Catchpoint DNS Resolvers

  • 2 minute(s) read
Prev Next

Overview

Catchpoint Backbone Nodes' DNS resolvers live within the individual machines that make up a node. Hence the DNS resolver IP configured on the backbone node will be the same as the node's IP. The resolvers consist of third-party commercial DNS servers which are RFC compliant. These resolvers cache authoritative name servers and honor TTLs and rely on these cached records for any DNS resolutions involving those records.

Zone Configuration

In some use-cases, the zone includes authoritative name server records, which can overwrite records from the TLDs (of the same record) or work in conjunction with those records, if different. Clients that have implemented such zone configuration must be very careful when migrating a zone to new name servers, as simply changing the name servers with their domain registrar (which modifies TLD entries) will not be sufficient for the migration.

For DNS zones with such configurations, the DNS resolver will go to the TLDs only the first time. Once it starts communicating with the authoritative name servers they will always provide the NS records and update the cache TTL. This behavior will cause failures for users accessing these DNS resolvers, and will cause Catchpoint tests connecting to these resolvers to fail.

This issue may impact all users around the world depending on what resolvers they are accessing, who else uses those resolvers, and what they have in cache. The Catchpoint DNS test types may not show any issue as they do the recursion without caching.

Troubleshooting

If non-DNS tests type show DNS issues, clients should check their DNS configuration. Name Servers in use before DNS changes should be updated to properly remove themselves from Cache by expiring the TTLs. These errors will be present until the TTLs run out. Running DNS experience tests before and after modifying configurations could help troubleshoot the current configuration and issues that arise during the migration.

In these cases we recommend following this four-step approach:

  1. Lower the TTL of the NS records in the zone to twenty seconds (putting below ten could have negative outcomes in some resolvers) http://blog.catchpoint.com/2012/04/04/dns-records-and-ttl-how-long-does-a-second-actually-last/
  2. Ensure the new Name Servers have the zone configured
  3. Include the NS records for the new Name Servers in the zone configuration of the old Name Servers
  4. Depending on the TTL of the old NS records, 2 * TTL later change the registrar entries to the new name servers

Useful Links

See also: