How reliable is DNS TTL for server switch over? (DNS TTL overriding)

Question

How reliable is DNS as a mechanism to switch between servers? With low TTL's, testing seems great, but I was wondering how reliable this would be for a public, production system?

My concern with this strategy is that I'm not sure if DNS record caching can be overridden by DNS proxies, and some providers may use this to save traffic. What if we use integration with other systems (e.g. a web service for mobile)?

While I understand how RFC compliant DNS is meant to work, I'm not actually sure how complaint networks are in general. (and DNS rr works great too for distribution, but this is specifically for switch-overs).

Answer 1

It's "reliable enough" for most of your audience.

Yes, recursive DNS resolvers do allow administrative override of TTLs (e.g.cache-min-ttl) that disobeys yours if you had set it too low. Also, there are software stacks that cache records forever in their default configuration (Java < 1.6).

You should always be prepared for some residual traffic to the old host even long after the switch over. In my experience, though, they're mostly poorly-written crawlers. If you want to be 100% certain of not missing any traffic, proxy all traffic from the old host to the new. Nginx/Apache can be easily made to do that.

You can query a recursive server for the remaining TTL that it is going to cache a record. Type this repeatedly, and you'll see that the TTL decreases with time:

dig @208.67.222.222 stackoverflow.com

Once the record expires, it should start at the TTL that you configured in your zone.

This way, you can at least test it against the public resolvers to see if it is obeying your TTL.