There's almost 300 RFCs related to DNS. It can do many things, and some of them are complex. But human error is almost always the root cause.
Your inability to configure DNS properly speaks more about you, then the service itself.
https://medium.com/adevinta-tech-blog/its-not-always-dns-unl...
It's not always DNS, unless it is - https://news.ycombinator.com/item?id=38719126 - Dec 2023 (73 comments)
It seems carriers can't get their MTUs straight as of late, especially on MPLS links...
I really thought we had this figured out 20 years ago...
For me the path was accessible, logging on the same server proved the path was accessible, 3 hours of the proper troubleshooting confirmed everything should work. But yet.
Skipping short the circumstances, one of (the 6 total) DCs decided what... DNS server isn't worth running. And for this one user DFS (last changed at least two years ago) decided to fall back to the file server from 2018, which, of course, pointed the DFS target to a no longer existant share.
Of course it wasn't DNS in this case. It was the DNS in this one.
a.) lack of monitoring for running services b.) cruft/old configurations
Almost anything you do on the internet (or local network) depends on DNS functioning correctly. DNS can get complex quickly - multiple servers (caching/authoritative/recursive) and protocols = lots of opportunities for something to be misconfigured. Cached entries in particular can be a nightmare if something gets outdated - it takes time for an update to a DNS record to propagate to all the other DNS servers on the Internet. All kinds of other random services etc depend on DNS records being correct and DNS working. When there’s an issue it’s not always immediately apparent that a DNS problem is the root cause, leading to lots of time chasing your tail/tearing your hair out trying to figure out what the heck broke.
I’m in the US so it was almost instantaneous between updating the dns records in domain register any being able to verify the changes with my own rDNS server.
But using a UK or NL dns server didn’t immediately pick up those recent changes.
Had to wait an additional 48 hrs for global dns propagation.
Caches rely on the TTL of records in your zone, or the SOA negative TTL field for negative answers. You control these TTLs, so don’t set them to 48 hours. In most cases there’s little benefit to having TTLs longer than 1 hour. (I use 24 hours for TTLs on NS records and nameserver addresses, because they tend to be more stable, and it’s good for tail latency to keep them in caches longer.)
Sadly the word "should" ought to have appeared in your sentence.
A lot of resolvers ignore the TTL, either because of the number of misconfigured TTL entries (too short), because they resolve a LOT of names and figure they can't afford to keep looking up certain names, or out of sheer orneryness.
I don't update frequently so when I do plan to make updates I adjust my TTL to a short period, wait a few days, then make the updates, then after a week turn the TTL way up again. I've noticed that this is pointless with some big sites.
If you can configure your old nameservers to serve the new NS records, sometimes that's helpful.
localhost:~# dig dev soa … ; <<>> DiG 9.16.39 <<>> dev soa ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65000 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dev. IN SOA
;; ANSWER SECTION: dev. 299 IN SOA ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
This is the soa config?
> SOA ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
DNS: I do have an ongoing problem specific to Unbound where it refuses to serve some entries in a transparent zone of DHCP-registered addresses that have written to config files properly but it insists on refusing to resolve certain hosts nondeterministically. But that's the only problem I have had in a long while because mostly infrastructure works out of necessity and scale.
