Negative Caching
Caching NXDOMAIN and NODATA responses (the absence of a record) at a resolver, so repeated lookups for non-existent names do not hammer authoritative servers.
Negative caching is the resolver behaviour of storing "this name does not exist" (NXDOMAIN) and "this name exists but has no records of this type" (NODATA) answers for a bounded TTL. The TTL is taken from the SOA record's minimum field (the fifth field of the SOA, capped at one week), so the zone operator controls how long negative answers live. Without it, every typo or misconfigured client query would touch authoritative servers indefinitely. The downside: when you add a record for a name that recently returned NXDOMAIN, clients keep getting the cached negative answer until the SOA-minimum TTL expires.
Reference
Related terms
See also
Referenced on
- Complete Guide to DNS Attacks and DNS Security (Prevention, Testing & Mitigation)
- Free DNS Lookup Tool
- Home
- NXDOMAIN Attack: How Nonexistent Domain Floods Exhaust DNS Resolvers
- Understanding DNS Record Types: A, AAAA, CNAME, MX, TXT, and More
- What Is DNS Propagation and Why Does It Take So Long?
- What Is NXDOMAIN? Understanding the 'Domain Does Not Exist' DNS Response