Topic: What DNS servers are used by SME Server?

[judgej]

I realise that the SME Server does not use the local ISP's DNS servers for lookups, and that was probably a good idea when it was first set up (2001-ish), but is it such a good idea now?

When I change any settings on an Internet domain, for example to switch a website from one server to another, it takes quite literally days for my server to see the change. If I bypass the SME Server DNS by setting the ISP's DNS servers directly in my browser, then I see the change within hours.

So, is it time to make the SME Server's DNS lookup settings more prominant? Perhaps put them into the control panel, so you can switch to the ISP's DNS servers easily?

What do people think? This is probably only an issue to web developers, who are throwing domains around left, right and centre.

If there is any interest, I'll raise it as a feature request (but it's not something I'm going to battle if I'm the only one hitting these issues of slow DNS updates).

[mmccarn]

I always assumed that djbdns used the root name servers by default.

I read somewhere years ago that the root nameservers use a ttl of 3 days for the root domains - ".com", ".org", ".net", etc - which can result in long delays in DNS propagation even if the ttl for your specific domain is set much lower.

Does your situation improve if you restart the dnscache service on the SME server?

[CharlieBrady]

This is probably only an issue to web developers, who are throwing domains around left, right and centre.

If you are "throwing domains around left, right and centre" then you should be reducing the TTL of your DNS zone data before doing so.

[judgej]

Does your situation improve if you restart the dnscache service on the SME server?

No, restarting and rebooting makes no difference. If the root servers don't know the answer, then the domains simply cannot be seen. It is a problem I have been aware of for years, but never quite put my finger on until now. Moving websites around from one server to another is not the kind of thing people do often, unless it happens to be the kind of thing they do, if you know what I mean (i.e. YMMV).

The SME Server setup sequence does provide a box to enter a *single* DNS server if required (up to four would be more appropriate IMO). If the server uses DHCP to get its public IP address, then I think there should be an option to allow it to get the DNS servers that it should use too.

[CharlieBrady]

I read somewhere years ago that the root nameservers use a ttl of 3 days for the root domains - ".com", ".org", ".net", etc - which can result in long delays in DNS propagation even if the ttl for your specific domain is set much lower.

If that is true, then that would only affect additions and deletions of domains, not specific records within the zone.

[judgej]

If that is true, then that would only affect additions and deletions of domains, not specific records within the zone.

*If* you can get at the TTL (SOE records) then yes, setting that low a couple of days before any major changes does help a lot. Sometimes, however, there is no access to the TTL and you are stuck with 24 hours.

Just to be clear, I am not talking about domains hosted *on* an SME Server. This is about domains hosted elsewhere, with the SME Server being used as the DNS on a local network  (in server+gateway mode).

[gzartman]

I realise that the SME Server does not use the local ISP's DNS servers for lookups, and that was probably a good idea when it was first set up (2001-ish), but is it such a good idea now?

You would likely get some value doing some research on how DNS works.   Here's a fairly non-technical doco that does a good job at explaining DNS:  http://www.howstuffworks.com/dns.htm

You seem to be looking at DNS as if there is one big master database out there that stores all domain names and associated IP address.  This isn't how DNS works.

If you are using SME like most of us, then you are probably using some kind of service to provide internet DNS for your Domain(s).  It is this service that is causing the delays in your IP address changes, either due to settings related to your account there or with the service it self, or maybe a combination of both. 

SME's caching DNS is just querying what's out there on the internet, just like your ISP would be doing.  SME's DNS is quite good at doing this.

Charlie has given you the answer to your problem.  Contact tech support for you DNS service and ask them how to modify the TTL settings for your domain(s). 

The TTL settings in the root name servers have nothing to do with the TTL settings for your domain(s).   Once you set the TTL for your domain(s) to say 60min, then no name server out there should cache the IP for your domain(s) longer than 60min, unless the name server isn't working right.

[gzartman]

No, restarting and rebooting makes no difference. If the root servers don't know the answer, then the domains simply cannot be seen. It is a problem I have been aware of for years, but never quite put my finger on until now. Moving websites around from one server to another is not the kind of thing people do often, unless it happens to be the kind of thing they do, if you know what I mean (i.e. YMMV).

SME is respecting the TTL entries for your domains.  My guess is that the TTL is set to days.

The only reason SME would lag your ISP DNS is if that ISP is hosting the domains in question.  If this is the case, then the ISPs DNS would be the authoritative name server for that domain, therefore the change would happen instantly (or as soon as your ISP updated its dbase internally).  TTL would not come into play when query their name server directly.

The root name servers have no idea what the IP addresses are for your domains, because they aren't responsible for your domains.  They only know where to tell the query to look next for the answer.   You might end up with 2,3,4+ hops between name server, starting at the root name server, before you get an answer.

The SME Server setup sequence does provide a box to enter a *single* DNS server if required (up to four would be more appropriate IMO). If the server uses DHCP to get its public IP address, then I think there should be an option to allow it to get the DNS servers that it should use too.

You're looking at SME Server as if it were a regular workstation.  There is no need for it to pull name servers from DHCP.  SME has its own DNS.

The DNS entry in the SME setup is really meant to specify a DNS on your LAN that provides DNS for the hosts on your LAN in addition to forwarding requests to the internet.  Most small to medium sized businesses (users) don't have, or need, multiple DNSs on their LAN, so providing an option for multiple local DNS servers would probably rarely be used.

[judgej]

SME's caching DNS is just querying what's out there on the internet, just like your ISP would be doing.

That's where my problem is - this is not how it is happening. The SME server gets its requests from a *different* place than the ISP. It happens that this different place is usually slower to get updated then my ISP(s). I am sure it was the other way around years ago when SME Server was originally set up - ISPs were notoriously slow at updating their own caches. I am really just querying whether the assumptions made seven years ago are still valid.

-- JJ

[judgej]

SME is respecting the TTL entries for your domains.  My guess is that the TTL is set to days.

With a TTL set to a single day (24 hours) it has taken my SME Server almost two full days to catch up with a domain change. My ISP got that change within hours. It could be that the ISP is *not* honouring the TTL, which could be argued to be wrong on their part.

The only reason SME would lag your ISP DNS is if that ISP is hosting the domains in question.

Not the case in my recent experience. Registrar FASTHOSTS, web server 34SP and ISPs Virgin Net, BeThere Internet and Tiscali. All three ISPs picked up the domain change within hours. SME Sever took two days before it could even look up the domain.

The root name servers have no idea what the IP addresses are for your domains, because they aren't responsible for your domains.  They only know where to tell the query to look next for the answer.   You might end up with 2,3,4+ hops between name server, starting at the root name server, before you get an answer.

Yes, the issues I find, when doing an NSLOOKUP is that the lookup times out.

You're looking at SME Server as if it were a regular workstation.  There is no need for it to pull name servers from DHCP.  SME has its own DNS.

Yes it has its own DNS - just like any workstation has its own cache - but the issue is where it places itself in the world-wide hierarchy of DNS servers. I think it may be too high up the tree for its own good at times.

The DNS entry in the SME setup is really meant to specify a DNS on your LAN that provides DNS for the hosts on your LAN in addition to forwarding requests to the internet.  Most small to medium sized businesses (users) don't have, or need, multiple DNSs on their LAN, so providing an option for multiple local DNS servers would probably rarely be used.

From what I remember looking at the config files of SME Server, it already has multiple DNS servers that it uses - about a dozen of them (though about half of those were out-of-date when I last looked). So, it already happens and is already used by everybody.

-- JJ

[CharlieBrady]

I am really just querying whether the assumptions made seven years ago are still valid.

The DNS protocol hasn't changed.

[CharlieBrady]

SME Sever took two days before it could even look up the domain.

Negative responses are cached as well, and those responses have their own TTL (controlled by the upstream server). You will see the name more quickly if you don't ask for it until after it has been created.

[CharlieBrady]

Yes it has its own DNS - just like any workstation has its own cache - but the issue is where it places itself in the world-wide hierarchy of DNS servers. I think it may be too high up the tree for its own good at times.

It's not anywhere in the tree. The tree refers to content DNS servers, which start at the root, and follow delegation to other servers authoritative for subtrees. Your applications are interacting with the caching resolver, which doesn't sit in the tree, but walks the tree with queries.

I'd suggest you do some reading - e.g. "How the Domain Name System (DNS) works":

http://www.bytemark.co.uk/page/Live/support/tech/dnsworks

"How does DNS work?":

http://cr.yp.to/djbdns/intro-dns.html

"Notes on the Domain Name System":

http://cr.yp.to/djbdns/notes.html

If you think SME server's resolver is not working correctly, please provide details via the bug tracker.

[CharlieBrady]

From what I remember looking at the config files of SME Server, it already has multiple DNS servers that it uses

Those are not DNS resolvers (which are the "DNS servers" used by client systems such as workstations). Those are just hints of where to start looking for the addresses of the root name servers.

- about a dozen of them (though about half of those were out-of-date when I last looked).

That pure BS, but if you believe it to be true, you should report details via the bug tracker.

[CharlieBrady]

Yes it has its own DNS - just like any workstation has its own cache ...

Most workstations don't have a DNS cache. If they do have a DNS cache, there's only one correct way for them to work, which is to follow the protocol defined in the RFCs.