Monday, March 09, 2009

Never use DNS TTL of zero (0)

Huh! I didn't know DNS TTL of 0 would create a problem.

Begin forwarded message:

> From: John Orthoefer <jco@direwolf.com>
> Date: February 7, 2009 8:23:16 AM EST
> To: Marco Marongiu <brontolinux@gmail.com>
> Cc: sage-members@sage.org
> Subject: Re: [SAGE] DNS TTL question
>
> The only TTL value that is bad, is zero. When I was at Genuity we
> had Cisco Distributed Director (Which tried to give you the
> "closest" active server to you, where closest had a lot of different
> metrics.) At any rate, by default it gave out TTLs of zero, meaning
> don't cache. But it seems different servers had different ideas
> about what TTL of zero means (worst was Microsoft's DNS server,
> which apparently thought zero meant don't give this out as this
> answer is expired.) However, 1 was fine. It would pass the answer
> to the client and then promptly forget the answer.
>
> As I recall some brand of DNS server also thought zero means NEVER
> expire.
>
> Most DNS caches have a way to set minimum/maxium TTLs. And there
> is nothing you can do about that. You are telling them how long to
> cache the answer with the TTL. And if people/servers don't listen
> really nothing you can do about.
>
> To echo what others are saying. I typically set the TTL down
> 300/600 when I want things to expire fast. Just remember to do it
> well ahead of If you TTL is set to 3 days, and you set it down to
> 600s an hour before the move, you still have people who 71hours left
> on the old records.
>
> A good example is like www.microsoft.com, which uses Akamai. Which
> uses something akin to Cisco DD to direct you to the nearest cache.
>
> ;; ANSWER SECTION:
> www.microsoft.com. 3600 IN CNAME toggle.www.ms.akadns.net.
> toggle.www.ms.akadns.net. 300 IN CNAME g.www.ms.akadns.net.
> g.www.ms.akadns.net. 300 IN CNAME lb1.www.ms.akadns.net.
> lb1.www.ms.akadns.net. 300 IN A 65.55.21.250
>
> My advice use 300/600.
>
> johno

No comments: