Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Big issue with Telecom DNS caches for a web developer
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
timsimpson
19 posts

Geek
+1 received by user: 2
Inactive user


  #425018 7-Jan-2011 17:22
Send private message

Hi All

xtra do honor TTLs but like all ISP's they set a minimum - I belive that for terminator and alien this is 300s

For DNSC1.xtra.co.nz, DNSC2.xtra.co.nz, ns1.xtra.co.nz and ns2.xtra.co.nz the minimum is 900s

Anyone from telecom please correct me if I'm wrong :D 

As a general note - if you're getting these kind of timeouts and posting them here, can you take the time to do a couple of NS lookups and see exactly which DNS servers you are using. This can help people who read this quite a lot in solving the issues.



BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #425024 7-Jan-2011 17:50
Send private message

Um.. Hi Tim.. Did you spy this from a Telecom employee?

"The Telecom DNS caches do honor TTL, so lowering the TTL will work on our network."

It appeared earlier in this thread.

{citation needed} please... ??




No signature to see here, move along...

BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #425036 7-Jan-2011 18:57
Send private message

ptinson:
ptinson:
I think from memory negative cache is 1 hr but i will check later.


Its 3 hours.


Hangon. the SOA record for a DNS zone includes the negative-record TTL.

Are you suggesting Xtra/Telecom overrides this with their own figure (3 hrs) ?

http://www.netadmintools.com/art232.html for ref.




No signature to see here, move along...



ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #425101 8-Jan-2011 07:27
Send private message

timsimpson: Hi All

xtra do honor TTLs but like all ISP's they set a minimum - I belive that for terminator and alien this is 300s

For DNSC1.xtra.co.nz, DNSC2.xtra.co.nz, ns1.xtra.co.nz and ns2.xtra.co.nz the minimum is 900s

Anyone from telecom please correct me if I'm wrong :D 

As a general note - if you're getting these kind of timeouts and posting them here, can you take the time to do a couple of NS lookups and see exactly which DNS servers you are using. This can help people who read this quite a lot in solving the issues.


Alien and Terminator recursive servers are the same ones as dnsc1 & 2 and they have no defined minimum cache time, The have a maximum that is currently 7 days though.

ns1 & 2 also have no defined minimum, but have the same 7 day max.

Paul




meat popsicle

ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #425106 8-Jan-2011 08:09
Send private message

BlakJak:
ptinson:
ptinson:
I think from memory negative cache is 1 hr but i will check later.


Its 3 hours.


Hangon. the SOA record for a DNS zone includes the negative-record TTL.

Are you suggesting Xtra/Telecom overrides this with their own figure (3 hrs) ?

http://www.netadmintools.com/art232.html for ref.


Sorry meant to reply all in one post but got distracted.

We have a max ncache ttl of 3 hrs so if your negative TTL in the SOA is larger than this we will ignore that yes. Sorry not a default ncache TTL of 3 hours.

I would be happy to hear any suggestions to a different value.

Paul




meat popsicle

BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #425109 8-Jan-2011 08:23
Send private message

Surprised you don't just honour the value in zones as published...?




No signature to see here, move along...

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #425133 8-Jan-2011 10:13
Send private message

Experience and a fair amount of testing has shown 3hrs to be a good value for ncache MAX TTL.

Also rfc2308 points this out and why leaving it to be whatever is set in the SOA could be problematic.

the important thing to note is as far as i know we don't monkey with the MIN TTL, even if we may have been tempted to for some domains.

For positive responses a MAX TTL of 7 days is quite some time given most TLD's have a TTL of 2 days, which is still quite long.




meat popsicle

BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #425237 8-Jan-2011 16:39
Send private message

Yeah, I would not see any point in a TTL >2 days - nor a negative TTL of more than an hour, to be honest...

Thanks for popping up here Paul with solid info and explanations.




No signature to see here, move along...

timsimpson
19 posts

Geek
+1 received by user: 2
Inactive user


  #425357 9-Jan-2011 01:17
Send private message

BlakJak: Um.. Hi Tim.. Did you spy this from a Telecom employee?

"The Telecom DNS caches do honor TTL, so lowering the TTL will work on our network."

It appeared earlier in this thread.

{citation needed} please... ??


Nah I just missed seeing it. Damn Hunan failings ;)

ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #425393 9-Jan-2011 10:03
Send private message

BlakJak: Yeah, I would not see any point in a TTL >2 days - nor a negative TTL of more than an hour, to be honest...

Thanks for popping up here Paul with solid info and explanations.


No Problem, all part of being friendly and helpful...

Paul




meat popsicle

snnet
1413 posts

Uber Geek
+1 received by user: 556


  #425883 10-Jan-2011 19:24
Send private message

ptinson:
BlakJak: Yeah, I would not see any point in a TTL >2 days - nor a negative TTL of more than an hour, to be honest...

Thanks for popping up here Paul with solid info and explanations.


No Problem, all part of being friendly and helpful...

Paul

Paul, are you still offering to switch off caching for static IP users? Thought I'd ask before PMing you :) 

 
 
 
 

Shop now for Dyson appliances (affiliate link).
ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #425909 10-Jan-2011 21:17
Send private message

Yes.
You need to send me your static IP and i can arrange to have it bypassed

Paul




meat popsicle

da5id
550 posts

Ultimate Geek
+1 received by user: 65
Inactive user


  #426546 12-Jan-2011 15:19
Send private message

I admit to having no idea about this network stuff or VPN etc (I had to look it up).

I notice that LogMeIn has a VPN networking service called Hamachi² that has a free version for up to 16 clients. 

It this useful? pertinent? How does it work?

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright