Am 21.04.20 um 21:30 schrieb Ondřej Surý: > There was a setting in Cisco which would handle the host behind > the NAT differently when the DNS traffic passed the matching NAT. > > I found a bug in the Cisco devices more than 10+ years ago when > it would mangle the TTL to `0`. I don’t really remember the details > though, but it’s not only the `ip inspect` that might be at fault.
cisco dns ALG even mangles the TTL of CNAMES within a zone-transfer which was the reason to set up a vpn peer to avoid zero TTLs on public slaves no ip nat service alg tcp dns no ip nat service alg udp dns _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
