0

I've found a similar post about this, however my user can't comment.

I wonder why doing dig @8.8.8.8 domain.com prints out different "countdowns" when running it several times in few seconds, as if that domain was cached in different places inside 8.8.8.8 with different TTLs.

For example,

dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com.    39  IN  A   198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com.    288 IN  A   198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com.    37  IN  A   198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com.    36  IN  A   198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com.    284 IN  A   198.252.206.140
Community
  • 1
whitenoisedb
  • 115
  • 1
  • 5
  • Anycast ftw. https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=google%20anycast%20dns – dmourati Jan 27 '15 at 06:23
  • However, when I query after some time using 8.8.8.8 servers, TTL shows 14400 and starts decreasing again. I thought it was about to show the actual TTL left! – whitenoisedb Jan 27 '15 at 17:54

1 Answers1

4

The reason why different TTLs are shown at different query is that 8.8.8.8 is a (Virual IP) load balancer which has many DNS servers attached to it. And so every new request that arrive lands on different DNS server each time.

This is true with all public DNS servers. And if you would like to know the actual TTL of a domain then you have to query the (SOA) authoritative DNS server of that domain. And so ns1.google.com. is the authoritative for google.com domain and querying it will give you a fixed (actual) TTL every time.

$ dig google.com @ns1.google.com.

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> google.com @ns1.google.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5513
;; flags: qr aa rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;google.com.            IN  A

;; ANSWER SECTION:
google.com.     300 IN  A   74.125.236.78
google.com.     300 IN  A   74.125.236.67
google.com.     300 IN  A   74.125.236.68
google.com.     300 IN  A   74.125.236.73
google.com.     300 IN  A   74.125.236.69
google.com.     300 IN  A   74.125.236.64
google.com.     300 IN  A   74.125.236.71
google.com.     300 IN  A   74.125.236.70
google.com.     300 IN  A   74.125.236.66
google.com.     300 IN  A   74.125.236.65
google.com.     300 IN  A   74.125.236.72

;; Query time: 101 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Tue Jan 27 12:06:58 2015
;; MSG SIZE  rcvd: 204
Kannan Mohan
  • 593
  • 3
  • 6
  • When querying authoritative servers with dig, it is a good idea to specify `+norecurse`. – kasperd Jan 27 '15 at 07:09
  • So, at some time it'll be updated on only 1 google DNS server while others keep outdated? – whitenoisedb Jan 27 '15 at 07:20
  • @redraw `ns1.google.com.` is not a single DNS server again, It is a group of DNS servers which are behind a load balancer with name `ns1.google.com`. The TTL in this doesnt change because they dont expire and this TTL information is for DNS servers which are non-authoritative like `8.8.8.8` and others. – Kannan Mohan Jan 27 '15 at 07:26
  • @redraw When querying `8.8.8.8` after the authoritative data has changed you may get different answers depending on which server you hit until the full TTL has passed – Håkan Lindqvist Jan 27 '15 at 07:52
  • I mean, I'm querying 8.8.8.8, and say authoritative data has changed because I've edited some dns zone in my server. At the end, I'll see that for example, one TTL could have finished, but it is still alive in others (inside 8.8.8.8 network) – whitenoisedb Jan 27 '15 at 15:03
  • (consider I'm querying my domain using 8.8.8.8 servers) – whitenoisedb Jan 27 '15 at 15:26
  • yes, When the current TTL for that record gets expired it will be again queried to get the new changes from the authoritative nameserver. – Kannan Mohan Jan 27 '15 at 15:30
  • Just one question if you happen to read it. When I do `dig domain.com` I get the **remaining** TTL for that A record. However, if I do `dig any domain.com` it's like all TTLs are reseted, and start decreasing from that moment. Why that happens? – whitenoisedb Feb 02 '15 at 15:51
  • @redraw that's a good question and which requires a detailed answer. Can you post this as a separate question so that I can explain to you detailedly. – Kannan Mohan Feb 02 '15 at 17:55
  • @Kannan I guess username mention didn't worked because it only works in the same conversation, but here it's the new question: http://serverfault.com/questions/664471/dig-ttl-when-querying-for-any-record – whitenoisedb Feb 03 '15 at 17:45