I am at a loss. When doing digs using our name servers for 'ANY' records of a
domain we are getting TTLs of five seconds. The TTLs will be correct if we
query for the records individually just not when using 'ANY'. Ideas?
dig google.com any
; DiG 9.8.3-P1 google.com any
;; global options:
On 10.09.13 08:15, Nicholas F Miller wrote:
I am at a loss. When doing digs using our name servers for 'ANY' records of
a domain we are getting TTLs of five seconds. The TTLs will be correct if
we query for the records individually just not when using 'ANY'. Ideas?
BIND simply provides you
On 10 September 2013 16:58, Nicholas F Miller
nicholas.mil...@colorado.edu wrote:
The only thing between us and the world are Junos FWs. The behavior happens
if you dig a hosted zone on the master DNS server as well.
Is there any configuration on the DNS server which is reducing the TTL
There aren't any options set to reduce the TTLs. When you dig using a public
DNS server the replies are correct. It is only when using our DNS servers.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 10:04
The only thing between us and the world are Junos FWs. The behavior happens if
you dig a hosted zone on the master DNS server as well.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 9:43 AM, Tony Finch
Nicholas F Miller nicholas.mil...@colorado.edu wrote:
The problem is the reply will ALWAYS be five seconds when doing an 'ANY'
query. It is not a matter of the TTL counting down.
Is there a middlebox of some kind between you and the name server?
Tony.
--
f.anthony.n.finch d...@dotat.at
The problem is the reply will ALWAYS be five seconds when doing an 'ANY' query.
It is not a matter of the TTL counting down.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 9:24 AM, Matus UHLAR - fantomas
I don't get 5 seconds for a reply.
;; ANSWER SECTION:
google.com. 219 IN 2607:f8b0:4009:805::1006
google.com. 29 IN A 173.194.46.34
google.com. 29 IN A 173.194.46.35
google.com. 29 IN A
On 10/09/13 17:22, Nicholas F Miller wrote:
We have a winner! I disabled RPZ on a test DNS server and the problem
went away. We do not have a whitelist zone so the issue must be with
RPZ zones in general (or the format of the RPZ zone file).
We see the same behaviour, and likewise don't have a
9 matches
Mail list logo