DNS Issue with proofpoint.com


Sending this out (to multiple lists -- apologies for the potential
duplicates) in the hopes to proactively resolve any mail flow issues to /
from Proofpoint customers.

Earlier this evening, we had some DNS issues with our domain (proofpoint.com).
We've resolved the main problem, however, due to old cached DNS
information, the fall out now is that *many* (i.e. hundreds at this point)
customers are are seeing major email delays.

For any DNS operators, it would be much appreciated if you could flush your
DNS servers for proofpoint.com.

Among other providers, we are still seeing delays with mail flow to ATT
Wireless and Verizon Wireless.

Thanks in advance for your assistance on this.

Jaren Angerbauer
Deliverability & ISP Relations Manager

Wouldn't it make sense if we created a specific mail alias for requesting DNS flushes? This seems to happen statistically often enough it might be a valuable service to bundle under the NANOG umbrella.


What would make sense is some sort of attribute on the DNS record
which instructed servers not to cache it for so long that mistakes
have a lasting impact.

Bill Herrin

per RFC 1035:

example.com. IN SOA ns.example.com. hostmaster.example.com. (
                              2003080800 ; sn = serial number
                              172800 ; ref = refresh = 2d
                              900 ; ret = update retry = 15m
                              1209600 ; ex = expiry = 2w
                              3600 ; nx = nxdomain ttl = 1h

You're kidding me! You mean they already make that? :wink:


Or a pub/sub method of sending an immediate invalidation request, similar
to immediate CDN invalidations.

Caching is nice, but mistakes happen.

Which is why you should choose appropriate ttls.

Also for CDN you are talking to 1 company which has administative control
over the caches.

For DNS you have highly distributed caches which are talking to millions of
servers. There are nowhere near comparible in terms of management.