Master your domain name and understand the magic of Time to Live

16 April 2015

If you’d like to see your IT guys shiver, turn pale and maybe even black out, just tell them you want to move your domain name to another registrar. Or move the mail server to another provider. Or maybe get the revamped and relocated corporate web site launched Monday morning 9 am sharp. Throw in the demand for NO downtime for bonus hysteria. Sounds trivial, doesn’t it? What could possible go wrong?

Before revealing the answer to that question, we need to dig into some Domain Name System theory.

There are basically two types of name servers, those that know the truth for a domain name, the so called authoritative name servers and those that seek the truth, better known as caching name servers or recursive resolvers.

A computer, laptop, tablet or smartphone will use the latter whenever its user requests something on the Internet. If a user wants to send an email, the application will need to connect to the mail server’s IP address and to do this the machine will ask the recursive resolver for the IP address. Nothing new here, this is basic DNS 101.

The resolver goes out on the Internet in search of the truth and will return with the IP address of the requested server. The authoritative name server will return an additional value with the IP address, a number that represents the number of seconds the resolver should remember the answer before asking requesting the same information again.

This concept is called caching and is often used to speed things up that don’t often change. In the world of DNS it is a corner stone for a fluid user experience and increased resilience.

That number has a name; it’s referred to as Time To Live or TTL for short. Typically it has relatively large values, as domain name information tends to be rather static. 86 400 is a TTL value you will often see in zone files; 86 400 seconds represents a day.

So what could possibly go wrong? Remember the mail server migration? What if its TTL was 24 hours and the IT guys changed the IP address of the mail server and updated and reloaded the zone file of your domain name. Will the “Internet” pick up the change and immediately start using the new mail server?

The answer is NO, at least not until the TTL expired, which in this case will take 24 hours before the entire Internet has picked up the change. In the mean time you will be in the Twilight Zone and mails will be delivered to the old mail server and to the new mail server. And there’s nothing you can do about it, besides riding out the storm. Mail may be delayed and in some cases you might even lose mail.

A little preparation can easily prevent this nightmare, as the TTL is part of the definition of your zone file and hence can be manipulated. It is sufficient to lower the TTL before the actual change to a much lower number like 600 (10 minutes). This change needs to be done 1 TTL before the actual planned change to allow the Internet to pick up the lowered TTL value. When the change is executed the Window of Uncertainty will only last 10 minutes, reducing potential issues to an acceptable and manageable level. Once the switch is completed, the TTL can be put back to its original value.

Administrators that manage the DNS need to understand the intricacies of the TTL if they truly want to be in control of their zone files, and manage mail server switches without blacking out, of course.

Dirk Jumpertz
Security Manager