[GH-ISSUE #342] nxdomain responses include huge timeouts #188

New issue

Open

opened 2026-03-13 16:05:32 +03:00 by kerem · 2 comments

kerem commented 2026-03-13 16:05:32 +03:00

Owner

Copy link

Originally created by @Wildcarde on GitHub (Jun 13, 2023).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/342

There doesn't appear to be a way to set minTTL for nxdomain replies at this time. This would be very helpful to prevent upstream dns servers from breaking how acme-dns works. I'm running into this issue currently with an infoblox based dhcp/dns server upstream. It holds onto the nxdomain reply for an hour+ and never checks back with acme-dns till it's too late and the letsencrypt request has expired.

Originally created by @Wildcarde on GitHub (Jun 13, 2023). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/342 There doesn't appear to be a way to set minTTL for nxdomain replies at this time. This would be very helpful to prevent upstream dns servers from breaking how acme-dns works. I'm running into this issue currently with an infoblox based dhcp/dns server upstream. It holds onto the nxdomain reply for an hour+ and never checks back with acme-dns till it's too late and the letsencrypt request has expired.

kerem commented 2026-03-13 16:05:38 +03:00

Author

Owner

Copy link

@apeschar commented on GitHub (Sep 13, 2023):

I believe that the last field in the SOA record should be set to a much lower value (eg, 1 or 60) to prevent NXDOMAIN responses from being cached for a long term. It's currently 86400, which may lead to NXDOMAIN responses being cached for up to a day.

https://github.com/joohoi/acme-dns/blob/master/dns.go#L65

<!-- gh-comment-id:1717973322 --> @apeschar commented on GitHub (Sep 13, 2023): I believe that the last field in the SOA record should be set to a much lower value (eg, `1` or `60`) to prevent NXDOMAIN responses from being cached for a long term. It's currently `86400`, which may lead to NXDOMAIN responses being cached for up to a day. https://github.com/joohoi/acme-dns/blob/master/dns.go#L65

kerem commented 2026-03-13 16:05:43 +03:00

Author

Owner

Copy link

@joohoi commented on GitHub (Sep 14, 2023):

Good point, 60sec should be sufficient.

<!-- gh-comment-id:1719251986 --> @joohoi commented on GitHub (Sep 14, 2023): Good point, 60sec should be sufficient.

kerem referenced this issue 2026-03-13 16:18:29 +03:00

[PR #188] [MERGED] Proper EDNS0 (non)support #337

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix_dockerhub

dockerhub

readme2.0

goreleaser_action

refactoring

linter_update_config

update_deps_122

dependabot/go_modules/github.com/valyala/fasthttp-1.34.0

deps_bump

update_goreleaser

update_golint

deps_update

update_dockerfile

v2.0.2

v2.0.1

v2.0

v1.1

v1.0

v0.8

v0.7.2

v0.7.1

v0.7

v0.6

v0.5

v0.4

v0.3.2

v0.3.1

v0.3

v0.2

v0.1

Labels

Clear labels   

Documentation

  

Documentation

  

bug

  

enhancement

  

feature request

  

feature request

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

security

  

security

  

testing

No labels

Documentation

Documentation

bug

enhancement

feature request

feature request

help wanted

pull-request

question

security

security

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/acme-dns#188

No description provided.