[dns-operations] EC2 resolver changing TTL on DNS answers?
Giovane C. M. Moura
giovane.moura at sidn.nl
Tue Nov 28 13:32:10 UTC 2017
Hi,
Anyone from Amazon here? Just came across this: resolvers at EC2
(Northern California) seem to change the TTL of DNS records.
Just curious about why this is happening.
To reproduce:
1. Querying from my laptop:
giovane at laptop:~$ dig ns nl
nl. 172800 IN NS ns1.dns.nl.
nl. 172800 IN NS ns-nl.nic.fr.
nl. 172800 IN NS ns2.dns.nl.
nl. 172800 IN NS sns-pb.isc.org.
nl. 172800 IN NS ns3.dns.nl.
nl. 172800 IN NS nl1.dnsnode.net.
nl. 172800 IN NS ns5.dns.nl.
nl. 172800 IN NS ns4.dns.nl.
In this query, every NS has a TTL on 172800, as in the root zone[1].
That's how it should be.
2. Querying from Amazon EC2 (Northern California):
[ec2-user at ip-172-31-6-139 ~]$ dig ns nl
nl. 60 IN NS ns5.dns.nl.
nl. 60 IN NS ns-nl.nic.fr.
nl. 60 IN NS sns-pb.isc.org.
nl. 60 IN NS nl1.dnsnode.net.
nl. 60 IN NS ns1.dns.nl.
nl. 60 IN NS ns2.dns.nl.
nl. 60 IN NS ns3.dns.nl.
nl. 60 IN NS ns4.dns.nl.
So the TLL using the local resolver from EC2 (172.31.0.2) has its TTL
reduced to 60s, instead of what is in [1]. You can run the same query
for any TLD, or even amazon.com.
Just curious why. Thanks,
/giovane
[1] https://www.internic.net/domain/root.zone
More information about the dns-operations
mailing list