DNS TTL priority: Zone or Policy or Other?

kirbinikirbini Member
Posted by kirbini

Hello,

We've a customer who is asking for a TTL increase on many of their GLSB zones. One of our engineers changed it in the GLSB policy for that client but nothing changed. I changed the TTL for one of the zones and that seemed to work. I should mention that the AX1000 is the DNS server, not a proxy.

What we'd like to know is, what is the priority for TTL in GLSLB configs? Since this customer has many zones we'd like to manage TTL through policy, not by individual zone. If we uncheck the TTL option in the Zone configs will the policy TTL be used? What if we do not have a TTL set in either the zone or the policy? The manual says there is a relationship between the sticky time set in the GLSB policy and the TTL set in the zone. How is the sticky affected if we remove the TTL config from the individual zones?

thx,

Comments

  • kirbinikirbini Member
    edited February 2014
    Posted by kirbini

    It appears I've partially answered my own question. With the AX running in authoritative DNS mode, and you remove the TTL setting from an individual zone, then a TTL of 0 is provided. Apparently the TTL setting in the policy has no affect if the zone TTL is removed.

    Is this intentional and if so, is there a way to manage the TTL of many zones through a policy or something similar. Like I said previously, we'd rather manage this setting centrally instead of by individual zone.
  • edited July 2022
    Posted by ddesmidt

    You indeed replied to your question 

    You can configure specific TTL under:
    . Zone
    . Policy
    Note: Policy is only to update TTL answers received from the back-end DNS server => for AX GSLB Proxy-mode only.

    So to reply to your need, you have to update the TTL in each zone.
    Note: If that's something important, please contact your A10 Sales Rep => we can add that to our list of enhancements requests.

    Thanks,
    Dimitri


    Quick note about TTL=0 (no TTL configured on AX acting as a DNS server):
    That's recommended to NOT use TTL=0.
    See: mark.lindsey.name/2009/03/never-use-dns-ttl-of-zero-0.html
  • kirbinikirbini Member
    edited February 2014
    Posted by kirbini

    thanks for the info.

    Oh, and I'm all too aware of the TTL=0 no-no. A few months back one of my admins set TTL to 0 for a bunch of client domains we host. Then I got the panic call asking why our DNS cpu's had spiked to 100%. One terse note from me later and I'm guessing no one who works here will ever do that again.
Sign In or Register to comment.