Understanding "cached" vs "forwarded"

Please follow the below template, it will help us to help you!

Expected Behaviour:

A whitelisted server IP address is cached and the cache entry is used

Actual Behaviour:

Same host is used as forwarded and direclty afterwards as cached
"

2019-09-09 14:51:02 |A    | cdws.us-east-1.amazonaws.com   |hades   | OK (forwarded)     | IP (39.6ms)
2019-09-09 14:51:02 |AAAA | cdws.us-east-1.amazonaws.com   |hades   | OK (cached)        | NODATA (0.4ms)
2019-09-09 15:36:04	|A	  | cdws.us-east-1.amazonaws.com   |hades	| OK (forwarded)	 | IP (42.3ms)
2019-09-09 15:43:36	|AAAA |	cdws.us-east-1.amazonaws.com   |hades	| OK (forwarded)	 | NODATA (44.4ms)

"
or
"

|2019-09-09 15:47:12  |A    |ping.ubnt.com |hades |OK (forwarded)      |CNAME (18.2ms)
|2019-09-09 15:46:59  |A    |ping.ubnt.com |hades |OK (cached)         |CNAME (0.2ms)
|2019-09-09 15:46:12  |A    |ping.ubnt.com |hades |OK (forwarded)      |CNAME (19.9ms)
|2019-09-09 15:46:02  |A    |ping.ubnt.com |hades |OK (cached)         |CNAME (0.2ms)

"

Debug Token:

https://tricorder.pi-hole.net/f21mu78g4v

Hi, yes, I understand that.
But why is it forwarded even after it has been cached?
In less than 60min it is being forwarded again.

That is determined by the TTL of the domain itself.

https://www.dnsknowledge.com/whatis/time-to-live-ttl/

If you look at the output of a dig for each of those domains, you will see the TTL in the answer section. The TTLs for these domains are very short. Your TTL may vary, depending on which upstream server you are using with Cloudflared.

dig ping.ubnt.com @1.1.1.1

;; ANSWER SECTION:
ping.ubnt.com.		  143	IN	CNAME	dl.ubnt.com.
dl.ubnt.com.		  143	IN	CNAME	d2cnv2pop2xy4v.cloudfront.net.
d2cnv2pop2xy4v.cloudfront.net. 9 IN	A	13.249.130.96

 dig cdws.us-east-1.amazonaws.com @1.1.1.1

;; ANSWER SECTION:
cdws.us-east-1.amazonaws.com. 12 IN	A	176.32.103.13

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.