On Tue, Feb 28, 2012 at 9:02 AM, Jared Mauch <jared@puck.nether.net> wrote:
On Feb 27, 2012, at 2:53 PM, Valdis.Kletnieks@vt.edu wrote:
On Mon, 27 Feb 2012 14:02:04 EST, William Herrin said:
The net result is that when you switch the IP address of your server, a percentage of your users (declining over time) will be unable to access it for hours, days, weeks or even years regardless of the DNS TTL setting.
Amen brother.
So just for grins, after seeing William's I set up a listener on an address that had an NTP server on it many moons ago. As in the machine was shut down around 2002/06/30 22:49 and we didn't re-assign the IP address ever since *because* it kept getting hit with NTP packets.. Yes, a decade ago.
In the first 15 minutes, 234 different IP's have tried to NTP to that address.
I hereby reject the principle that one can not renumber a host/name and move it. I reject the idea that you can't move a service, or have one MX, DNS, etc.. host be down and have it be fatal without something else being SERIOUSLY broken. If you are right, nobody could ever renumber anything ever, nor take a service down ever in the most absolute terms.
Something else IS seriously broken. Several something elses actually: 1. DNS TTL at the application boundary, due in part to... 2. Pushing the name to layer 3 address mapping process up from layer 4 to layer 7 where each application has to (incorrectly) reinvent the process, and... 3. A layer 4 protocol which overloads the layer 3 address as an inseverable component of its transport identifier. Even stuff like SMTP which took care to respect the DNS TTL in its own standards gets busted at the back end: too many antispam process components rely on the source IP address, crushing large scale servers that suddenly appear, transmitting large amounts of email from a fresh IP address. Shockingly enough we have a strongly functional network despite this brokenness. But, it's broken all the same and renumbering is majorly impaired as a consequence. Renumbering in light of these issues isn't impossible. An overlap period is required in which both old and new addresses are operable. The duration of that overlap period is not defined by the the protocol itself. Rather, it varies with the tolerable level or residual brokenness, literally how many nines of users should be operating on the new address before the old address can go away. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004