-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 1 Sep 2003, Shane Hollis wrote:
> On Mon, 01 Sep 2003 05:50, you wrote:
> > Your understanding of how DNS works is severely flawed. *PLEASE* go and do
> > some research, since it appears you run some DNS servers for some largeish
> > companies.
> Nope I don't and I never claimed to.
> > > Hope this clarifies things...
> > Not really. it helps shed some light on why you made the comment on which I
> > originally pointed out.
>
> all I orignally said was ...
> I use a redirector for my domain. It is based in the states, closer to the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> central DNS servers so changes get sent out pretty quickly.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Underlined, this assertion is wrong.
The changes get sent out quickly in your redirector case because their TTL
is 60 seconds (as noted by someone else), and have nothing to do with
their location.
Your understanding of the DNS is painfully wrong. The word
"propogation" is probably even the wrong way to describe how changes in
the DNS get updated, but it's the term most commonly used.
If a server is authorative, it is _always_ queried directly if there is no
entry currently cached by the nameserver querying it. Typically, this will
be your ISPs nameserver, or another caching nameserver. They are required
by RFCs to only cache answers to the lngth of time the TTL allows, after
thet they _must_ query an authorative server again.
To go back to one of your examples, if you have an _authorative_ server on
your desk, which is listed as authorative for the domain, then those
changes will be visible to the _entire_ Internet in no longer than the TTL
of the entry changed. New entries aren't cached, and therefore will be
visible to the _entire_ Internet more or less instantly.
There is no other circumstance under which you can "change something on
your desk" and have those changes reflected _anywhere_ on the rest
of the Internet unless your server is authorative. (There is one
exception, but it would result in it only being visible to clients trying
to use a DNS server as a proxy/cache, and it would not propogate to
anyone else ever.)
> I have however seen lookups go to sludge because of caches, proxy servers etc.
> I have had the head banging frustrations of not being able to get to a
> server, despite knowing its name after an ip change because of caches in
> ISP's and places like that. DNS does work the way you say in theory, in
> practice it doesn't always coz those implementing it do use proxy caches and
> things they shouldn't and the only way to get those changed is to have them
> refreshed( either by pushing a change or waiting till they do some ip pulls).
Waaaaiiit a minute. There is a _vast_ difference between the way the DNS
works, and how some random service on top of it (eg, an HTTP
cache) works. DNS queries on a HTTP cache are only invoked when the
cached _HTTP_ object expires and the cache must re-fetch it.
This has _nothing_ to do with the DNS in that case, it has to do with what
expiry and revalidation information is on the HTTP response, as well as
the configuration of the HTTP Proxy.
- --
David Zanetti | (__)
#include <geek/unix.h> | ( oo Mooooooo
http://hairy.geek.nz/ | /(_O ./
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE/Uz/WT21+qRy4P+QRApmeAJ0Xabd5XTp3z+642iQwoxtDQsUX4QCggeMk
U9Q3DSKezTISdk8qu2GBMf4=
=CWvl
-----END PGP SIGNATURE-----
