On Fri, Oct 08, 2004 at 05:08:45AM -0600, Nate Duehr wrote: > Juha-Matti Tapio wrote: > >On Thu, Oct 07, 2004 at 08:23:31PM -0600, Nate Duehr wrote: > > > >>Most people setting up round-robin DNS type setups for redundancy with > >>scripts to change things for failover get bit by these things: > > > >[...] > > > >>- They don't understand that there might be multiple DNS servers between > >>their top-level and the machine they're servicing (3X and 4X TTL) > > > > > >RFC 1035 specifies in chapter 6.1.3. that requests served from a cache > >should return a TTL which has been decremented by the amount of seconds > >in cache, i.e. the TTL "counts down" in the cache. > > > >Therefore I consider any caching nameservers that do not do this broken. > >Are there a significant amount of such servers out there? > > > >Though I agree on most of the other points. > > > Ahh... it's a trap. Think about this. > > 1 - Regular DNS server hosting "something.com" > 2 - ISP's caching nameserver > 3 - Your company's nameserver > 4 - A caching nameserver on your desktop machine > > Now... add in here that let's say your company AND your ISP intercept > all port 53 traffic and proxy all DNS requests through both of their > servers. Not super-common -- but there ARE organizations and ISP's out > there that do this for whatever convoluted security or other reasons. > > Depending on how the proxying is set up, each server can 100% implement > the RFC you mention and a change on server 1 to a record that's cached > on your local desktop machine's nameserver will take 3X TTL to show up > at your desktop!
Please provide a detailed description of how that is possible with RFC-compliant servers and caches. I really can't imagine that. AFAIK there is no other way for a record to have a remaining TTL of value "X" other than being served exactly X seconds earlier by an authorative nameserver. Any number of caching layers in between can't change this, unless there are relativistic effects involved :-P Or do I misunderstand the concept of TTL? (I.e TTL gets 'frozen' at some point.) Please note that I'm not saying that it is impossible in real world. I only claim that this is impossible with RFC-compliant servers and caches. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
