Bind rpz only gives max TTL of 5 seconds
-
Hi I have setup Bind on pfsense with response policy (rpz) everything is working correctly except I noticed yesterday that responses from overridden DNS records basically do not stay on on my other routers that use pfsense as default DNS server. I started searching and noticed that Bind will give TTL for overridden DNS records of 5 seconds, even thou I have $TTL 1d specified. If I set $TTL to anything lower than 5 seconds request will also reflect that but anything > 5 seconds will always stay at 5. I tried to set TTL inline but that is also not reflected.
Zone Config file shows correct TTL so whatever is happening has to be somewhere in the background.
$TTL 1d ; $ORIGIN rpz.local. ; Database file rpz.local.DB for rpz.local zone. ; Do not edit this file!!! ; Zone version 2699376993 ; @ IN SOA localhost. root.localhost. ( 2699376993 ; serial 1d ; refresh 2h ; retry 4w ; expire 1h ; default_ttl ) ; ; Zone Records ; @ IN NS localhost. subdomain.domain.com IN A xxx.xxx.xxx.xxx subdomain2.domain.com 3600 IN A xxx.xxx.xxx.xxx ...I searched for hours but couldn't find any settings that would affect maximum TTL.
I'm using pfsense 2.7.0 and latest (9.17) Bind package, but same problem was already present in previous 9.16.x package.
Anybody have any Idea what could be causing this? Thank You! -
Today I did set up another test BIND server under linux configured it from ground up. And result is exactly the same. So this problem is not pfsense related. Its something I do not understand in Bind...