I was just thinking to update this. The auth server on our end is Infoblox
with few knobs for timing (it's not awful but could definitely be better).
The caching resolver is BIND. I wasn't initially aware of the transparent
cache between. That must be the thing with the implementation bug.
It's
Scott Nicholas wrote:
>
> Primary nameserver is behind a cache/proxy on enterprise network such that
> all external traffic hits this. Zone went bogus. I blame policy but on
> further inspection 2/3 proxys had differing TTL between the DNSKEY and it's
> RRSIG.
Hmm, that's suspicious. In the DNS,
2 matches
Mail list logo
