| That is not how resolution works. What happens is: #1 - Application (browser, chat client, etc) gets FQDN. It checks if it has the recordset in its cache, and if the TTL is expired. #2 - Application asks the OS for the recordset. The OS checks its cache, and TTL expiry. #3 - OS asks the configured local DNS resolvers for the recordset. They check their cache, and TTL expiry. #4 - These resolvers ask the configured upstream resolvers (e.g. ISP for most home users). They check their cache, and TTL expiry. (This step can repeat, depending on how networks are configured. E.G. ISPs may have DNS resolvers per city, which ask central servers) #5 - If all of those previous steps fail (the recordset is not cached, or the TTL is expired) the last resolver in the chain will ask the root for the NS records of the zone, which will get fresh records from CloudFlare. Remember - any of these recursive DNS servers could have an override to cache the recordset for longer than the publicly defined TTL. This is not as much of an issue anymore, but it used to be a massive one. And this is before applications decide that they know better. - see http://docs.oracle.com/javase/8/docs/technotes/guides/net/pr... (networkaddress.cache.ttl section) |