How to deal with DNS related 409 for VPN or products like Zscaler Follow
Section.io is a global & dynamic platform that adapts edge locations based on end-user traffic.
Section customers occasionally see 409's when traffic, delivered from the Zscaler network, is being directed to old and stale server IP addresses based, on stale DNS.
Below is an example email that can be used to send to Zscaler support or a similar networking provider.
Section Customer Engineers can provide the Kibana report to provide evidence for Zscaler or a similar provider.
Hi Zscaler support,
Our company www.sectioncustomer.com is a customer of Zscaler and Section.io.
We are seeing issues with DNS TTL not being honored for our website domain, which uses the CDN edge compute platform www.section.io Section.io when accessed via the Zscaler product.
Section is a global & dynamic platform that adapts edge locations based on end-user traffic. Our company is seeing a situation where traffic on the Zscaler network is being directed to old and stale server IP addresses based on stale DNS.
Using a report from Section you can see a small amount of traffic is being misdirected to a stale edge server. The remote address listed is a Zscaler IP address.
A small number of requests for www.sectioncustomer.com were being sent to an endpoint 6 hours after it had been removed from there.
Please update your DNS servers to honor DNS TTL.
Article is closed for comments.