Primary and secondary NS on dynamic IP adsl?
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jun 11 20:17:45 UTC 2001
willykk at my-deja.com wrote:
> Hi Kevin,
>
> This is easy to say, when you are on a resourceful company like
> daimlerchrysler.com :-)
>
> What I have is what I can afford, and I am only learning how dns/bind
> works. In any case, this wouldn't be serving a high-traffic domain.
> I'd be lucky if I get more than 100 hits A DAY.
>
> Just technically speaking, would this possible or not?. BTW: you
> mention low TTL values... there was a time in the not-so-early days of
> the Net (94/96) when many dialup modems were still at 14400/28800 bps,
> and many internet hosts (even small ISPs!) were still on 128 to 256k
> links. And it all worked. What were the usual DNS response times back
> then?
It's not a matter of response time, it's a matter of staleness. If your TTL values are
relatively normal and the address of your server changes, then it'll take a while for the old
cache entries to be replaced and for clients to be able to connect to your server. Not only
that, but there is a security exposure here also: in the interim, clients may connect to
somebody *else's* server, whomever got your old address, and they could steal passwords, etc.
The only "solution" to this staleness problem is to lower the TTL values on your records to
ridiculously-low values. "Back in the day" there never was such a thing as a
dynamically-assigned address, so this was never necessary. The whole caching model of DNS is
based on relatively-high TTL values. Reducing them to low values breaks that model.
> Or are you telling me that all dns servers have always been on T1s?
No, but they have traditionally had static addresses. Again, it's a staleness issue, not a
bandwidth or latency issue. And, by the way, lowering your TTLs to very low values will
*increase* your DNS traffic. It never would have been feasible/acceptable "back in the day".
- Kevin
> Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<9frmgv$rmr at pub3.rc.vix.com>...
>
> > Don't do it. Your only way to make this work anywhere near reliably is to
> > reduce the TTL values on your records to unacceptably-low values, thus
> > making other nameservers all over the Net overwork to resolve names in
> > your domain. This is a rude and anti-social thing to do.
More information about the bind-users
mailing list