Wednesday, November 10, 2010

Updating a DNS record

SkyHi @ Wednesday, November 10, 2010

Changing DNS records can result in your website being unreachable for a while.
This article explains how you can minimize downtime while changing domain name records.



NS records


When changing nameserver records, first ensure that your new nameserver(s) define
the same records as your old nameservers. That is to say, your new nameservers
must be in a ready-to-use state.

Now you can change your NS records so that they point to the new nameserver(s).
But pay attention to the fact, that the NS records of your parent DNS servers are usually
cached for 48 hours. Thus you should keep your old nameservers online for at
least 48 hours after making the changes to your NS records.


Other records


For A records, MX records, PTR records and the like there is a nice way to
update a record while still not having inconsistent data. What I mean by "inconsistent"
is the following scenario:

Suppose you have an A record for www.dnswatch.info pointing to the IP address
193.111.199.111 with a "Time To Live" value set to 3600 (1 hour). And let's further
assume that you now want to update this A record so that it points to the IP
address 193.111.199.214.

If you just changed the record now, DNS resolvers all over the world who don't
have the old data cached would instantly see the new IP address (193.111.199.214).
But DNS resolvers who do have this record cached (e.g. a resolver who already queried
your nameserver 8 minutes ago) would still see the old IP address (193.111.199.111).
So if a resolver queried your nameserver 8 minutes ago, it would see the old
data for the next 52 minutes because the "Time To Live" value's set
to 1 hour meaning that the record may be cached for 1 hour.

If for example, there was some webserver behind those IPs, some browsers would now be accessing
your old webserver (on the old IP) and some would request data from your new webserver (on the new IP).



The easy solution to this inconsistent state is as follows:

First reduce the TTL of the record that you want to change to a minimal value,
e.g. 30 seconds. Then wait "old TTL value" seconds. So we'd
have had to wait 1 hour in our last example after reducing the TTL to 30 because
the old TTL was 1 hour. After that period you can change your data. Or you can
now even further reduce the TTL to 5 seconds. Then wait 30 seconds, and then do
the actual update to the record. This results in your DNS data being inconsistent
for only 5 seconds instead of an hour as in the initial example.
Don't forget however to increase the TTL again, after changing the record
and assuring that your change was successful. If you leave the TTL at 5 seconds,
your DNS servers could get overwhelmed by lookup requests. In addition a DNS lookup
can take quite some time (sometimes even half a second), thus the end user would need many coffe breaks.

REFERENCES
http://www.dnswatch.info/articles/dns-update