Dns pointer record not updating
Also note that during some configuration changes (commits) on the Palo Alto, the DNS proxy was not working anymore at all!My previous article was about bulk DNS records creation in forward lookup zone.TTL: The TTL (Time to Live) is the amount of time your record will stay in cache on systems requesting your record (resolving nameservers, browsers, etc.).The TTL is set in seconds, so 60 is one minute, 1800 is 30 minutes, etc..I tested a normal DNS name Packet Capture), these are two screenshots from Wireshark that show the connections to the different DNS servers for the different use cases.In any case, the queries from the Palo Alto are made from the appropriate layer 3 interfaces with the corresponding IPv6 addresses, in my case 205::1, etc.: For more information about the DNS proxy use this Palo Alto Networks article: How to Configure DNS Proxy on a Palo Alto Networks Firewall.Fortunately there are some good tools on the Internet to help reversing IPv6 addresses. The BIND server runs on a Ubuntu 12.04.5 LTS with BIND version 9.8.1-P1.For some general information about DNS reverse lookups, use this Wikipedia article.
This way you won’t have any downtime during the change.Note that the connections from the Palo Alto to the DNS servers are established via IPv6 though the bulk of DNS lookups is still IPv4 (A records). The first three are the well-known legacy IP reverse zones (RFC1918) while the last one is my /48 global unicast IPv6 subnet.Now all DNS queries are primarily sent to DNS server at 200::a, while the reverse DNS (r DNS) lookups are sent to 200::11. I am using this tool to generate the IPv6 zone file as well as this for further IPv6 PTR records.The lower the TTL the more often a client will need to query the name servers for your host’s (record’s) IP address this will result in higher query traffic for your domain name.Where as a very high TTL can cause downtime when you need to switch your IPs quickly.
Search for dns pointer record not updating:
Systems that have a static IP should usually have a TTL of 1800 or higher.