[xyst]

I was setting up my own mail server the other day and re-realized how long global DNS propagation really takes.

I’m in the US so it was almost instantaneous between updating the dns records in domain register any being able to verify the changes with my own rDNS server.

But using a UK or NL dns server didn’t immediately pick up those recent changes.

Had to wait an additional 48 hrs for global dns propagation.

[fanf2]

A change to a record in your zone should propagate to all your authoritative servers within a few seconds, using the DNS NOTIFY feature. If it doesn’t, that’s a bug in your provider’s setup.

Caches rely on the TTL of records in your zone, or the SOA negative TTL field for negative answers. You control these TTLs, so don’t set them to 48 hours. In most cases there’s little benefit to having TTLs longer than 1 hour. (I use 24 hours for TTLs on NS records and nameserver addresses, because they tend to be more stable, and it’s good for tail latency to keep them in caches longer.)

[gumby]

> Caches rely on the TTL of records in your zone, or the SOA negative TTL field for negative answers.

Sadly the word "should" ought to have appeared in your sentence.

A lot of resolvers ignore the TTL, either because of the number of misconfigured TTL entries (too short), because they resolve a LOT of names and figure they can't afford to keep looking up certain names, or out of sheer orneryness.

I don't update frequently so when I do plan to make updates I adjust my TTL to a short period, wait a few days, then make the updates, then after a week turn the TTL way up again. I've noticed that this is pointless with some big sites.

[fanf2]

The reason I set my TTLs to 1 hour is to avoid the faff with preparing for a change by fiddling with TTLs. It’s much easier to have a moderate TTL that’s OK for normal use, and not too long to make changes painful.

[xyst]

By “zone”, is this regional? It was for a .dev tld. So that makes sense as to why I (someone in US) was able to see changes immediately.

[silisili]

No, zone in DNS parlance basically means your domain name (and its records).

[bluejekyll]

This is surprising. What was the TLD for your name? And can you share your SOA config for your zone? (don't need the names, I'm curious about the TTLs in all the SOA fields)

[toast0]

Most TLDs serve glue records with 1-3 day ttls. It's not surprising to me that some servers had the old glue cached (well, I'm assuming they've got traffic... I would be surprised if my domains' glue were cached anywhere of note)

If you can configure your old nameservers to serve the new NS records, sometimes that's helpful.

[xyst]

tld is .dev

localhost:~# dig dev soa … ; <<>> DiG 9.16.39 <<>> dev soa ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65000 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dev. IN SOA

;; ANSWER SECTION: dev. 299 IN SOA ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

This is the soa config?

> SOA ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

[bluejekyll]

I was thinking that maybe you had a large TTL for either the SOA or the minimum TTL field, but both of those are pretty reasonable at 5 minutes and 1 minute.

See this RFC, https://www.rfc-editor.org/rfc/rfc2308#section-4