Speeding up DNS change propagation

Alan Clegg alan at clegg.com
Fri Sep 18 21:19:27 UTC 2015 

Remember, however, that if you are clearing YOUR caches by restarting,
everyone else around the world is still seeing the data with the
original TTL still "in place".

The right thing to do is to lower the TTL on the auth servers to an
acceptable "outage" value before you make the change, wait for the
original TTL to expire (removing the data from the caches around the
world and replacing with your new, lower value), make the change, and
then when everything is working correctly, raise the TTL back to your
original value.

On 9/18/15 3:46 PM, Danny Sinang wrote:
> Ah, many thanks ! :)
> 
> On Fri, Sep 18, 2015 at 3:37 PM, John Miller <johnmill at brandeis.edu
> <mailto:johnmill at brandeis.edu>> wrote:
> 
>     The .com nameservers don't know anything about ftp.example.com
>     <http://ftp.example.com>; they
>     just know the nameservers for example.com <http://example.com>.  So
>     have no fear -- BIND
>     will not cache an upstream response for ftp.example.com
>     <http://ftp.example.com>: you'll only
>     hear about ftp.example.com <http://ftp.example.com> from the
>     example.com <http://example.com> nameservers.
> 
>     Pretty much all upstream nameservers: root NSs, .com NSs,
>     example.com <http://example.com>
>     NSs--are authoritative-only.  They don't cache or offer cached
>     responses.  (Not 100% accurate, but nearly always so.)
> 
>     John
> 
>     On Fri, Sep 18, 2015 at 2:58 PM, Danny Sinang <d.sinang at gmail.com
>     <mailto:d.sinang at gmail.com>> wrote:
>     > As a follow-up to your answer for question #2, after my clearing
>     the cache
>     > or restarting BIND, won't BIND find an old cache of
>     "ftp.example.com <http://ftp.example.com>" in the
>     > ".com" top level DNS server ?
>     >
>     > Regards,
>     > Danny
>     >
>     > On Fri, Sep 18, 2015 at 2:51 PM, John Miller
>     <johnmill at brandeis.edu <mailto:johnmill at brandeis.edu>> wrote:
>     >>
>     >> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang <d.sinang at gmail.com
>     <mailto:d.sinang at gmail.com>> wrote:
>     >> > Hi,
>     >> >
>     >> > Our vendor is changing their FTP server's IP address tomorrow.
>     >> >
>     >> > 1. How can I tell how long their DNS change will propagate to us ?
>     >>
>     >> Whatever TTL you have cached when the vendor makes the switch is how
>     >> long it'll take for your caching servers to pick up the change.
>     >>
>     >> >      a. Do I just run dig a "ftp.example.com
>     <http://ftp.example.com>" and look for the TTL for
>     >> > that
>     >> > DNS entry ?
>     >> >      b. Every time I run that command, the TTL is shrinking.
>     How do I
>     >> > find
>     >> > out the full TTL for it ?
>     >>
>     >> If you want to know the full TTL, ask the company's NSs directly -
>     >> authoritative servers only give out the full TTL.
>     >>
>     >> > 2. Can I just restart BIND tomorrow to clear its cache and
>     force it to
>     >> > query
>     >> > the "example.com <http://example.com>" name server for
>     "ftp.example.com <http://ftp.example.com>" (so as not to wait
>     >> > for
>     >> > the propagation to reach us) ?
>     >>
>     >> Sure can.  Depending on your BIND version, you can also run rndc
>     >> flushname <name> and it'll clear just that name from your cache.
>     >>
>     >> If the TTL is very long, don't forget about client-side caching as
>     >> well.  Windows and OS X cache DNS lookups by default.
>     >>
>     >> John
>     >> _______________________________________________
>     >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>     >> unsubscribe from this list
>     >>
>     >> bind-users mailing list
>     >> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     >> https://lists.isc.org/mailman/listinfo/bind-users
>     >
>     >
> 
> 
> 
>     --
>     John Miller
>     Systems Engineer
>     Brandeis University
>     johnmill at brandeis.edu <mailto:johnmill at brandeis.edu>
>     (781) 736-4619 <tel:%28781%29%20736-4619>
>     _______________________________________________
>     Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>     unsubscribe from this list
> 
>     bind-users mailing list
>     bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-- 
When I do still catch the odd glimpse, it's peripheral; mere fragments
of mad-doctor chrome, confining themselves to the corner of the eye.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 561 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150918/570eb7fe/attachment.bin>

More information about the bind-users mailing list