On Mon, Sep 01, 2003 at 03:13:01PM +0000, Shane Hollis wrote:
> > I think you've got yourself all confused, since location has no bearing
> > whatsoever on how fast or slow DNS changes take effect...
> Yes it does ... the more 'authorative' a dns server the more 'non-authorative'
> DNs servers it affects. I explain it more fully in another email.
Er, No, it does not. you were talking about location in the geographical
sense.
Fact 1) DNS servers are either authoritative, or not. there is no grey.
> At the risk of repeating myself. .... If I change a DNS entry on a server in
> my bedroom that affects my domain then the change has to go to another dNS
> upstream of me ( maybe my ISP ) then that pushes changes upstream ... until
> eventually it hits someone upstream of your ISP (maybe Waikato) who then
> tells your isp who then tells you. If I had told the DNS at Waikato then you
> would have known faster than me teling my server, or isp or their isp.
No. DNS does not work like that.
if you change the DNS entry in your bedroom, as long as it's authoritative
for the domain, the changes are in effect immediately for all hosts that
have never asked you for a record. (or that have, but the TTL has expired)
For all other hosts, that have you cached, they're inaccurate for a maximum
time of the TTL. that's it.
Now, the only hosts that will query old data, are the ones that ask a server
that already have you cached. and they'll get the TTL that the server got,
so from the time you make the change, you only have to wait the TTL length
for things to be 'updated' everywhere.
> Here is a table of two changes possibilities. I will assume a change time of 1
> hour for refreshing cahes on all machines. I will also asume a worst case
> senario where every downstram server queries an upstream server one minute
> before the upstream server refreshs its cache. Change time is 00:00 hours.
Again, DNS does not work like this. TTL's are passed. eg:
work machine, I query for www.sco.com so the Uni servers cache it:
[EMAIL PROTECTED]:~> host -vvv www.sco.com
Trying "www.sco.com"
[snip]
;; ANSWER SECTION:
www.sco.com. 60 IN A 216.250.140.112
the TTL is 60 seconds (it apparently has a really short TTL - *shrug*)
before doing this, I pointed my home name servers at the work ones, and
restarted bind. same query at home (this is the first query):
[EMAIL PROTECTED]:~> host -vvvv www.sco.com
[snip]
Query about www.sco.com for record types A
Trying www.sco.com ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
www.sco.com 44 IN A 216.250.140.112
note the 'is not authoritative' - that is because the Uni server gave me the
cached answer, and they do not know if that's still correct.
This voids your argument about Me, You, W, and some 1's and 2's, so:
[snip]
> In routing terms you normally push a change to the most authorative server
> first and let it filter down from there. If I want to start a rumour I don't
> tell Mary Hide at home, I tell Paul I'll broadcast this crud to everyone
> Holmes. Same way, if I want to make routing changes or major, world wide
> effective DNS changes start in the most authorative place I can ... for me
> this would possibly be Pacfic ARIN type server or the US depending on what it
> caches and how quickly I want changes to replicate.
That's a load of rot. If you want to tell the world, you change the
authoritative servers, which, by the way, is the only way to change a DNS
entry.... anyway, these authoritative dns servers are the ones listed in a
WHOIS record, which are the records stored on the relevant root servers. (or
ccTLD servers)
> The other factor in all this is the stability and up time of the network ...
> the backbone in the US is always up (comparitively), collects more traffic
> and is faster. There are more users in the US and more important servers
> there. Same thing as spreading the plague. Better off to do it in a crowded
> mall in a large density population of a huge city with excellent communting
> and many connections than in the corner dairy on Goslow Street, Brunner.
Nope, sorry, still wrong. I strongly suggest you go and read some RFC's, and
perhaps read some books.
Your understanding of how DNS works is severely flawed. *PLEASE* go and do
some research, since it appears you run some DNS servers for some largeish
companies.
> Hope this clarifies things...
Not really. it helps shed some light on why you made the comment on which I
originally pointed out.
Mike.
--
Mike Beattie <[EMAIL PROTECTED]> ZL4TXK, IRLP Node 6184
Contentsofsignaturemaysettleduringshipping.
