Solved

Lowest DNS TTL value

Posted on 2003-11-26
7
930 Views
Last Modified: 2008-03-06
Dear chicacoan
      As per your advise ,
    1. "You query nameserver1 - it has no record - it looks up and gets the TTL from your zone record. If it's unreasonably small it SHOULD use it, it may not, but it probably will.
In 15 seconds it will be 15 seconds on that server, etc."

     Did you mean, It may be possible to define TTL equal to 15 seconds ? As I mentioned earlier, I tried 30 seconds, and sometimes I had 30 seconds set in my cache. After 30 secs has gone. I retrieved it again, and I showed records in my cache, it was turned into, for example, 86400.
     
    2. You said that the default resolver's cache on my labtop is equal to 86400, then the solution is to edit the registry. I can proceed it, however, what if there are hundred of users need that configuration ?

Best Regards.
0
Comment
Question by:sirator
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
the users don't need the registry change - it was for diagnostic purposes

> Did you mean, It may be possible to define TTL equal to 15 seconds
You could set it to 0

What DNS software are you using?

0
 

Author Comment

by:sirator
Comment Utility
SunOS ns1 5.9 Generic_112233-03 sun4u sparc SUNW,UltraAX-i2

I think it is BIND.

0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
It's undoubetly BIND.
You can change the default TTL for the zone or that of a particular record.
After doing so you have to reload BIND for the change to take effect.
What exactly are you changing in the zone file and how are you querying?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:sirator
Comment Utility
Let me explain again.

My dns primary server for suppose, domain "mycompany.com" and I configured this server to response to public query and private query.

       -  Assume that if any queries from when there is an activation of VPN across the internet They will be considered to be PRIVATE, then they will resolve "www.mycompany.com" with 10.1.1.1.

       - On the contrary, From PUBLIC, they will find "www.mycompany.com" with 202.1.1.1.
According to this, the reason I wish IS
       *** From the internet client, they can resolve "www.mycompany.com" to 202.1.1.1 ,,,, BUT in case if they applied VPN they will get 10.1.1.1"
       However, whenever they stopped using VPN, they have to be responsive with 202.1.1.1.   BUT thiis scenario wasn't be like this.    Since I observed from my cache with "ipconfig/displaydns" I observed that the TTL was 86400 even I have defined it in my primary with TTL value of 30 seconds.

      For this, I'm afraid that my internet users will also be affected as I encountered currently.

So, How to completely solve this ?


P.S. My client can be from anywhere and employing any Caching Only DNS Server.

Are you clear what I'm describing ??
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 125 total points
Comment Utility
>Are you clear what I'm describing ??
not to me
you are decribing 2 dns entries, one for 10.1.1.1 and one for 202.1.1.1
somewhere there has to be a non-caching dns server which has the zone records for these hosts

and i understand that if you resolve my.host.com and get a response of 10.1.1.1 it will be cached and if you subsequently disconnect from your VPN  you don't want that in your cache, so what server is resolving the 10.1.1.1 entry and what did you change in it's zone file?


0
 

Author Comment

by:sirator
Comment Utility
Yes, that's right, After disconnect from VPN, Still , there is a cache of 10.1.1.1 in my notebook ( running "ipconfig/displaydns" and my notebook has win2000 server installed )

So, what's happen if there still be in my local cache is I can't connect to www.mycompany.com since there turned into the public.
One thing I have to do is I have to gain access to 202.1.1.1 not 10.1.1.1 after disconnect from Vpn.

So I modified TTL record of "mycompany.com" from a default 864000 to 30 seconds. Subsequently, I made a test by connecting to 3 ISPs and I observed that the TTL in my cache of hosts of "mycompany.com" domain was not 30 seconds.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
do this:

NSLOOKUP

sever <put the name or address of the authoritative server for 10.1.1.1 here>

set debug

mycompany.com

and port the result

(edit sensitive into out)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now