From: Church, Chuck (cchurch@netcogov.com)
Date: Tue Nov 29 2005 - 15:52:05 GMT-3
To sum it up, the TTL on an A record says that other name servers should
only cache it for that amount of time. When it expires, that foreign
name server should again check with your name server to get the correct
name/address mapping for that host. This can be a good or a bad thing.
It's more work/traffic for a name server to keep checking every 5
minutes for a host entry, and generally frowned upon. Secondly, you
want to make sure you've got redundant name servers in different
locations. If your TTL is set to 5 minutes for a host, and the name
server hosting your zone is rebooted, there's a better chance that some
people won't be able to resolve the host than if the TTL was 24 hours.
Also, keep in mind that this changing of a host entry is a manual
process. You might have a 5 minute TTL, but if it takes an hour for a
problem to be detected, and the person to be found/woken up in the
middle of the night to change the 'A' record, that 5 minute TTL didn't
protect you from an extended outage. There are scripts that can be used
to detect outages, and automatically change 'A' records, but there is a
lot to consider. Like zone transfers to make the 'A' record change
global, which might be an issue if the master NS is at the site that is
now down... This is some of the stuff below that Brian was talking
about.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch@netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Leigh Harrison
Sent: Tuesday, November 29, 2005 9:20 AM
To: blodwick
Cc: 'Ian Stong'; 'FORUM'
Subject: Re: DNS Disaster Recovery Question
Brian,
Any comments are welcomed!!
I've been asked to look into the changing of the dns ttl to aid in
disaster recovery (from one ip to another).
I was under the impression that it takes around 24 hrs for a dns change
to propogate around the internet. So from that I guess that the dns
change over time is purely academic. 5-6 mins is not a great problem
when it's going to take hours for it to properly settle.
I guess what I am really asking is how long does it really take for the
dns change to propogate around the internet?
I'm also going to suggest a redesign of the data centre, incorporating 2
bgp feeds, and content switching, etc.
How long would it take for a change in dns to propogate around the
internet - although to be fair, I'm mainly interested in the timing for
a site in the UK, dns changed in the UK. How long before the change
would be seen in Europe ?
LH
blodwick wrote:
>After looking back over your email again Leigh I went off on a tangent
>about something else probably not related. Sorry about that. I'm a goof
>:)
>
>~ Brian L
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>blodwick
>Sent: Tuesday, November 29, 2005 8:51 AM
>To: 'Ian Stong'; 'Leigh Harrison'; 'FORUM'
>Subject: RE: DNS Disaster Recovery Question
>
>I believe what Leigh is talking about is an intelligent DNS device that
>communicates state information either directly with the server or with
a
>local content device before sending resolution. The Cisco device is
>called a Global Site Selector (GSS). If you were to use DNS round robin
>you would obviously be sent to a non-working server 50% of the time
>during an outage (if you had 2 data center options). There are further
>advantages if you use the Cisco Content Services Switch (CSS) locally
at
>each data center and use the GSS to control disaster recovery. The CSS
>locally at each data center can load-balance the local servers and will
>communicate to the GSS local state information. With the CSS locally
you
>can also utilize scripted keepalives to take establishing server
"state"
>to the next level. This subject gets quite involved, but imagine being
>able to query a java applet on your web server that would in turn query
>your back end database. You would be able to assure that users were
>always being sent to a web server that has an operational web engine,
>know java is operating properly and that your backend database is
>reachable and responding properly to queries.
>
>~ Brian L
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Ian Stong
>Sent: Tuesday, November 29, 2005 8:10 AM
>To: 'Leigh Harrison'; 'FORUM'
>Subject: RE: DNS Disaster Recovery Question
>
>Haven't worked with them myself. Curious what else they provide since
>just
>setting the TTL to 5 mins can be done by anyone. It's just a setting
>you
>use on the NS entries of your DNS server. You could even use a free DNS
>hosting service such as zoneedit.com and set your TTL to 5 mins.
>
>
>Ian
>http://www.ccie4u.com
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Leigh Harrison
>Sent: Tuesday, November 29, 2005 6:04 AM
>To: FORUM
>Subject: DNS Disaster Recovery Question
>
>All,
>
>A customer of mine has asked me to look at a company called
>Netnames.com.
>
>This is to do with using DNS for disaster recovery, i.e., changing the
>ip address to point at a server in a different data centre.
>Their solution is to change the TTL on the customers DNS to 5 mins, you
>can also log in to change it if need be.
>
>Have any of you service provider chaps come across this place? Is
there
>
>an alternative/easier/cheaper solution?
>
>Any comments/suggestions greatly welcomed.
>
>LH
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3