Hi.
I was trying to find out, if it is possible to limit the maximum TTL for
caching negative answers with unbound. I was able to find
the limit for maximum TTL for any answers (cache-max-ttl) and for
bogus answers (val-bogus-ttl).
Is it really not possible to set negative cache maximum TTL?
In Fedora we plan to use Unbound + dnssec-trigger by default
from Fedora 23. For the beginning we would like to limit the
TTL for negative cache, since there were some concerns raised
on the Fedora devel-list. These were mostly resolved, but
to be safe, we still want to limit the TTL for negative cache.
Thanks!
Regards,
Hi Tomas,
I was trying to find out, if it is possible to limit the maximum
TTL for caching negative answers with unbound. I was able to find
the limit for maximum TTL for any answers (cache-max-ttl) and for
bogus answers (val-bogus-ttl).
Is it really not possible to set negative cache maximum TTL?
I've done some digging in the code and believe cache-max-ttl is
applicable to negative answers as well.
//Yuri
But that's not very useful.
The use case here is for instance when you're hotspotted and you will
get a bunch of false answers or DNS queries fail. You really want to
forget these practically instantly. But we don't want the real cache's
TTLs reduced to instantly, as that would uhm, remove the entire cache.
We can call it a bug instead of a feature if that makes Wouter happier 
Paul
Yesterday I noticed that the maximum negative cache ttl is already in the upstream repo,
added on 29.5... So problem solved. 
Regards,