Moving DNS out of non-cooperative provider

Barry Margolin barmar at alum.mit.edu
Tue Jun 19 03:18:04 UTC 2012


In article <mailman.1066.1340036045.63724.bind-users at lists.isc.org>,
 Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> On 18/06/12 16:49, Alexander Gurvitz wrote:
> 
> > with each query gets new NS record, and... refreshes the NS TTL ?
> 
> No, that's not how TTLs work. They always count down.

Didn't this used to be a problem?  When the caching server queries the 
cached nameservers, the response would include the old NS records in the 
Authority section.  The caching server would then replaced the cached NS 
records with these records, resetting the TTL to its full time.  As long 
as it continued performing queries against the old servers before the NS 
records timed out, the TTLs would keep getting reset, and never expire.

I remember many people having trouble trying to get everyone to follow 
their delegation changes when they changed DNS providers, and it was 
because the old provider didn't remove the zone from their servers.

Are recent versions of BIND better about this?  What about other caching 
DNS implementations?

-- 
Barry Margolin
Arlington, MA



More information about the bind-users mailing list