On Wed, 12 Nov 2008, Stuart MacIntosh wrote:
Quick question, hopefully. How common is it for DNS
server admins to
manipulate TTLs of NS records, on their recursive/customer-facing
I would say fairly uncommon. In theory you should have some ACL , the root
servers, some resource limits and maybe a rfc1918 blackhole and thats it.
You can play with the TTL sometimes but it's usually a bad idea and most
DNS software doesn't make it easy. Corps are more likely to do weird
stuff for dumb reasons.
Also, when seeing a reply from a caching server (query
A-type) NS is
returned correctly but not the A record. Why is this (typically)?
If the record has changed recently then the usual reasons are:
* the person who changed it forgot to update the serial number
* the TTL hasn't expired.
* Not all the Auth servers got updated
* The .nz or .com nameservers are still pointing at the old Auth servers.
* The DNS servers your are talking to used to host the domain and are
still configured with the details
If the records have not changed recently then the last one above is
usually the cause.
You will note that reasons 1-4 above are the Domain owners fault and
usually reason 5 is as well.
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.