Remember, however, that if you are clearing YOUR caches by restarting, everyone else around the world is still seeing the data with the original TTL still "in place".
The right thing to do is to lower the TTL on the auth servers to an acceptable "outage" value before you make the change, wait for the original TTL to expire (removing the data from the caches around the world and replacing with your new, lower value), make the change, and then when everything is working correctly, raise the TTL back to your original value. On 9/18/15 3:46 PM, Danny Sinang wrote: > Ah, many thanks ! :) > > On Fri, Sep 18, 2015 at 3:37 PM, John Miller <johnm...@brandeis.edu > <mailto:johnm...@brandeis.edu>> wrote: > > The .com nameservers don't know anything about ftp.example.com > <http://ftp.example.com>; they > just know the nameservers for example.com <http://example.com>. So > have no fear -- BIND > will not cache an upstream response for ftp.example.com > <http://ftp.example.com>: you'll only > hear about ftp.example.com <http://ftp.example.com> from the > example.com <http://example.com> nameservers. > > Pretty much all upstream nameservers: root NSs, .com NSs, > example.com <http://example.com> > NSs--are authoritative-only. They don't cache or offer cached > responses. (Not 100% accurate, but nearly always so.) > > John > > On Fri, Sep 18, 2015 at 2:58 PM, Danny Sinang <d.sin...@gmail.com > <mailto:d.sin...@gmail.com>> wrote: > > As a follow-up to your answer for question #2, after my clearing > the cache > > or restarting BIND, won't BIND find an old cache of > "ftp.example.com <http://ftp.example.com>" in the > > ".com" top level DNS server ? > > > > Regards, > > Danny > > > > On Fri, Sep 18, 2015 at 2:51 PM, John Miller > <johnm...@brandeis.edu <mailto:johnm...@brandeis.edu>> wrote: > >> > >> On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang <d.sin...@gmail.com > <mailto:d.sin...@gmail.com>> wrote: > >> > Hi, > >> > > >> > Our vendor is changing their FTP server's IP address tomorrow. > >> > > >> > 1. How can I tell how long their DNS change will propagate to us ? > >> > >> Whatever TTL you have cached when the vendor makes the switch is how > >> long it'll take for your caching servers to pick up the change. > >> > >> > a. Do I just run dig a "ftp.example.com > <http://ftp.example.com>" and look for the TTL for > >> > that > >> > DNS entry ? > >> > b. Every time I run that command, the TTL is shrinking. > How do I > >> > find > >> > out the full TTL for it ? > >> > >> If you want to know the full TTL, ask the company's NSs directly - > >> authoritative servers only give out the full TTL. > >> > >> > 2. Can I just restart BIND tomorrow to clear its cache and > force it to > >> > query > >> > the "example.com <http://example.com>" name server for > "ftp.example.com <http://ftp.example.com>" (so as not to wait > >> > for > >> > the propagation to reach us) ? > >> > >> Sure can. Depending on your BIND version, you can also run rndc > >> flushname <name> and it'll clear just that name from your cache. > >> > >> If the TTL is very long, don't forget about client-side caching as > >> well. Windows and OS X cache DNS lookups by default. > >> > >> John > >> _______________________________________________ > >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to > >> unsubscribe from this list > >> > >> bind-users mailing list > >> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > >> https://lists.isc.org/mailman/listinfo/bind-users > > > > > > > > -- > John Miller > Systems Engineer > Brandeis University > johnm...@brandeis.edu <mailto:johnm...@brandeis.edu> > (781) 736-4619 <tel:%28781%29%20736-4619> > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/bind-users > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- When I do still catch the odd glimpse, it's peripheral; mere fragments of mad-doctor chrome, confining themselves to the corner of the eye.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
