Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
The Internet

Verisign Speeds Up DNS Updates 131

Changeling writes "According to Matt Larson, a representative of VeriSign Naming and Directory Services, on September 8, 2004 Verisign will be switching from performing 2 updates per day of the .com and .net zones to performing updates every few seconds. According to Matt, 'After the rapid DNS update is implemented, the elapsed time from registrars' add or change operations to the visibility of those adds or changes in all 13 .com/.net authoritative name servers is expected to average less than five minutes." Full story can be found here."
This discussion has been archived. No new comments can be posted.

Verisign Speeds Up DNS Updates

Comments Filter:
  • Censorship? (Score:5, Interesting)

    by phr2 ( 545169 ) on Sunday July 11, 2004 @05:36PM (#9669245)
    The good part: when you register a new domain, you can publish it immediately and people can start using it right away.

    The bad part: if someone gets Verisign to shut off your DNS, your site goes dark before anyone knows what happened. It's a lot harder for anyone to mirror it when the news starts breaking.

  • Spammer's Delight... (Score:5, Interesting)

    by LostCluster ( 625375 ) * on Sunday July 11, 2004 @05:39PM (#9669274)
    Verisign's Spin...
    Will rapid DNS updates impact SPAM?
    Verisign anticipates negligible increases in SPAM as a result of more frequent updates to the .com/.net zone files. Rapid updates to .com/.net are consistent with processes in place at other large domain registries today.

    Translation: When a spamvertized site is unpluged by hosting company X, the spammers can quickly redirect their domain to point at their new server at hosting company Y...

    In the cat and mouse game that is spamming, the mice have just gotten an ability to flee faster.
  • Re:Censorship? (Score:4, Interesting)

    by LostCluster ( 625375 ) * on Sunday July 11, 2004 @05:52PM (#9669381)
    Then again, it cuts both ways. If somebody were to get an injunction awarding the domain back to them, it'd be back up right away as well.

    Censorship concerns usually go at the ISP to pull down the content altogheter, as afterall it most likely would still be available by IP address anyway.

    It's in a trademark case that the owner of the trademark might seek to overtake a domain from somebody they don't like. In that case, the publisher can simply repost their content under another domain, or direct people to the IP address and forget about DNS.
  • by Anonymous Coward on Sunday July 11, 2004 @06:22PM (#9669565)
    RFC1035 was written before RFCs had the MUST/SHOULD syntax. That said, a 32-bit serial number in the SOA record is pretty much a MUST.

    The solution is to have zone transfer clients transfer the zone regardless of whether the serial number has increased or decreased; this is why DJB's axfr (zone transfer) client does.

    Overview for people who don't know DNS: The serial number is used in automated transfers of DNS information to determine whether the information has been updated. If the integer has been increased since the last update, the client knows to to transfer all of the information again. The number is a 31-bit unsigned integer, which means the use of a Unix timestamp for this number will expire in 2038.
  • WHOIS (Score:1, Interesting)

    by Anonymous Coward on Sunday July 11, 2004 @06:56PM (#9669815)
    Unpopular websites often get attacked via fradulent WHOIS claims. Basically, ICANN in their stupid and aribitrary opinion says that you must have valid information in your whois.

    All it takes is one or two people to file a claim with ICANN or your registrar that your whois info is wrong and many registrars such as GoDaddy and Dotster will pull the domain away no questions asked and then point to ICANN rules as a scapegoat.

    I've heard of times where people got their domain yanked because the phone line was being disconnected for like a day during a phone company outage and that was enough for the domain to be taken.

    So yes, censorship is very alive and well and it doesn't have to target your hosting provider.

    The best way to combat this problem is to get a domain registrar that actually respects the customer and gives them a chance to update information that they might have forgotten to update or to simply explain is valid but that there are circumstances such as you not being home 24/7 to answer your phone and what not. GoDaddy and DOTSTER are definitely not companies you want to do business with if you don't want your domain to be yanked unjustly at random.
  • by mabu ( 178417 ) * on Sunday July 11, 2004 @11:00PM (#9671251)
    In theory this seems reasonable as long as the update requirements don't put undue pressure on the TLD system. I can't imagine they would since technology has far surpassed what was available when these standards were introduced.

    There are some obvious, immediate benefits with issues like this. Systems can more quickly route around outages and DDOS attacks.

    However, I'm highly suspect that Verisign came up with this idea without some self-interest at the heart of it.

    Why do I have this feeling that, any non-Verisign registrar won't get their updates reflected in the root servers as quickly as Verisign's own customers?

  • This is not agreed-on "DNS behaviour", it's a flawed feature of BIND designed to try to prevent cache poisoning. See Dan Berstein's notes on BIND's credibility mechanism []. We don't need any encouragement to make DNS less secure!

    So for all secure DNS resolvers, TTL will still be 48 hours until Verisign works out a way to let people update it themselves.

Happiness is twin floppies.