Slashdot Mirror

← Back to Stories (view on slashdot.org)

Providers Ignoring DNS TTL?

Posted by Cliff on from the stale-results dept.

cluge asks: "It seems that several large providers give their users DNS servers that simply ignore DNS time to live (TTL). Over the past decade I've seen this from time to time. Recently it seems to be a pandemic, affecting very large cable/broadband and dial up networks. Performing a few tests against our broadband cable provider has shown that only one of the three provided DNS servers picked up a change in seven days or less. After turning in a trouble ticket with that provider - two of the three provided DNS servers were responding correct - while the third was still providing bad information more than two weeks after that specific change. What DNS caches ignore TTL by default? Is there a valid technical reason to ignore TTL?" "This struck me as odd, and I decided to run a few tests using my own domain. Lowering the TTL to twenty four hours, and making changes and then checking to see when a change was picked up. I queried twelve outside DNS servers/caches that I had access to (Thanks to my friends and relatives with dial ups and DSL who put up with me and my requests to reboot their machine daily!). Checks performed against these outside DNS servers indicate that it may take as much as four to five weeks before a DNS change is picked up! Most DNS servers picked up the change within 48 hours. A small number did not (three out of twelve - that's a quarter of them!)

This merits more study, and prompts a few questions. So, before I begin with a more serious broad study, I'd like to get some feedback on the problem as I've seen it. I know the tin foil hat crowd will see the failure to propagate DNS correctly as censorship, and the OS/bind/djb/whatever zealots will simply see this as an argument for their particular religion.

Based on the responses I get, I will then setup and test a couple of domains with different DNS servers for 6 weeks and report back the findings. [volunteers welcome!]"

17 of 445 comments (clear)

  1. TTL's by dlhm · · Score: 5, Funny

    Of course there is a reason, To save bandwidth, and to provide the 3rd world internet service we have come to expect here in the USA.

    --
    Ad eundum quo nemo ante iit!
  2. It's a strange pandemic... by LegendOfLink · · Score: 1, Funny

    called laziness.

    --
    IGB: More fun than eating oatmeal!
    1. Re:It's a strange pandemic... by justforaday · · Score: 3, Funny

      I would counter your argument, but it's too much effort...

      --
      I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  3. You can use TTL to keep customers from leaving! by Anonymous Coward · · Score: 5, Funny

    I remember once I had the TTL set on a bunch of domains to over a year. I found out its a great way to retain customers, because their domains will not work anywhere else.

  4. Re:I Noticed Too by RLW · · Score: 1, Funny

    Don't speculate. Assert. You know it's true. Couple that with ignorance and you've got the typical large ISP admin.

  5. Re:Faulty system by AndroidCat · · Score: 2, Funny

    Quick! Someone tell that to NetSol before they route all .com/.net typos to their server again.

    --
    One line blog. I hear that they're called Twitters now.
  6. The reason is quite simple by Anonymous Coward · · Score: 0, Funny

    "Titty" is an adult word and therefore TTL is censored by many ISPs.

  7. save money - set your ttl to 2147483647 by Anonymous Coward · · Score: 3, Funny

    this greatly reduces network traffic, as your records will be cached for over 68 years. if caching worked as described in the rfcs, you could probably even forget about keeping your domain registered after a few years, most folks would still come to you even if someone else bought your domain. of course ipv6 is coming any day now and that will probably ruin my evil plan.

  8. Re:Dumb question by Anonymous Coward · · Score: 2, Funny

    uhm, yeah.

    dig has been deprecated for QUITE some time.

    please use nslookup.

  9. Re:Faulty system by jdreed1024 · · Score: 2, Funny
    DNS isn't about "the web". It's much bigger than that.

    That's right, it's how Bill Gates tracks your e-mails to give you that Walt Disney World vacation when you send it to enough of your friends.

    --
    There is no sig, there is only Zuul.
  10. Re:Faulty system by Anonymous Coward · · Score: 1, Funny

    DNS is not the web. This was moderated interesting?

  11. Re:Why would you reboot? by SuiteSisterMary · · Score: 3, Funny

    "Ok, grandma, open the start menu, now select run. Ok, now type c-m-d. No, grandma, m. MMMMM. M as in Mike. Ok. No, grandma, D. DEEEEE. Not g. D. Ok, now did a big black box open up? No? Oh, you're on Windows 95/98, you'll need to reboot."

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  12. Re:Dumb question by Anonymous Coward · · Score: 2, Funny

    This is a good indication that your gentoo has been hacked. You need to wipe and reinstall immediately.

  13. Re:Dumb question by Anonymous Coward · · Score: 2, Funny

    Root login is deprecated and may be removed in a future release.

  14. Re:Bypass their DNS by 2old2rockNroll · · Score: 3, Funny

    You're not banking in the clear on http: are you? On an unpatched Win box? With IE?

    Of course not. That's what telnet's for.

  15. Re:Bypass their DNS by Anonymous Coward · · Score: 1, Funny

    "Instead of relying on who-knows-what from the ISPs I use my own DNS server that I set up and am responsible for."

    Typical bravado of a /. linux user. I don't know why more home users don't take the same approach. My grandma, running gentoo also does this very thing.

  16. AOL: wayback machine for DNS by CustomDesigned · · Score: 2, Funny
    Several months ago, we made the mistake of testing a new webmail server using AOL, but forgetting to actually add the DNS record first :-). The negative result is *still* cached at AOL. Bummer for users trying to use the webmail.

    On the plus side, I've used AOL to find out what the IP of names *used* to be while researching problems. Kind of handy that way.