dns-forwarding: add negative-ttl option

author: Christian Poessinger <christian@poessinger.com> 2019-12-15 15:43:37 +0100
committer: Christian Poessinger <christian@poessinger.com> 2019-12-15 15:43:37 +0100
commit: 5aff67893b993364cf48edbb927661315927f00d (patch)
tree: 6f6cba93260075849d4091c93689d1bb07f0d473 /docs/services
parent: 94d4aaada6bd9345b968da336f88a6f8f0e15874 (diff)
download: vyos-documentation-5aff67893b993364cf48edbb927661315927f00d.tar.gz
vyos-documentation-5aff67893b993364cf48edbb927661315927f00d.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst
index e98d7f6b..bd05395e 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/services/dns-forwarding.rst
@@ -87,6 +87,14 @@ use this file to add resolvers to assigned addresses.
 Maximum number of DNS cache entries. 1 million per CPU core will generally
 suffice for most installations.
 
+.. cfgcmd:: set service dns forwarding negative-ttl
+
+A query for which there is authoritatively no answer is cached to quickly deny
+a record's existence later on, without putting a heavy load on the remote
+server. In practice, caches can become saturated with hundreds of thousands of
+hosts which are tried only once. This setting, which defaults to 3600 seconds,
+puts a maximum on the amount of time negative entries are cached.
+
 Example
 =======
author	Christian Poessinger <christian@poessinger.com>	2019-12-15 15:43:37 +0100
committer	Christian Poessinger <christian@poessinger.com>	2019-12-15 15:43:37 +0100
commit	5aff67893b993364cf48edbb927661315927f00d (patch)
tree	6f6cba93260075849d4091c93689d1bb07f0d473 /docs/services
parent	94d4aaada6bd9345b968da336f88a6f8f0e15874 (diff)
download	vyos-documentation-5aff67893b993364cf48edbb927661315927f00d.tar.gz vyos-documentation-5aff67893b993364cf48edbb927661315927f00d.zip