Little confusion about BIND/AD [DNS] Setup

Blason R blason16 at
Thu Jul 26 02:45:07 UTC 2018

Hi there,

I have little confusion about bind and Windows AD/DNS Setup and woudl
appreciate if someone can shed some light on my query.

Well, I have BIND/RPZ setup in my environment and I have AD/DNS server,
users are configured to talk to Windows DNS server and it has forwarder set
to my BIND/RPZ.

Now the issue I faced is on my BIND/RPZ is; I had forwarder set as
which was flaggin one of site wrongly while is resolving that
perfectly. Hence users while accessing site via AD/DNS -> RPZ ->
initially was consistently getting error. Later I decided to change the
forwarder in my BIND and added as Restarted the service that must
have cleared the cache but users who were using AD/DNS were still getting
that wrong pages. I guess that was being served from DNS cache since it was
showing a TTL value of almost 24 hrs.

Hence wondering if TTL value from my BIND/RPZ can be lowered? Will that
really make any difference? And which DNS server is responsible for giving
the TTL value to users? How can I eventually set the lower TTL value in my
environment so that records from end users may get flushed faster?

Windows, BIND RPZ or NS of end portal which is being accessed?

Thanks and Regards,
Lionel F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list