|
|
|
|
|
|
by JakeTheAndroid
3193 days ago
|
|
|
The TTL publicly is static and doesn't matter. The resolver you hit will just point to Cloudflare NS. Why we are faster, is because we point internally, and we don't have misconfigured TTLs or caching (I mean, things happen but it's not common). So once you update the global resolvers your visitors would hit to point to CF, their cache/TTL should never matter since we dictate where our internal DNS points the requested record. |
|
|
What happens is:
#1 - Application (browser, chat client, etc) gets FQDN. It checks if it has the recordset in its cache, and if the TTL is expired.
#2 - Application asks the OS for the recordset. The OS checks its cache, and TTL expiry.
#3 - OS asks the configured local DNS resolvers for the recordset. They check their cache, and TTL expiry.
#4 - These resolvers ask the configured upstream resolvers (e.g. ISP for most home users). They check their cache, and TTL expiry. (This step can repeat, depending on how networks are configured. E.G. ISPs may have DNS resolvers per city, which ask central servers)
#5 - If all of those previous steps fail (the recordset is not cached, or the TTL is expired) the last resolver in the chain will ask the root for the NS records of the zone, which will get fresh records from CloudFlare.
Remember - any of these recursive DNS servers could have an override to cache the recordset for longer than the publicly defined TTL. This is not as much of an issue anymore, but it used to be a massive one.
And this is before applications decide that they know better. - see http://docs.oracle.com/javase/8/docs/technotes/guides/net/pr... (networkaddress.cache.ttl section)