On 28/03/12 13:15, Mauricio Freitas wrote:
I know of cases where people used to host DNS with a large ISP and after moving NS to other providers have to contact said ISP to “reset” DNS because their servers kept serving the old records for days… Even though people go on record saying “our servers respect TTLs” it seems some don’t…
Those symptoms can be caused by a combination of a "child centric" cache plus old nameserver not dropping the zone on time. In cache implementations, you can have "parent centric" and "child centric" when it needs to refresh records. A "parent centric" will start the resolution process from the top (root), go to the TLD, get the NS and so on. A "child centric" will use whatever NS has in cache, try to query those and if they are still authoritative, use them. If you add a nameserver change where the old nameservers are still authoritative for a domain, you end up with changes not being propagated. Cheers,
Cheers
Mauricio Freitas
www.geekzone.co.nz http://www.geekzone.co.nz/
www.freitasm.com http://www.freitasm.com
www.twitter.com/freitasm http://www.twitter.com/freitasm
*From:*nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Craig Whitmore *Sent:* Wednesday, 28 March 2012 1:11 p.m. *To:* Cameron Bradley; NZNOG Mailing-List *Subject:* Re: [nznog] DNS TTL Mangling
It has come to my attention in the course of moving the DNS for a number of domains that several of the ISPs in this country are mangling the TTLs on records queried by their recursive DNS servers. This behaviour seems to me to be undesirable in > situations where someone may have set a record to a shorter TTL to facilitate smoother movement between hosting providers. In the cases I’m seeing, records with TTLs of 14400 are being handed out with TTLs of 86400 by the service provider’s servers.
If an ISP (or anyone) is breaking/changing TTL's (and maybe other stuff in DNS) on purpose I would think IMHO this is bad. Think would make DNSSEC signed zones fail + other stuff you have said as the ISP is playing around with it.
Maybe you don't want to name who you think is doing it but maybe if anyone is doing this they may want to comment on the reasoning behind it.
Thanks
Craig
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535