Re: Speeding up DNS change propagation

2015-09-18 Thread Alan Clegg 
Remember, however, that if you are clearing YOUR caches by restarting,
everyone else around the world is still seeing the data with the
original TTL still "in place".

The right thing to do is to lower the TTL on the auth servers to an
acceptable "outage" value before you make the change, wait for the
original TTL to expire (removing the data from the caches around the
world and replacing with your new, lower value), make the change, and
then when everything is working correctly, raise the TTL back to your
original value.

On 9/18/15 3:46 PM, Danny Sinang wrote:
> Ah, many thanks ! :)
> 
> On Fri, Sep 18, 2015 at 3:37 PM, John Miller  > wrote:
> 
> The .com nameservers don't know anything about ftp.example.com
> ; they
> just know the nameservers for example.com .  So
> have no fear -- BIND
> will not cache an upstream response for ftp.example.com
> : you'll only
> hear about ftp.example.com  from the
> example.com  nameservers.
> 
> Pretty much all upstream nameservers: root NSs, .com NSs,
> example.com 
> NSs--are authoritative-only.  They don't cache or offer cached
> responses.  (Not 100% accurate, but nearly always so.)
> 
> John
> 
> On Fri, Sep 18, 2015 at 2:58 PM, Danny Sinang  > wrote:
> > As a follow-up to your answer for question #2, after my clearing
> the cache
> > or restarting BIND, won't BIND find an old cache of
> "ftp.example.com " in the
> > ".com" top level DNS server ?
> >
> > Regards,
> > Danny
> >
> > On Fri, Sep 18, 2015 at 2:51 PM, John Miller
> mailto:johnm...@brandeis.edu>> wrote:
> >>
> >> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang  > wrote:
> >> > Hi,
> >> >
> >> > Our vendor is changing their FTP server's IP address tomorrow.
> >> >
> >> > 1. How can I tell how long their DNS change will propagate to us ?
> >>
> >> Whatever TTL you have cached when the vendor makes the switch is how
> >> long it'll take for your caching servers to pick up the change.
> >>
> >> >  a. Do I just run dig a "ftp.example.com
> " and look for the TTL for
> >> > that
> >> > DNS entry ?
> >> >  b. Every time I run that command, the TTL is shrinking.
> How do I
> >> > find
> >> > out the full TTL for it ?
> >>
> >> If you want to know the full TTL, ask the company's NSs directly -
> >> authoritative servers only give out the full TTL.
> >>
> >> > 2. Can I just restart BIND tomorrow to clear its cache and
> force it to
> >> > query
> >> > the "example.com " name server for
> "ftp.example.com " (so as not to wait
> >> > for
> >> > the propagation to reach us) ?
> >>
> >> Sure can.  Depending on your BIND version, you can also run rndc
> >> flushname  and it'll clear just that name from your cache.
> >>
> >> If the TTL is very long, don't forget about client-side caching as
> >> well.  Windows and OS X cache DNS lookups by default.
> >>
> >> John
> >> ___
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> >> unsubscribe from this list
> >>
> >> bind-users mailing list
> >> bind-users@lists.isc.org 
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> 
> 
> 
> --
> John Miller
> Systems Engineer
> Brandeis University
> johnm...@brandeis.edu 
> (781) 736-4619 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-- 
When I do still catch the odd glimpse, it's peripheral; mere fragments
of mad-doctor chrome, confining themselves to the corner of the eye.



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Speeding up DNS change propagation

2015-09-18 Thread Bob Harold 
On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang  wrote:

> Hi,
>
> Our vendor is changing their FTP server's IP address tomorrow.
>
> 1. How can I tell how long their DNS change will propagate to us ?
>
>  a. Do I just run dig a "ftp.example.com" and look for the TTL for
> that DNS entry ?
>  b. Every time I run that command, the TTL is shrinking. How do I find
> out the full TTL for it ?
>
> 2. Can I just restart BIND tomorrow to clear its cache and force it to
> query the "example.com" name server for "ftp.example.com" (so as not to
> wait for the propagation to reach us) ?
>
>  - BIND is not set up to be a Forwarding Server
>
> Regards,
> Danny
>

If the vendor would change the TTL on that DNS record to something short
(like 5 minutes?  'short' is a relative term) ahead of time (by at least
the current TTL), then the change would reach all users quickly, without
you or anyone else having to do any work.  Once everything is verified
working (could wait for the next business day), then the TTL can be changed
back to 'normal'.  This also helps them to be able to recover quickly if
something goes wrong.

-- 
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Speeding up DNS change propagation

2015-09-18 Thread Danny Sinang 
Ah, many thanks ! :)

On Fri, Sep 18, 2015 at 3:37 PM, John Miller  wrote:

> The .com nameservers don't know anything about ftp.example.com; they
> just know the nameservers for example.com.  So have no fear -- BIND
> will not cache an upstream response for ftp.example.com: you'll only
> hear about ftp.example.com from the example.com nameservers.
>
> Pretty much all upstream nameservers: root NSs, .com NSs, example.com
> NSs--are authoritative-only.  They don't cache or offer cached
> responses.  (Not 100% accurate, but nearly always so.)
>
> John
>
> On Fri, Sep 18, 2015 at 2:58 PM, Danny Sinang  wrote:
> > As a follow-up to your answer for question #2, after my clearing the
> cache
> > or restarting BIND, won't BIND find an old cache of "ftp.example.com"
> in the
> > ".com" top level DNS server ?
> >
> > Regards,
> > Danny
> >
> > On Fri, Sep 18, 2015 at 2:51 PM, John Miller 
> wrote:
> >>
> >> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang 
> wrote:
> >> > Hi,
> >> >
> >> > Our vendor is changing their FTP server's IP address tomorrow.
> >> >
> >> > 1. How can I tell how long their DNS change will propagate to us ?
> >>
> >> Whatever TTL you have cached when the vendor makes the switch is how
> >> long it'll take for your caching servers to pick up the change.
> >>
> >> >  a. Do I just run dig a "ftp.example.com" and look for the TTL
> for
> >> > that
> >> > DNS entry ?
> >> >  b. Every time I run that command, the TTL is shrinking. How do I
> >> > find
> >> > out the full TTL for it ?
> >>
> >> If you want to know the full TTL, ask the company's NSs directly -
> >> authoritative servers only give out the full TTL.
> >>
> >> > 2. Can I just restart BIND tomorrow to clear its cache and force it to
> >> > query
> >> > the "example.com" name server for "ftp.example.com" (so as not to
> wait
> >> > for
> >> > the propagation to reach us) ?
> >>
> >> Sure can.  Depending on your BIND version, you can also run rndc
> >> flushname  and it'll clear just that name from your cache.
> >>
> >> If the TTL is very long, don't forget about client-side caching as
> >> well.  Windows and OS X cache DNS lookups by default.
> >>
> >> John
> >> ___
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> >> unsubscribe from this list
> >>
> >> bind-users mailing list
> >> bind-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
>
>
>
> --
> John Miller
> Systems Engineer
> Brandeis University
> johnm...@brandeis.edu
> (781) 736-4619
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Speeding up DNS change propagation

2015-09-18 Thread John Miller 
The .com nameservers don't know anything about ftp.example.com; they
just know the nameservers for example.com.  So have no fear -- BIND
will not cache an upstream response for ftp.example.com: you'll only
hear about ftp.example.com from the example.com nameservers.

Pretty much all upstream nameservers: root NSs, .com NSs, example.com
NSs--are authoritative-only.  They don't cache or offer cached
responses.  (Not 100% accurate, but nearly always so.)

John

On Fri, Sep 18, 2015 at 2:58 PM, Danny Sinang  wrote:
> As a follow-up to your answer for question #2, after my clearing the cache
> or restarting BIND, won't BIND find an old cache of "ftp.example.com" in the
> ".com" top level DNS server ?
>
> Regards,
> Danny
>
> On Fri, Sep 18, 2015 at 2:51 PM, John Miller  wrote:
>>
>> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang  wrote:
>> > Hi,
>> >
>> > Our vendor is changing their FTP server's IP address tomorrow.
>> >
>> > 1. How can I tell how long their DNS change will propagate to us ?
>>
>> Whatever TTL you have cached when the vendor makes the switch is how
>> long it'll take for your caching servers to pick up the change.
>>
>> >  a. Do I just run dig a "ftp.example.com" and look for the TTL for
>> > that
>> > DNS entry ?
>> >  b. Every time I run that command, the TTL is shrinking. How do I
>> > find
>> > out the full TTL for it ?
>>
>> If you want to know the full TTL, ask the company's NSs directly -
>> authoritative servers only give out the full TTL.
>>
>> > 2. Can I just restart BIND tomorrow to clear its cache and force it to
>> > query
>> > the "example.com" name server for "ftp.example.com" (so as not to wait
>> > for
>> > the propagation to reach us) ?
>>
>> Sure can.  Depending on your BIND version, you can also run rndc
>> flushname  and it'll clear just that name from your cache.
>>
>> If the TTL is very long, don't forget about client-side caching as
>> well.  Windows and OS X cache DNS lookups by default.
>>
>> John
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>



-- 
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Speeding up DNS change propagation

2015-09-18 Thread Danny Sinang 
As a follow-up to your answer for question #2, after my clearing the cache
or restarting BIND, won't BIND find an old cache of "ftp.example.com" in
the ".com" top level DNS server ?

Regards,
Danny

On Fri, Sep 18, 2015 at 2:51 PM, John Miller  wrote:

> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang  wrote:
> > Hi,
> >
> > Our vendor is changing their FTP server's IP address tomorrow.
> >
> > 1. How can I tell how long their DNS change will propagate to us ?
>
> Whatever TTL you have cached when the vendor makes the switch is how
> long it'll take for your caching servers to pick up the change.
>
> >  a. Do I just run dig a "ftp.example.com" and look for the TTL for
> that
> > DNS entry ?
> >  b. Every time I run that command, the TTL is shrinking. How do I
> find
> > out the full TTL for it ?
>
> If you want to know the full TTL, ask the company's NSs directly -
> authoritative servers only give out the full TTL.
>
> > 2. Can I just restart BIND tomorrow to clear its cache and force it to
> query
> > the "example.com" name server for "ftp.example.com" (so as not to wait
> for
> > the propagation to reach us) ?
>
> Sure can.  Depending on your BIND version, you can also run rndc
> flushname  and it'll clear just that name from your cache.
>
> If the TTL is very long, don't forget about client-side caching as
> well.  Windows and OS X cache DNS lookups by default.
>
> John
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Speeding up DNS change propagation

2015-09-18 Thread John Miller 
On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang  wrote:
> Hi,
>
> Our vendor is changing their FTP server's IP address tomorrow.
>
> 1. How can I tell how long their DNS change will propagate to us ?

Whatever TTL you have cached when the vendor makes the switch is how
long it'll take for your caching servers to pick up the change.

>  a. Do I just run dig a "ftp.example.com" and look for the TTL for that
> DNS entry ?
>  b. Every time I run that command, the TTL is shrinking. How do I find
> out the full TTL for it ?

If you want to know the full TTL, ask the company's NSs directly -
authoritative servers only give out the full TTL.

> 2. Can I just restart BIND tomorrow to clear its cache and force it to query
> the "example.com" name server for "ftp.example.com" (so as not to wait for
> the propagation to reach us) ?

Sure can.  Depending on your BIND version, you can also run rndc
flushname  and it'll clear just that name from your cache.

If the TTL is very long, don't forget about client-side caching as
well.  Windows and OS X cache DNS lookups by default.

John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Speeding up DNS change propagation

2015-09-18 Thread Danny Sinang 
Hi,

Our vendor is changing their FTP server's IP address tomorrow.

1. How can I tell how long their DNS change will propagate to us ?

 a. Do I just run dig a "ftp.example.com" and look for the TTL for that
DNS entry ?
 b. Every time I run that command, the TTL is shrinking. How do I find
out the full TTL for it ?

2. Can I just restart BIND tomorrow to clear its cache and force it to
query the "example.com" name server for "ftp.example.com" (so as not to
wait for the propagation to reach us) ?

 - BIND is not set up to be a Forwarding Server

Regards,
Danny
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users