From owner-freebsd-chat Fri Oct 18 13:52: 3 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4FD337B401 for ; Fri, 18 Oct 2002 13:52:01 -0700 (PDT) Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DB0243E7B for ; Fri, 18 Oct 2002 13:52:01 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0209.cvx21-bradley.dialup.earthlink.net ([209.179.192.209] helo=mindspring.com) by flamingo.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 182e5w-0006CZ-00; Fri, 18 Oct 2002 13:51:44 -0700 Message-ID: <3DB07419.42FCBC42@mindspring.com> Date: Fri, 18 Oct 2002 13:50:33 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Doug White Cc: Darren Pilgrim , "Kevin D. Kinsey, DaleCo, S.P." , Dave Rossow , freebsd-chat@FreeBSD.ORG Subject: Re: Verisign dns trick References: <20021018131135.S95423-100000@carver.gumbysoft.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Doug White wrote: > I use an OpenSRS-affiliated registrar, Hostica. OpenSRS's site > (opensrs.com) can refer you to one of their many affiliates. All (should) > use the standard OpenSRS API which allows for instant web updates. Prices > range from $10 to $20 for a standard domain registration. Have you looked at the OpenSRS source code? It does it's thing via perl scripts which exchange email, even though it bundles it up as if it were a protocol API. It can't act within a browser timeout. Therefore, no matter what, you get to eat a latency on the registration, and then another latency on the DNS server updates; the DNS server support is a seperate service from the registration process itself. Adds are fast; changes are constrained by the timeout for cached DNS records, which are constrained by the TTL settings that they permit. If you are running your own DNS server, then you can set the TTL's to whatever you want. If you are using theirs, then you are generally constrained by some lower bound that they won't let you pass -- if they did, then potentially every page request to your web site would have to hit their server, being that the previous resoloution results were not cached by the requester. So no matter how you look at it, updates are not instant. The best you can do is to run your own DNS server, and set the timeouts for the records in it to some minimum amount less than the minimum amount for the start of authority record and the top level delegation record -- even if you are hosting your own real SOA, the top level delegation will limit the latency with which you can change where it points to -- the authoritative server for a given domain will be cached for subsequent lookups. Basically, this means that, unless you keep your primary DNS at the delegated address, you are going to have to expect *some* outage, and the time for that is usually 24 hours, unless the registrar has a process where you can notify them ahead of time to temporarily reduce the TTL before the changeover takes place. Even so, you will find that many ISPs run caching DNS servers, with a minimum cache lifetime, despite the RFC requirements, so your data can never be made non-stale immediately. The easiest way to prove all this to yourself is to ask yourself how you would design a system to provide this service, too, and how you would deal with the latencies, etc., that are unavoidable because of the top level DNS servers and their registration process being via email, and those that are unavailable because of your own technical requirements for limiting overall server load. Alternately, you could buy the O'Reilly book. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message