32

I'm aware that tomorrow the public IP address of one of our production servers is going to be changed.

The TTL on that A record is currently set to 3 hours.

Will adjusting the TTL on that A record to something lower like 1 minute actually work (the domain registrar does allow specifying minutes!), so that users DNS will only be pointing to the old server for a maximum of 1 minute after we switch that A record to the new public IP address?

oldmud0
  • 105
  • 4
user5603796
  • 479
  • 1
  • 7
  • 8
  • 5
    Additionally, this only matters to clients that already have the record cached. Clients that don't have the record already cached will resolve the new ip address without issue. – joeqwerty Dec 03 '15 at 20:20
  • 4
    @joeqwerty the client is not the only place caching can happen. It can also happen on their DNS providers servers. – Peter Green Dec 04 '15 at 00:13
  • 4
    For all intents and purposes, a DNS server that isn't the authoritative server for a domain **is** a client. My comment implies that but I should have stated it explicitly. – joeqwerty Dec 04 '15 at 01:22
  • @joeqwerty but a client which does not have the record cache goes to a local non-authoritive server that does have the record cached will receive the wrong record for the TTL (or minimum cache time of the server) – JamesRyan Dec 04 '15 at 10:48
  • 1
    You're missing my point. A DNS server that is not authoritative for the domain **is** a DNS client when it needs to resolve that record. It may be resolving that record for it's DNS clients but it itself is a DNS client when it's working to resolve the A record on their behalf. When I used the word client in my original comment I meant any DNS resolver that needs to resolve the record, whether that be a typical end user workstation or that workstations DNS server. Of course if a DNS server has it in it's cache then my comment is moot, but that's not what I said nor what I meant. – joeqwerty Dec 04 '15 at 16:52
  • Sort answer no. Long answer no it does – giammin Dec 07 '15 at 20:02
  • If I understand it correctly, you can even set TTL to 0, which tells other servers not to cache at all. – Paul Jan 01 '16 at 01:35

2 Answers2

33

They're not supposed to, but some DNS services may treat this as more of a suggestion than a hard rule. They may honor the setting down to some minimum, or they may ignore your TTL completely and always use their own setting (I've heard that 2 days is, or at least was, common). You need to be aware there is nothing you can do that will make those providers update any faster, and therefore some requests will end up going to the old address for some time after you make the change.

Ideally in this case, you want to cut over to a new IP address while you still have some control of the old address, such that your server can be set to handle requests via both addresses for a small interim period.

Additionally, some DNS services charge you per request (or per million requests). Moving from 3 hours to 1 minute will increase your DNS requests by a factor 180... you'll get 180 times as many requests as before. It's not likely to break the bank, but just make sure you're prepared for that.

As an example, I have DNS service for a rather small web site where I spend about $20 per year for them to service 5 million requests per month. I admit that I'm not actually sure whether they'll just bill me or stop handling requests if I ever exceed that, though I expect it's the former. Right now I tend to only get about 1/2 million requests per month, but I wonder what would happen if I changed my TTL setting to get 180 times as many more and left it that way for too long.

Still, most DNS services will honor your 1 minute setting. This will help smooth the changeover to the new address, and it's not likely to hurt you at all as long you're careful. Just remember to do this at least 3 hours (the old TTL) ahead of the change. There's no point doing it much earlier; any provider that would need to see the change sooner is not honoring the setting anyway. And, of course, don't forget to put it back when you're done.

You may also want to reference this question:

Migrating DNS Providers

It's a bit different than yours, but some of the issues involved are similar.

Community
  • 1
Joel Coel
  • 12,910
  • 13
  • 61
  • 99
18

Only if you make that change to the TTL more than three hours in advance of the IP address change.

Remember that the TTL tells other DNS servers how long to cache records. So you must reduce it at least that long in advance of your desired change.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 5
    However, be aware that some ISP's ignore the TTL and set their own, which can be a PITA to work with. – Frederik Dec 03 '15 at 19:30
  • 10
    The last time I did this, a few months ago, I monitored traffic to the old IP address for just this purpose. Almost everyone was using the new IP address within the one minute TTL. A few places took 10-15 minutes. Only Baidu (the search engine!) did not update for several days. – Michael Hampton Dec 03 '15 at 19:45
  • 1
    @MichaelHampton We see the same. I suspect it's a lot less prevalent today than in the earlier days of the Internet. – ceejayoz Dec 03 '15 at 19:55
  • 2
    The old site had a read-only copy of the web site taken at the time of migration, and was not updated. A week later Baidu was still hitting it, but I had to shut it down. They did eventually figure it out... – Michael Hampton Dec 03 '15 at 20:09
  • 2
    @FrederikNielsen Where do the RFCs allow that? – Hagen von Eitzen Dec 03 '15 at 20:50
  • 5
    @HagenvonEitzen Without reading the entire RFC i must say that I don't think it does. However, some ISP's in my country are known to not care at all. – Frederik Dec 03 '15 at 20:52
  • 1
    @HagenvonEitzen RFCs are not enforced by law. Unfortunately, sometimes. – Dubu Dec 04 '15 at 14:17
  • @Dubu Agreed, but RFCs are the de-facto norms of networking. If your ISP doesn't respect RFCs how can you expect them not to swap SYN and RST flags in all your traffic? (You can't be *sure* they don't anyway - but at least I would like to *expect* them to behave) – Hagen von Eitzen Dec 04 '15 at 17:20
  • @HagenvonEitzen That's how the Great Firewall of China works! – Michael Hampton Dec 04 '15 at 17:21
  • @MichaelHampton Regarding that problem all discussiing of DNS TTL is moot as they might serve the DNS they like and redirect TCP/IP the way they like ... – Hagen von Eitzen Dec 04 '15 at 17:29