What part of your webserver is even doing DNS lookups? Most webserver configurations explicitly disable reverse DNS lookup of each incoming user, for speed (because DNS is slow in general).
As Patrick notes, nscd is doing the right thing and respecting the positive TTL values. Yes, you could override it (unbound
would let you do this easily, just modify server.cache-min-ttl
, has warnings about increasing it beyond 1 hour for the same reasons). HOWEVER, your queries are probably mostly rDNS, which will tend to have longer TTLs in general.
Additionally, since your maximum number of cached values
is so low, I'd like to note that you're hardly getting any traffic.
If you do care about where you users repeat from that often, I'd suggest logging it outside nscd, and not worrying about it anymore.
Edit (2013/12//09):
nscd -g
hosts stats from dev.gentoo.org
(no blocks in comments):
nscd configuration:
4h 8m 43s server runtime
hosts cache:
yes cache is enabled
no cache is persistent
no cache is shared
422 suggested size
1108744 total data pool size
966632 used data pool size
600 seconds time to live for positive entries
20 seconds time to live for negative entries
67878 cache hits on positive entries
2479 cache hits on negative entries
9464 cache misses on positive entries
4276 cache misses on negative entries
83% cache hit rate
6951 current number of cached values
7641 maximum number of cached values
33 maximum chain length searched
1 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/hosts for changes
No; not all the way from the .com
domain (actually I think you meant from the root domain?).
The NS records for stackoverflow.com
have a TTL of 172800, so those are cached a lot longer than the 300 seconds of the www.stackoverflow.com
CNAME record and the stackoverflow.com
A record. So after those CNAME and A records have expired, the NS records will probably still be cached and hence those nameservers can be questioned about www.stackoverflow.com
(and then stackoverflow.com
).
BTW I wouldn't have given both www.stackoverflow.com
and stackoverflow.com
a TTL of just 300, that means twice as many DNS requests without any immediately evident advantage IMHO.
Best Answer
dig
doesn’t remember queries. But it makes use of name servers listed in/etc/resolv.conf
, unless the server to be queried is specified explicitly. Such servers normally accept recursive queries and have caches for their results. Sodig
can receive records cached by (intermediate) servers.Use
dig +trace
…to override this behaviour, forcing it to query an authoritative server. See dig(1) for more information.