[BBLISA] maximizing DNS security
Tom Metro
tmetro+bblisa at vl.com
Sun Apr 4 00:37:26 EDT 2010
Dan Ritter wrote:
> Tom Metro wrote:
>> Dan Ritter wrote:
>>> The sole downside to this arrangement is that it can often take half
>>> a day to get an old DNS record changed -- new records go through much
>>> faster.
>> That's due to your default TTL, right? But if you were anticipating a
>> change, you could use the common technique of dropping the TTL in
>> advance, so when the change did happen, it would propagate quickly.
>
> Actually, no.
>
> When a request comes in for a known domain name, the secondary
> server knows the answer authoritatively and sends the response.
Ah, right. The caching algorithm isn't applicable to an authoritative
servers.
> The secondary server updates via a zone transfer, done every N
> hours on their side, or we can trigger one manually (for one of
> our providers, but not the other).
So I gather N is something like 4 hours, if it can take up to a half
(work) day?
Care to recommend your secondary providers (either publicly or privately)?
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the bblisa
mailing list