New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Does authoritative DNS servers have caches like resolvers?
I need to detect an ip address change for a domain name asap. Does asking authoritative nameservers directly let's say every 10 seconds allows me to detect new ip that has changed within those 10 seconds? Or it depends on software of any given nameserver...
Thanks!
Comments
Not usually (and if so normally invalidated on change / reload). But packets caches are possible.
Thank you for the hint! I guess changing of a record should invalidate it's caches right away. But in case of big cluster setup it will add some delays.
From pdns docs:
PowerDNS caches entire packets it sends out so as to save the time to query backends to assemble all data. The default setting of 20 seconds may be low for high traffic sites, a value of 60 seconds rarely leads to problems. Please be aware that if any TTL in the answer is shorter than this setting, the packet cache will respect the answer’s shortest TTL.
@umi that's exactly the packet cache I was thinking of too.
Don't forget to consider any AXFR delay between the primary, where the change is made, and the secondaries, all of which are authoritative.
Assuming it's third parties making the changes you need to detect, their SOA may not accurately reflect the primary, or the primary might be inaccessible to you. 10 seconds will be tight for many setups.
And do you do resolving on your own (starting from root-servers, asking for tld-ns, then asking tld-ns for 2nd level ns, etc)? That's very rare these days and unless you have your own recursive and non-forwarding dn-server nearly impossible. Mostly some public-resolvers are used (google, opendns, etc) and those are asking authoritative dn-servers and have their own cache.
You can affect caching of your authoritative dn-server answers by settings low TTA in SOA-record (iirc, default is some 30min, other dn-resolvers should respect it). But setting this value very low can put quite high stress on dn-server...
Yep, the very design of a DNS gives plenty of space for uncertainty.
Yep this should do it but they might ban you if you overdo it.