On Feb 27, 2012, at 2:53 PM, Valdis.Kletnieks@vt.edu wrote:
On Mon, 27 Feb 2012 14:02:04 EST, William Herrin said:
The net result is that when you switch the IP address of your server, a percentage of your users (declining over time) will be unable to access it for hours, days, weeks or even years regardless of the DNS TTL setting.
Amen brother.
So just for grins, after seeing William's I set up a listener on an address that had an NTP server on it many moons ago. As in the machine was shut down around 2002/06/30 22:49 and we didn't re-assign the IP address ever since *because* it kept getting hit with NTP packets.. Yes, a decade ago.
In the first 15 minutes, 234 different IP's have tried to NTP to that address.
I hereby reject the principle that one can not renumber a host/name and move it. Certainly some people will see breakage. This is because their software is defective, sometimes in a critical way, other times in a way that is non-obvious. But I reject the idea that you can't move a service, or have one MX, DNS, etc.. host be down and have it be fatal without something else being SERIOUSLY broken. If you are right, nobody could ever renumber anything ever, nor take a service down ever in the most absolute terms. I've been involved in large scale DNS server renumbering/moving/whatnot. It's harder these days than it was in the past, but its feasible. I know those resolver addresses that have been retired still get queries from *very* broken hosts. Just because they're getting queries, doesn't mean they are expecting an answer, or will properly handle it. Sometimes you have to break the service worse for people to repair it. Look at the DCWG.org site and try to get an idea if you're infected. At some point those will go away. Doesn't mean those people aren't broken/infected and REQUIRE remediation. - Jared