I had a disastrous downtime of my website domain after replacing the name servers of my registrar Host Europe by those of a service provider.
Host Europe technical support told me that they immediately delete DNS entries on their name servers if you do so.
Is it possible, that the downtime of my website was because machines still asked the old name servers and they said “don’t know”? (I don’t know much about DNS.)
And is it normal for registrars to act this way?
How does it Google Domains? How Cloudflare Registrar?
And how to avoid the problem? Is a big TLL better or a small one? I think I had set it to 10 Minutes before switching.
Your question is offtopic here as not related to programming so might get deleted, but the following was too long to put in a comment to help you:
Host Europe technical support told me that they immediately delete DNS entries on their name servers if you do so.
This is very bad behaviour. Their nameservers will still get queries for basically the amount of time being the TTL of the NS records at parent.
Is it possible, that the downtime of my website was because machines still asked the old name servers and they said “don’t know”?
Yes this is exactly what happened.
An old provider should never pull the plug immediately. There are a lot of caches in the DNS.
If you can control the TTL values on your records, you can try adjusting them upwards at old provider, before the nameservers change. It may help a little or not at all, and not all DNS providers let people choose TTL freely. Somewhere around 1 week would be a good ballpark here.
And is it normal for registrars to act this way? How does it Google Domains? How Cloudflare Registrar?
Normal as in "unfortunately widespread", probably yes, but can't comment on any specific company. Note also that here the problem is not with the registrar role, but the DNS provider role. Both can be same companies, but are different roles. There are no worldwide DNS organization, where for registrars many of them are ICANN accredited (but they say nothing about this case IIRC), and in all cases are accredited by registries. I can say for sure that at least one registry (AFNIC for .FR) does mandate/require/recommend (not sure of the wording) registrars/DNS providers to keep the old DNS configuration in case of a change. I don't think though that it is checked nor enforced unfortunately.
And how to avoid the problem? Is a big TLL better or a small one? I think I had set it to 10 Minutes before switching.
It does not matter because what comes into play is the TTL (Time To Live) of the NS records at the parent (the registry handling the TLD under which your domain is registered), which you have 0 control over.
Unfortunately there is no real proper counter measure here, your DNS provider needs to do its job properly and not cut down resolution immediately.
A partial solution could be something akin to:
add nameservers without removing current one: note that they need to be listed in the zone, AND you need to change the domain at the registry, otherwise you will be in a lame delegation case (which you can also decide to sustain, but it is bad in general)
after some time (typically again the TTL at parent), you can now remove the old servers (again both in the zone and at parent).
That way even if the old nameservers stop to work immediately for your domain, all resolvers would have time to learn about the new ones, and even if they try to contact old nameservers, and get an error, they may (not guaranteed to always work and of course at least introducing some delays) switch to the new ones. Until again the same TTL passes after second point after which all resolvers will know only about the new nameservers.
Another trick that could work but means you will be in a lame delegation case is the following. It works because a lot of resolvers, including big ones like Google Public DNS are child centric instead of parent centric: you change the zone content to list the new nameservers as NS records, removing old ones and you do NOT do any change at the registry side. This will let some resolvers (but not all) learn about new nameservers and after some time you can do the switch at the registry.
Related
I run a small e-commerce platform, and over the past two years have grown customers.
There's around 100 customers now and their domains point to our server IP by the use of two A records (# and www).
I'm not experienced in this area so I need someone who's knowledgable about setting up major SaaS projects.
The worry I have is, if for whatever reason I change host, wouldn't I lose the IP address? And surely at that point, I may need to ask over 200 customers to change their DNS settings to point to our new server?
A friend said to me about using a CNAME (pointing to a domain I own), but another professional server contact told me that it's not ideal. What further confuses me is this:
If my point remains true (and that an IP isn't able to be owned), then how come Squarespace and a few other major players have an option to instruct their users that they can use an A record to point to their (squarespace/wix..) IP address? Do they know something I don't (do they own an IP?)? What happens if squarespace for whatever reason have to change IP, surely 100,000's+ customers would need to change their IP A records? This seems very impractical and not realistic. It really confuses me.
I'd really appreciate some enlightening in this area, because I need to know sooner rather than later if I dig myself into a hole if I get over 500 customers and for whatever reason I end up having to ask 500 of them to change DNS settings.
Thanks.
I have been thinking about moving my domain over to my website hosting provider to store the DNS records inside cPanel. I believe it would be nice to keep both the website and domain together using one service.
My question is, are there any downsides to storing your DNS on your cPanel. I guess my concern would be if my hosting provider went down then I could possibly end up waiting for my DNS propagate again. If my TTL was set to 24 hours I could be experiencing a rather large downtime if I was unlucky enough.
How do other people normally reduce this risk? Should I be keeping a constant low TTL on my DNS at all times? Or should my DNS be hosted separate to my website. How do other people handle DNS downtime?
I have done some research regarding the matter but I haven't seen it discussed anywhere before and would just like some insight into the matter.
I finally found an answer to my question which was provided by my hosting company.
They run the DNS on a clustering system which means that even if the server goes down, DNS should continue to function, so no DNS propagation would need to re-occur should the hosting server go down.
I assume this would be common practice among shared hosting companies. It's definitely interesting to know.
To PROGRAMMATICALLY verify if a domain exists I do the following:
DNS Query it and see if it resolves. If it does, it's obviously registered. So no need for step 2. If it doesn't, it might STILL be registered. So a whois check is required.
Backtrack from whois.iana.org and see if the designated whois server knows the domain or not.
Well, whois is not really meant for bulk checking. Not to mention that the RFC has only 4 pages and there's no clear specifications as to the format or even the encoding of the data. So you pretty much have to train the parser for each specific answer format (server).
Is there a way to circumvent the whois query and check (as close to the metal as possible) if the domain is registered in another (publicly available) standardized (preferably free or affordable) way? And not by downloading the TLD zone file or using third-party APIs (as they have a bad habit of snatching domains that you check before you get to register them). :)
I know registrars have their own protocol but I'm not sure if it's open to public use.
There isn't really any good way to do this accurately without looking at zone files or checking directly with the registry, unfortunately.
Registrars typically use a protocol like EPP to talk to a registry, check name availability and place orders. It's unlikely that anyone other than an accredited registrar would be permitted to use this protocol, but it may be worth checking with the registry that manages the TLDs you are interested in, e.g. Verisign.
I'd (personally) be wary of relying too much on DNS queries or WHOIS lookups to ascertain whether a particular domain exists, as both can produce inaccurate results from time to time. For example, certain TLDs have name servers configured for any unregistered domain name (they often direct you to the registry's website). The Vietnamese registry is one example of this. WHOIS lookups can fail for any number of reasons, so lack of a record is not concrete evidence of the domain's availability.
This is something where I get confused..
Say I acquired a domain name blabla.ge (ge is for Georgia) and hosting my files with US based hosting company. What are the downsides if any and is there an option to change the DNS server?
Cheers!
Agreed, there is no real downside. The tld is really not that important to basic usage. Yes root servers factor in here but really nothing that will impact your daily activities and you don't really need to worry.
For the nameservers, you can change these to any servers you wish and have access to manage the records. Location isn't important other than basic routing and response time. Nameservers generally should be on diverse networks and diverse locations per Best Practices. I have nameservers available in multiple countries and there's nothing wrong with that. If you are using the nameservers provided by your registrar, you likely have the diversity I mentioned, although they may be located in a single country (which is fine).
I have multiple domains registered with tlds such as .nl, .im, .com.de, etc. Some of these point to US-only nameservers, some use nameservers in multiple countries and a couple use the nameservers provided by my registrar (who I purchased the domain from).
From there, my A records point to servers in diverse locations.. Primarily the US and Netherlands. This set up works great, performance is adequate and there are no major downsides to doing it this way. You can change your nameservers for the .ge domain to use US servers or you can leave them overseas and use A records to point to your server(s) in the US. You can debate which method would be "best" given a situation but neither method is "wrong."
So in short, no major downside to doing this at all. And yes, changing your DNS server (nameserver) is always an option. Hope this helps.
Let's say there is a page with 100 different user photo's shown on the page,
that is at least 100 DNS lookups right there, would this be reduced if I were to link using the an IP instead of a domain url?
http://217.345.33.444/images/photo.jpg instead of http://domain.com/images/photo.jpg
It lowers DNS lookup overhead but will force painful, monotonous, error-prone changes if that IP ever changes down the road.
Also, once a single name is resolved, it shouldn't be looked-up again ...
Its a bit late at night for my timezone, but I thought that DNS lookups are cached in various spots, (even on the local machine??) so it is not as bad as you think.
Thus the first call to lookup the domain will travel a fair way, but the results should be cached on in-between machines so that there is less performance hits with the later calls.
I am sure that this sort of thing was thought long and hard about by the designers of the DNS protocols.
Edit notes
Its taken me 3 edits just to get my spelling and grammar straight - it is definitely too late at night for me
DNS lookups are cached by your computer, so there will only be a single lookup per unique domain.
Additionally, most people use their internet provider's DNS server, and it will typically cache DNS lookups as well, so a lot of the time, the DNS lookup will just be a single network hop away.
You have no way of knowing when the IP address of a domain will change, so I do not recommend this approach.
Is there a reason you don't store the images on your own domain? If you did that:
the DNS issue would go away.
A lot of web servers don't allow hot linking of images, so this problem would be solved as well.
that would also create the possibility of spriting images together, if the set of images shown together doesn't change often.
Why is that 100 DNS lookups? Are all the images on different domains? You should only typically incur one lookup per unique domain (and that's assuming that domain has never been resolved before).
How confident are you that your IP address will never change? Also if you had those 100 images on 4 different domains performance would increase.
Every browser I know looks up for the DNS only once and than cache it. Even if it doesn't, the system does. There's no 100 lookups as you suspected.
You can take a proof of that with any simple traffic sniffer, as I did.