dns query process

Fri Jan 16 17:56:46 UTC 2009

Hi all

This is result of tracing www.google.com by dig 9.5.0

; <<>> DiG 9.5.0-P1 <<>> +trace www.google.com
;; global options:  printcmd
.                       9398    IN      NS      E.ROOT-SERVERS.NET.
.                       9398    IN      NS      G.ROOT-SERVERS.NET.
.                       9398    IN      NS      K.ROOT-SERVERS.NET.
.                       9398    IN      NS      L.ROOT-SERVERS.NET.
.                       9398    IN      NS      A.ROOT-SERVERS.NET.
.                       9398    IN      NS      J.ROOT-SERVERS.NET.
.                       9398    IN      NS      B.ROOT-SERVERS.NET.
.                       9398    IN      NS      I.ROOT-SERVERS.NET.
.                       9398    IN      NS      D.ROOT-SERVERS.NET.
.                       9398    IN      NS      F.ROOT-SERVERS.NET.
.                       9398    IN      NS      M.ROOT-SERVERS.NET.
.                       9398    IN      NS      C.ROOT-SERVERS.NET.
.                       9398    IN      NS      H.ROOT-SERVERS.NET.
;; Received 272 bytes from 10.10.10.101#53(10.10.10.101) in 0 ms
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 492 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 273 ms
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.
;; Received 168 bytes from 192.41.162.30#53(l.gtld-servers.net) in 296 ms
www.google.com.         604800  IN      CNAME   www.l.google.com.
l.google.com.           86400   IN      NS      c.l.google.com.
l.google.com.           86400   IN      NS      b.l.google.com.
l.google.com.           86400   IN      NS      a.l.google.com.
l.google.com.           86400   IN      NS      g.l.google.com.
l.google.com.           86400   IN      NS      e.l.google.com.
l.google.com.           86400   IN      NS      d.l.google.com.
l.google.com.           86400   IN      NS      f.l.google.com.
;; Received 276 bytes from 216.239.34.10#53(ns2.google.com) in 349 ms

Here is result of querying ns record from ns1.google.com

> google.com
Server:  [216.239.32.10]
Address:  216.239.32.10
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, auth. answer, want recursion
        questions = 1,  answers = 4,  authority records = 0,  additional = 4
    QUESTIONS:
        google.com, type = NS, class = IN
    ANSWERS:
    ->  google.com
        nameserver = ns2.google.com
        ttl = 345600 (4 days)
    ->  google.com
        nameserver = ns3.google.com
        ttl = 345600 (4 days)
    ->  google.com
        nameserver = ns1.google.com
        ttl = 345600 (4 days)
    ->  google.com
        nameserver = ns4.google.com
        ttl = 345600 (4 days)
    ADDITIONAL RECORDS:
    ->  ns1.google.com
        internet address = 216.239.32.10
        ttl = 345600 (4 days)
    ->  ns2.google.com
        internet address = 216.239.34.10
        ttl = 345600 (4 days)
    ->  ns3.google.com
        internet address = 216.239.36.10
        ttl = 345600 (4 days)
    ->  ns4.google.com
        internet address = 216.239.38.10
        ttl = 345600 (4 days)
------------
google.com
        nameserver = ns2.google.com
        ttl = 345600 (4 days)
google.com
        nameserver = ns3.google.com
        ttl = 345600 (4 days)
google.com
        nameserver = ns1.google.com
        ttl = 345600 (4 days)
google.com
        nameserver = ns4.google.com
        ttl = 345600 (4 days)
ns1.google.com
        internet address = 216.239.32.10
        ttl = 345600 (4 days)
ns2.google.com
        internet address = 216.239.34.10
        ttl = 345600 (4 days)
ns3.google.com
        internet address = 216.239.36.10
        ttl = 345600 (4 days)
ns4.google.com
        internet address = 216.239.38.10
        ttl = 345600 (4 days)
>

As shown above ,the first result from dig show that ns1.google.com record in
com. has ttl= 172800 but the second result from querying one of
google.comzone authorize which in is case is
ns1.google.com show that ttl=345600.

If one day google.com remove ns1.google.com from com. or any changing to
ns1.google.com. How fast do other domain 's caching dns know these changing?
172800 or 345600 ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090117/bb738a49/attachment.html>