I was just thinking to update this. The auth server on our end is Infoblox
with few knobs for timing (it's not awful but could definitely be better).
The caching resolver is BIND. I wasn't initially aware of the transparent
cache between. That must be the thing with the implementation bug.
It's no
Scott Nicholas wrote:
>
> Primary nameserver is behind a cache/proxy on enterprise network such that
> all external traffic hits this. Zone went bogus. I blame policy but on
> further inspection 2/3 proxys had differing TTL between the DNSKEY and it's
> RRSIG.
Hmm, that's suspicious. In the DNS,
I was hoping someone's experience could save me as I've spent too much time
down this rabbit hole.
Primary nameserver is behind a cache/proxy on enterprise network such that
all external traffic hits this. Zone went bogus. I blame policy but on
further inspection 2/3 proxys had differing TTL betwe
3 matches
Mail list logo
