Re: how to relocate servers transparently
On Jun 20, 2004, at 9:19 AM, Fraser Campbell wrote:
On June 18, 2004 12:49 am, Nate Duehr wrote:
No, this isn't right. You must lower the TTL time at a bare minimum
(Current TTL) ahead of time. Why? Because nameservers out in the
world will not even query your nameservers again until the TTL has
expired, meaning that if you change it today, the FIRST time another
nameserver that has already cached your records will ask for it again
after the *current* TTL expires. Now take the case where one
is a forwarder for another (rare, but there are environments where
needed) and the one behind the forwarder could take up to 2 * TTL to
come ask for new information.
Can you explain that a little further? If my nameserver caches a
TTL 86400, and someone asks for it again an hour later I hand them the
from my cache using TTL 82800 (not 86400). This is certainly what
if other caching nameservers do it differently then it's a bug IMHO.
No that's correct, but if you look at the descriptions originally given
the posters were saying that as soon as the main nameserver is changed
the changes show up at the nameservers that have cached the records.
That's not true. Here's an example:
Let's say the original poster changed that record you are talking about
above... your nameserver would continue to hand out the old record
until the TTL expired.
Now let's say you're talking about a large company where they have
implemented DNS forwarders or an internal and external environment
where the internal DNS server forwards queries to a specific server or
group of servers in their DMZ.
Now that far internal server will have its own cache also. So the TTL
has to expire on the internal server, the machine in the DMZ and only
THEN will it ever query the master again.
Of course, the way around this is to get the clients to go to a
completely new name that never existed before -- then no one has it
cached and they *must* come to the authoritative server(s).
I would be very surprised if it is different when DNS queries are being
forward from one DNS server to another. Or did you mean something
I was specifically speaking about the "forwarders" configuration in
named.conf. It is used (rarely, but is used) by some large
organizations for the purposes mentioned above.
So you're correct, in most cases it won't happen -- but there are
people out there with some very deep DNS server cascading.
Nate Duehr, email@example.com