making DNS changes (TTL theory)

Kevin Darcy kcd at daimlerchrysler.com
Tue Aug 16 20:12:38 UTC 2005 

Jim wrote:

>Hey folks,
>
>Being relatively new to dns, I'm a bit uncertain that when i make changes to 
>bind, how to accurately im able to predict when the changes i make will 
>replicate to dns servers across the world. I'm asking y'all for help because 
>i've heard it said from people who manage the same zones, that it might take 
>up to 2 weeks for changes to have fully taken affect across the net - which 
>i am willing to contradict. I've always been under the understanding that 
>changes made to RR's could take up to the value of my TTL for the zone. Let 
>me explain how i draw my conclusion for dns changes now, and i'd be happy to 
>have anyone correct me on this or offer any advice.
>
>For zone1.com, my TTL = 2 days and my expire = 2 weeks. My expire value is 
>only relevant to my slaves of zone1.com. If my primary name server is 
>unreachable from my secondaries, the zone data will expire, and my 
>secondaries are no longer able to provide authoriative answers for my 
>zone1.com.
>As for my TTL of 2 days, this value tells any non-authoritative name server 
>how long they should cache my zone data for. So if a non-authoritative 
>server has my zone data cached, then i make a change to my zone & reload 
>bind, the countdown begins from the TTL and the client using this 
>non-authoritative server can expect (worse case scenario) that in 2 days 
>they will have an updated answer for all RRs in my zone. In which case i 
>would be correct in assuming that in the worst case scenario, my zone data 
>will have updated answers from all internet servers depending on the value 
>of my TTL. Are both of these assumptions correct?
>
I didn't see anything in your explanation about REFRESH. If you're using 
AXFR/IXFR for replication, and in the absence of NOTIFY (which in my 
experience tends to be unreliable anyway), your worst-case for getting 
the data out to all of your authoritative nameservers is the REFRESH 
time (multiples of REFRESH if you have multiple master/slave "hops" to 
go through). Once the data gets out to all of your authoritative 
nameservers, the worst case is that it then sticks around in resolvers 
for the duration of the TTL setting. So the worst case persistence of 
old data should usually be REFRESH+TTL.

                                                                         
                                                      - Kevin

More information about the bind-users mailing list