On 7/12/2023 9:05 am, Nick Tait via bind-users wrote:
I could be wrong, but based on the output above it looks like the
current TTL is 0, which means that doing this should provide immediate
relief.
Sorry it looks like the DNS server on the Wi-Fi network I'm connected to
has done something weird with the TTL.
This is what I get when querying one of the "gov." authoritative servers
directly:
$ dig -t ds bls.gov @a.ns.gov +norecurse
; <<>> DiG 9.18.18-0ubuntu2-Ubuntu <<>> -t ds bls.gov @a.ns.gov +norecurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32241
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;bls.gov. IN DS
;; ANSWER SECTION:
bls.gov. 3600 IN DS 50951 8 2
E6B0A294066904F20A2B8EBA3FA9920F9A1822802977F59D706B30A1 77F7DC0C
;; Query time: 16 msec
;; SERVER: 2001:503:ff40::1#53(a.ns.gov) (UDP)
;; WHEN: Thu Dec 07 09:19:24 NZDT 2023
;; MSG SIZE rcvd: 84
This means when you remove the DS record, it will take 1 hour to fully
take effect (assuming no delay replicating between authoritative servers).
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
