On Wed, 12 Nov 2008, Stuart MacIntosh wrote:
Quick question, hopefully. How common is it for DNS server admins to manipulate TTLs of NS records, on their recursive/customer-facing servers?
I would say fairly uncommon. In theory you should have some ACL , the root servers, some resource limits and maybe a rfc1918 blackhole and thats it. You can play with the TTL sometimes but it's usually a bad idea and most DNS software doesn't make it easy. Corps are more likely to do weird stuff for dumb reasons.
Also, when seeing a reply from a caching server (query A-type) NS is returned correctly but not the A record. Why is this (typically)?
If the record has changed recently then the usual reasons are: * the person who changed it forgot to update the serial number * the TTL hasn't expired. * Not all the Auth servers got updated * The .nz or .com nameservers are still pointing at the old Auth servers. * The DNS servers your are talking to used to host the domain and are still configured with the details If the records have not changed recently then the last one above is usually the cause. You will note that reasons 1-4 above are the Domain owners fault and usually reason 5 is as well. -- Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.