a site goes down in one region, these systems dect the issue and start sending traffic to an alternate region by changing the endpoint the dns resolves to. Some TTLs are set to 10 seconds for this reason. Setting the minimum TTL as has been done in this config item, means that if a service/site was to go down, the people using this dns server would not benefit from the load balancer failing over until this ttl expired which might mean that a site/service would be down for up to an hour.
What I propose is that this config item be set to 0 so that the TTL configured by the domain owner is used. I have no problem with this being configurable by the container user. If people want to specifically set a longer TTL then that's up to them, but we shouldn't presume to know what's best for all sites.