Follow

Don't be shy with DNS TTLs.

If you have settled your services on one or more IP addresses, push the TTL up. 12-24 hours are no problem. You mitigate almost all service outages from your DNS providers by that.

Main thing you have to keep in mind is that if you want to move a service around, you can either move the IP address with your service or should to lower the TTL at least 12 hours before moving the service.

@sheogorath if it's HTTP you can also easily set up a reverse proxy on either server. Then you can switch DNS whenever the hell you want.

@sheogorath I thought this was the actual rule, no? 🤔

I know people cheat now-a-days with all these service-as-a-service offerings and CNAME mappings.

But yes, if you host your own services, there is no reason to have ridiculously short TTLs.
At my job, whoever managed the domains before me put up 30s for every domain record. I don't know whether that was from some naivity or the default value for the provider. ¯\_(ツ)_/¯

@sheogorath Also, as a rule of thumb, I set relatively higher TTLs when I set up A records and with respect to CNAME records, I decide on a case-to-case basis depending on whether the CNAME points to an internal service or an external service.

Like you mentioned about migrating services, I plan on a regressive model, I halve the TTL every time I make a change so that I don't essentially load recursive DNS servers with my domain that I will be migrating a week or so later.

@sheogorath Migrating MX records are the most taxing because they have BCP-implications and in the worst-case, security risks associated with them.

My personal MX records has a 12-month TTL, but the one at work has a 60-day TTL.

I've had to do make one MX migration and that's where I came up with the regressive plan of halving the TTL with each change; and then extended that to all domain changes. I even documentented it as a policy for one organization.

@shine in this case you might want to have a look at work like this article:

00f.net/2019/11/03/stop-using-

These days I force minimal TTLs on my name servers because it's so ridiculous what's going on in that space. It's as crazy as people publishing TTLs of 1, 5 or 15. And yes, most people do that without realizing it, because some SaaS comoanies that offer DNSaaS decided that this is how it should be done.

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.