On Mon, Oct 7, 2019 at 9:08 AM Mike <mike-nanog@tiedyenetworks.com> wrote:
My dns TTL's are all 300 seconds, and I have noticed that once I update the A records with the new addresses, most (but not all) web clients begin using the new address within 5 minutes or so. However, there is a persistent set of stragglers who continue accessing the site(s) on their old addresses for far in excess of this - up to a week in fact. And, what I have noted, all of these clients have something in common - they all appear to be satellite users of viasat/exede. This is based on whois lookups of the ip addresses of the clients. Note, I am NOT expecting 'turn on a time' - just looking for clients to refresh within a reasonable time.
Hi Mike, You may be looking at a web browser "feature" called "DNS pinning." This is used to defeat the "DNS rebinding" attack on javascript that would allow a web site to instruct a browser to scan the interior behind its user's firewall by having an attacker rotate the IP addresses used for Javascript's allowed server name. Depending on the implementation, DNS pinned browsers may not recognize a change to your IP address until the browser is stopped and restarted. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/