Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Oct 2002 13:50:33 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Doug White <dwhite@gumbysoft.com>
Cc:        Darren Pilgrim <dmp@pantherdragon.org>, "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>, Dave Rossow <dave@dreksys.com>, freebsd-chat@FreeBSD.ORG
Subject:   Re: Verisign dns trick
Message-ID:  <3DB07419.42FCBC42@mindspring.com>
References:  <20021018131135.S95423-100000@carver.gumbysoft.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Doug White wrote:
> I use an OpenSRS-affiliated registrar, Hostica.  OpenSRS's site
> (opensrs.com) can refer you to one of their many affiliates.  All (should)
> use the standard OpenSRS API which allows for instant web updates. Prices
> range from $10 to $20 for a standard domain registration.

Have you looked at the OpenSRS source code?

It does it's thing via perl scripts which exchange email, even
though it bundles it up as if it were a protocol API.  It can't
act within a browser timeout.

Therefore, no matter what, you get to eat a latency on the
registration, and then another latency on the DNS server updates;
the DNS server support is a seperate service from the registration
process itself.

Adds are fast; changes are constrained by the timeout for cached
DNS records, which are constrained by the TTL settings that they
permit.  If you are running your own DNS server, then you can set
the TTL's to whatever you want.  If you are using theirs, then you
are generally constrained by some lower bound that they won't let
you pass -- if they did, then potentially every page request to
your web site would have to hit their server, being that the
previous resoloution results were not cached by the requester.

So no matter how you look at it, updates are not instant.

The best you can do is to run your own DNS server, and set the
timeouts for the records in it to some minimum amount less than
the minimum amount for the start of authority record and the top
level delegation record -- even if you are hosting your own real
SOA, the top level delegation will limit the latency with which
you can change where it points to -- the authoritative server
for a given domain will be cached for subsequent lookups.

Basically, this means that, unless you keep your primary DNS at
the delegated address, you are going to have to expect *some*
outage, and the time for that is usually 24 hours, unless the
registrar has a process where you can notify them ahead of time
to temporarily reduce the TTL before the changeover takes place.

Even so, you will find that many ISPs run caching DNS servers,
with a minimum cache lifetime, despite the RFC requirements, so
your data can never be made non-stale immediately.


The easiest way to prove all this to yourself is to ask yourself
how you would design a system to provide this service, too, and
how you would deal with the latencies, etc., that are unavoidable
because of the top level DNS servers and their registration process
being via email, and those that are unavailable because of your own
technical requirements for limiting overall server load.

Alternately, you could buy the O'Reilly book.  8-).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB07419.42FCBC42>