On 10/09/13 17:22, Nicholas F Miller wrote:
We have a winner! I disabled RPZ on a test DNS server and the problem
went away. We do not have a whitelist zone so the issue must be with
RPZ zones in general (or the format of the RPZ zone file).
We see the same behaviour, and likewise don't have a
I don't get 5 seconds for a reply.
;; ANSWER SECTION:
google.com. 219 IN 2607:f8b0:4009:805::1006
google.com. 29 IN A 173.194.46.34
google.com. 29 IN A 173.194.46.35
google.com. 29 IN A
The problem is the reply will ALWAYS be five seconds when doing an 'ANY' query.
It is not a matter of the TTL counting down.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 9:24 AM, Matus UHLAR - fantomas wr
We have a winner! I disabled RPZ on a test DNS server and the problem went
away. We do not have a whitelist zone so the issue must be with RPZ zones in
general (or the format of the RPZ zone file).
_
Nicholas Miller, OIT, University of Color
Nicholas F Miller wrote:
> The problem is the reply will ALWAYS be five seconds when doing an 'ANY'
> query. It is not a matter of the TTL counting down.
Is there a middlebox of some kind between you and the name server?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, v
The only thing between us and the world are Junos FWs. The behavior happens if
you dig a hosted zone on the master DNS server as well.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 9:43 AM, Tony Finch wrot
There aren't any options set to reduce the TTLs. When you dig using a public
DNS server the replies are correct. It is only when using our DNS servers.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On Sep 10, 2013, at 10:04 A
On 10 September 2013 16:58, Nicholas F Miller
wrote:
> The only thing between us and the world are Junos FWs. The behavior happens
> if you dig a hosted zone on the master DNS server as well.
Is there any configuration on the DNS server which is reducing the TTL
unnecessarily? (e.g. max-cache-tt
On 10.09.13 08:15, Nicholas F Miller wrote:
I am at a loss. When doing digs using our name servers for 'ANY' records of
a domain we are getting TTLs of five seconds. The TTLs will be correct if
we query for the records individually just not when using 'ANY'. Ideas?
BIND simply provides you th
I am at a loss. When doing digs using our name servers for 'ANY' records of a
domain we are getting TTLs of five seconds. The TTLs will be correct if we
query for the records individually just not when using 'ANY'. Ideas?
> dig google.com any
; <<>> DiG 9.8.3-P1 <<>> google.com any
;; global op
10 matches
Mail list logo
