PHWinfo - Afficher un message

22/04/2008, 02h18

"mmccaws2" <mmccaws@comcast.net> wrote in message
news:e35fccc2-41b5-4434-8a19-a9a3e864450b@f36g2000hsa.googlegroups.com...

> DNS Servers with zones have a TTL for each resource record or use
> theDEFAULTTTL (from the SOA) for those records not explicitly set.
>
> The OWNING DNS Server "tells" the requestor how long it is "ok" tocachea
> record. The owning DNS server presumably knows how long
> the record will be "stable" and so sets a sensible value.
>
> About the only time you should see a problem is when MOVING IP
> addresses (e.g., changing ISPs) -- when doing this you should/must
> update your TTLs on your zone records at least ONE TTL AHEAD
> of time to something smaller.

I have a question along these lines.

I have an environment that has AD forest for each major department. I
operate the non-microsoft central dns business zone that ttl was set
to 24 hours.

* Then that is the MAXIMUM that any other DNS server or client
* should hold your records.

I learned the the departments had set their name server
to hold their cache for 24 hours. We made some changes where I set
the individual a and ptr records' ttl to 5 minutes. Without
intervention, how long could the records stay on the AD name servers
without being updated?

* Five minutes. No DNS Server or client will hold a record LONGER
* than the actual TTL on that record -- to do so would be foolish.

* Presuming they have done at least one lookup since you changed
* the value.

The problem I've seen in the past is that when I run 'nslookup -
type=soa domain.name and I get a response from the AD name servers
the serial numbers could be 20,000 or more out of date. So, I was
wondering if each record is held with it's own timestamp to mark the
24 hours or is it by zone?

* Serial numbers are NOT dates by default -- that is a convention
* of admins when updating them manually.

I just recommended to them that the internal zones have a ttl of 15
minutes to keep up with DHCP changes. What would you recommend?

* Perhaps, but remember that when a DHCP client updates its record
* it will overwrite the existing one so there is usually no strong
motivation
* for this.

* A client that is just offline cannot be reach in any case, and if you let
* the DHCP server do the registration AND de-registration it will be
* even more up to date.

* One might also wonder what motivates you to have the DHCP settings
* so short?

22/04/2008, 02h18	#4
Herb Martin Messages: n/a Hébergeur:	Re: DNS TTL and XP DNS cache questions "mmccaws2" <mmccaws@comcast.net> wrote in message news:e35fccc2-41b5-4434-8a19-a9a3e864450b@f36g2000hsa.googlegroups.com... > DNS Servers with zones have a TTL for each resource record or use > theDEFAULTTTL (from the SOA) for those records not explicitly set. > > The OWNING DNS Server "tells" the requestor how long it is "ok" tocachea > record. The owning DNS server presumably knows how long > the record will be "stable" and so sets a sensible value. > > About the only time you should see a problem is when MOVING IP > addresses (e.g., changing ISPs) -- when doing this you should/must > update your TTLs on your zone records at least ONE TTL AHEAD > of time to something smaller. I have a question along these lines. I have an environment that has AD forest for each major department. I operate the non-microsoft central dns business zone that ttl was set to 24 hours. * Then that is the MAXIMUM that any other DNS server or client * should hold your records. I learned the the departments had set their name server to hold their cache for 24 hours. We made some changes where I set the individual a and ptr records' ttl to 5 minutes. Without intervention, how long could the records stay on the AD name servers without being updated? * Five minutes. No DNS Server or client will hold a record LONGER * than the actual TTL on that record -- to do so would be foolish. * Presuming they have done at least one lookup since you changed * the value. The problem I've seen in the past is that when I run 'nslookup - type=soa domain.name and I get a response from the AD name servers the serial numbers could be 20,000 or more out of date. So, I was wondering if each record is held with it's own timestamp to mark the 24 hours or is it by zone? * Serial numbers are NOT dates by default -- that is a convention * of admins when updating them manually. I just recommended to them that the internal zones have a ttl of 15 minutes to keep up with DHCP changes. What would you recommend? * Perhaps, but remember that when a DHCP client updates its record * it will overwrite the existing one so there is usually no strong motivation * for this. * A client that is just offline cannot be reach in any case, and if you let * the DHCP server do the registration AND de-registration it will be * even more up to date. * One might also wonder what motivates you to have the DHCP settings * so short?