Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Does authoritative DNS servers have caches like resolvers?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Does authoritative DNS servers have caches like resolvers?

umiumi Member
edited July 21 in Help

I need to detect an ip address change for a domain name asap. Does asking authoritative nameservers directly let's say every 10 seconds allows me to detect new ip that has changed within those 10 seconds? Or it depends on software of any given nameserver...
Thanks!

Comments

  • SplitIceSplitIce Member, Provider

    Not usually (and if so normally invalidated on change / reload). But packets caches are possible.

    Thanked by 1umi
    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in the Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • umiumi Member
    edited July 21

    Thank you for the hint! I guess changing of a record should invalidate it's caches right away. But in case of big cluster setup it will add some delays.
    From pdns docs:
    PowerDNS caches entire packets it sends out so as to save the time to query backends to assemble all data. The default setting of 20 seconds may be low for high traffic sites, a value of 60 seconds rarely leads to problems. Please be aware that if any TTL in the answer is shorter than this setting, the packet cache will respect the answer’s shortest TTL.

  • SplitIceSplitIce Member, Provider

    @umi that's exactly the packet cache I was thinking of too.

    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in the Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • cochoncochon Member

    @umi said:
    Does asking authoritative nameservers directly let's say every 10 seconds allows me to detect new ip that has changed within those 10 seconds?

    Don't forget to consider any AXFR delay between the primary, where the change is made, and the secondaries, all of which are authoritative.

    Assuming it's third parties making the changes you need to detect, their SOA may not accurately reflect the primary, or the primary might be inaccessible to you. 10 seconds will be tight for many setups.

    Thanked by 1umi
  • JarryJarry Member

    @umi said:
    I need to detect an ip address change for a domain name asap. Does asking authoritative nameservers directly let's say every 10 seconds allows me to detect new ip that has changed within those 10 seconds? Or it depends on software of any given nameserver...
    Thanks!

    And do you do resolving on your own (starting from root-servers, asking for tld-ns, then asking tld-ns for 2nd level ns, etc)? That's very rare these days and unless you have your own recursive and non-forwarding dn-server nearly impossible. Mostly some public-resolvers are used (google, opendns, etc) and those are asking authoritative dn-servers and have their own cache.

    You can affect caching of your authoritative dn-server answers by settings low TTA in SOA-record (iirc, default is some 30min, other dn-resolvers should respect it). But setting this value very low can put quite high stress on dn-server...

  • umiumi Member

    Yep, the very design of a DNS gives plenty of space for uncertainty.

  • @umi said: Does asking authoritative nameservers directly let's say every 10 seconds allows me to detect new ip that has changed within those 10 seconds?

    Yep this should do it but they might ban you if you overdo it.

Sign In or Register to comment.