Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 952
  • Last Modified:

Lowest DNS TTL value

Dear chicacoan
      As per your advise ,
    1. "You query nameserver1 - it has no record - it looks up and gets the TTL from your zone record. If it's unreasonably small it SHOULD use it, it may not, but it probably will.
In 15 seconds it will be 15 seconds on that server, etc."

     Did you mean, It may be possible to define TTL equal to 15 seconds ? As I mentioned earlier, I tried 30 seconds, and sometimes I had 30 seconds set in my cache. After 30 secs has gone. I retrieved it again, and I showed records in my cache, it was turned into, for example, 86400.
     
    2. You said that the default resolver's cache on my labtop is equal to 86400, then the solution is to edit the registry. I can proceed it, however, what if there are hundred of users need that configuration ?

Best Regards.
0
sirator
Asked:
sirator
  • 4
  • 3
1 Solution
 
chicagoanCommented:
the users don't need the registry change - it was for diagnostic purposes

> Did you mean, It may be possible to define TTL equal to 15 seconds
You could set it to 0

What DNS software are you using?

0
 
siratorAuthor Commented:
SunOS ns1 5.9 Generic_112233-03 sun4u sparc SUNW,UltraAX-i2

I think it is BIND.

0
 
chicagoanCommented:
It's undoubetly BIND.
You can change the default TTL for the zone or that of a particular record.
After doing so you have to reload BIND for the change to take effect.
What exactly are you changing in the zone file and how are you querying?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
siratorAuthor Commented:
Let me explain again.

My dns primary server for suppose, domain "mycompany.com" and I configured this server to response to public query and private query.

       -  Assume that if any queries from when there is an activation of VPN across the internet They will be considered to be PRIVATE, then they will resolve "www.mycompany.com" with 10.1.1.1.

       - On the contrary, From PUBLIC, they will find "www.mycompany.com" with 202.1.1.1.
According to this, the reason I wish IS
       *** From the internet client, they can resolve "www.mycompany.com" to 202.1.1.1 ,,,, BUT in case if they applied VPN they will get 10.1.1.1"
       However, whenever they stopped using VPN, they have to be responsive with 202.1.1.1.   BUT thiis scenario wasn't be like this.    Since I observed from my cache with "ipconfig/displaydns" I observed that the TTL was 86400 even I have defined it in my primary with TTL value of 30 seconds.

      For this, I'm afraid that my internet users will also be affected as I encountered currently.

So, How to completely solve this ?


P.S. My client can be from anywhere and employing any Caching Only DNS Server.

Are you clear what I'm describing ??
0
 
chicagoanCommented:
>Are you clear what I'm describing ??
not to me
you are decribing 2 dns entries, one for 10.1.1.1 and one for 202.1.1.1
somewhere there has to be a non-caching dns server which has the zone records for these hosts

and i understand that if you resolve my.host.com and get a response of 10.1.1.1 it will be cached and if you subsequently disconnect from your VPN  you don't want that in your cache, so what server is resolving the 10.1.1.1 entry and what did you change in it's zone file?


0
 
siratorAuthor Commented:
Yes, that's right, After disconnect from VPN, Still , there is a cache of 10.1.1.1 in my notebook ( running "ipconfig/displaydns" and my notebook has win2000 server installed )

So, what's happen if there still be in my local cache is I can't connect to www.mycompany.com since there turned into the public.
One thing I have to do is I have to gain access to 202.1.1.1 not 10.1.1.1 after disconnect from Vpn.

So I modified TTL record of "mycompany.com" from a default 864000 to 30 seconds. Subsequently, I made a test by connecting to 3 ISPs and I observed that the TTL in my cache of hosts of "mycompany.com" domain was not 30 seconds.
0
 
chicagoanCommented:
do this:

NSLOOKUP

sever <put the name or address of the authoritative server for 10.1.1.1 here>

set debug

mycompany.com

and port the result

(edit sensitive into out)
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now