Faster Updates for DNS Root Servers Arrive 150
Tee Emm writes "VeriSign's DNS Rapid Update notice period (as announced on NANOG mailing list) expires today. Beginning September 9, 2004 the SOA records of the .com and .net zones will be updated every 5 minutes instead of twice a day. The format of the serial number is also changing from the current YYYYMMDDNN to a new one that depicts the UTC time." We first mentioned this back in July, but it's finally launching now.
hmm, but is this really a good thing? (Score:5, Insightful)
Re:hmm, but is this really a good thing? (Score:3, Insightful)
I don't see the point myself, domains are not supposed to change every minute anyway.
Why? (Score:1, Insightful)
Re:hmm, but is this really a good thing? (Score:5, Insightful)
Oh wait, VeriSign? We're all doomed.
Re:hmm, but is this really a good thing? (Score:4, Insightful)
The key thing comes down to if we can trust VeriSign to be doing their homework correctly. VeriSign's a very funny company to think about because their entire product line is based on encryption and ID services that define VeriSign as a root of trust... if you don't trust VeriSign to be an honest actor, practically everything they do becomes worthless.
It's so hard to get trust-based systems to work these days...
Emergency use (Score:1, Insightful)
This is great use for emergencies. You can have a backup web server configured identically to the main one. If the first web server goes down, just update the IP address in the domain record and your back on-line in five minutes.
Good for those of us which host web sites for clients.
Cool.... (Score:5, Insightful)
Fifteen minutes? (Score:5, Insightful)
Doesn't that mean they're updating every fifteen minutes, not every five?
This has no effect (Score:5, Insightful)
2038 fun (Score:3, Insightful)
Brilliant move...:-(
What was wrong with sticking extra hour/minutes digits in the serial number - no y2k style problems at all....?!?
ie YYYYMMDDHHmmNN ??
Re:hmm, but is this really a good thing? (Score:2, Insightful)
Re:dynamic dns (Score:3, Insightful)
I sure wouldn't want to try that, though....
Re:Fifteen minutes? (Score:3, Insightful)
It means that dns servers which act like bind4 and bind8 will set the default Time To Live (TTL) for resource records without explicit TTL to 15 minutes. Servers which behave like bind9 will use this as the negative caching value for the domain, meaning that if it requests an ip from a domain which doesn't exist it will cache the result for 15 minutes. In effect this should mean that the actual root dns servers will be updated every 5 minutes, but someone looking for the domain (by normal means as oppossed to manually querying the root servers) just before the update which brings the domain into existance will have to wait 15 minutes before they will see the domain has arrived.
So they are updating every 5 minutes, but if you are adding a new domain, as opposed to changing the authoritative servers for a domain, you will have to wait 20 minutes (5 for update and 15 for everyone to have lost the negative cache) before you can say "we're up and running".