summaryrefslogtreecommitdiff
path: root/docs/services/dns-forwarding.rst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-12-15 15:43:37 +0100
committerChristian Poessinger <christian@poessinger.com>2019-12-15 15:43:37 +0100
commit5aff67893b993364cf48edbb927661315927f00d (patch)
tree6f6cba93260075849d4091c93689d1bb07f0d473 /docs/services/dns-forwarding.rst
parent94d4aaada6bd9345b968da336f88a6f8f0e15874 (diff)
downloadvyos-documentation-5aff67893b993364cf48edbb927661315927f00d.tar.gz
vyos-documentation-5aff67893b993364cf48edbb927661315927f00d.zip
dns-forwarding: add negative-ttl option
Diffstat (limited to 'docs/services/dns-forwarding.rst')
-rw-r--r--docs/services/dns-forwarding.rst8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst
index e98d7f6b..bd05395e 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/services/dns-forwarding.rst
@@ -87,6 +87,14 @@ use this file to add resolvers to assigned addresses.
Maximum number of DNS cache entries. 1 million per CPU core will generally
suffice for most installations.
+.. cfgcmd:: set service dns forwarding negative-ttl
+
+A query for which there is authoritatively no answer is cached to quickly deny
+a record's existence later on, without putting a heavy load on the remote
+server. In practice, caches can become saturated with hundreds of thousands of
+hosts which are tried only once. This setting, which defaults to 3600 seconds,
+puts a maximum on the amount of time negative entries are cached.
+
Example
=======