From: Jacob Bunk Nielsen Date: Tue, 22 Dec 2020 07:22:22 +0000 (+0100) Subject: Document the behavior of the max-signature-cache-entries setting. X-Git-Tag: rec-4.5.0-alpha1~54^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0e5b587cdfb50766ececc24375f73deb2f28bcdd;p=thirdparty%2Fpdns.git Document the behavior of the max-signature-cache-entries setting. Update documentation with a few things I learned during a debugging session with great help on IRC. If you use NSEC narrow mode and handle queries that generates a lot of signatures, e.g. because of random subdomain queries this can cause the cache to grow very large. Also document the surprising cache eviction policy of dropping all cache entries when the maximum cache size is hit. --- diff --git a/docs/settings.rst b/docs/settings.rst index 682238d7c8..6db6c37500 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -1007,7 +1007,9 @@ situation hopeless and respawn. - Integer - Default: 2^31-1 (on most systems), 2^63-1 (on ILP64 systems) -Maximum number of signatures cache entries +Maximum number of DNSSEC signature cache entries. This cache is +automatically reset once per week or when the cache is full. If you +use NSEC narrow mode, this cache can grow large. .. _setting-max-tcp-connection-duration: