On Fri, Nov 6th, 2009 at 6:30 PM, "W.C.A. Wijngaards" <wouter at NLnetLabs.nl> wrote: > It could also be a bug where due to a miscalculation inside > the resolver the TTL becomes -1 (or infinite), but although > such a bug is fixed recently (in svn trunk) for DNSSEC bogus > messages, my guess is you are not DNSSEC validating. > Thinking about this further, if the TTL becomes -1, shouldn't it consider that cache entry stale and look it up again? I mean, is there any reason for entries to be in the cache forever? Thanks again for your assistance Wouter :-) -- Haw Loeung Systems Administrator TPG Internet http://www.tpg.com.au ________________________________________________________________ _______