Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

29% Positive

Analyzed from 1077 words in the discussion.

Trending Topics

#dns#vibe#propagation#resolvers#change#propagate#cache#myth#entries#geographically

Discussion (24 Comments)Read Original on HackerNews

teddyhabout 6 hours ago
The myth of DNS “propagation” needs to die. Changed DNS entries do not “propagate”. The old cached DNS entries in DNS resolvers simply expire, in an arbitrary order. DNS resolvers are not linked geographically; there is no “propagation”.

If this tool was querying a list of widely-used public (and/or private) DNS resolvers, it might be useful. But pretending that DNS entries propagate geographically does not do anyone any favors.

MaulingMonkeyabout 4 hours ago
> The myth of DNS “propagation” needs to die.

What's the actual issue? Are you being frustrated by people laboring under the assumption that DNS records are being sent by carrier pidgeon or something?

> There is no geographical connection whatsoever.

DNS censorship will presumably be based on geopolitical boundaries, which in turn are bound by geography. And I wouldn't be entirely suprised if poor network connections - including those potentially geographically bound (poor weather / flooding / tornados severing or degrading links or power) had some (minor, infrequent) impact on the rate stale cache entries are evicted in favor of fresh ones.

Granted, none of that means a DNS resolver halfway across the globe from the authoritative servers can't typically get updated results <200ms (≈light speed), which is safely ignorable / won't be visible as records propagating from geographic neighbor to geographic neighbor. And granted further, I'm both too boring to censor, and too smart to be on call for anything that would make me aware of global outage reports - so the map is admittedly useless to me beyond farming that hacker vibe aura.

But I imagine there's at least one or two dudes out there that'll see a red dot in, say, Australia - and that'll save them a few minutes, by giving them a shortcut to determining the root cause of some issue reported in Australia by letting them correctly guess/blame stale DNS records.

toast0about 5 hours ago
a) different DNS systems get the change out to all the authoritatives different ways. Some of them with much delay. Delays are hopefully minimal on modern systems, but I've worked with bad systems where you change dns in the api and it takes minutes and sometimes hours for the authoritatives to start returning new results; traditional notify/axfr based systems often have a queue of several seconds at least.

b) as resolver caches expire, new queries will hopefully get new answers (as long as the authoritatives get updated per a), and eventually you get the new results everywhere except for resolvers that do terrible things...

When the change is made and it takes time for the results to show up everywhere, I think propagate is a reasonable verb. You could use disperse or diffuse or something else, but you need a verb to let people know it's going to take time for your changes to be visible everywhere.

I don't know that propagate necessary implies the change becomes visible in an orderly way. 'Around the globe' doesn't really either, it's just observing from around the globe as resolvers get new data.

What verb do you prefer to use to describe how unsychronized caches obtain new values?

c22about 3 hours ago
Percolate?
muppetmanabout 1 hour ago
Thank you. I have this discussion all the time. The argument I get back "Right, but it seems like the change takes awhile because of the DNS cache expiring, so it's the same as propagating". My counter to that is to say "If I punch you in the mouth, would you just tell people I'd asked you be to be quiet, or would you use the right explanation as to what'd happened?"

(It's a stupid counterargument, btw, but it ends the discussion)

Calliclesabout 6 hours ago
That's what the tool is doing - querying a bunch of public resolvers around the world to see the state of what they resolve to. Since end users usually use DNS servers close to their location, this gives an idea, around the world, of who sees what.

Agreed, this is a cache that expires and refreshes from the source DNS server. It just looks like a virus that propagates when the cache expires.

teddyhabout 6 hours ago
> It just looks like a virus that propagates when the cache expires.

No it does not. The changes do not happen geographically. There is no geographical connection whatsoever. Calling the tool “DNSGlobe”, and displaying a map, only further reinforces the myth.

browningstreetabout 2 hours ago
Ehh do you remember the defaults back in the day? And how long local vs intermediary vs backbone TTLs could be cached for, even above and beyond the set TTL?

The propagation part refers to how long it would take for all those cached requests to expire and when you could tell some random client they should be able to see the new value. Especially when you forgot to lower the TTL ahead of time.

It’s a term of art and it’s fine.

Oh that reminds me. I made a bunch of DNS changes a while ago and left all the TTLs set to 5 minutes. I should up them.

perching_aixabout 4 hours ago
There is no such myth that I'd be aware of, and I seriously doubt the author behind this would be operating under such a misunderstanding either. Maybe you used to at some point, but then that's a separate issue.

Propagation is just an incremental spread across a topology. Doesn't need to be a physical topology whatsoever.

It may seem like this program suggests a physical propagation as far as its elevator pitch goes, but one glance at the readme clears it up pretty quickly that that's not actually the case.

Changes do propagate, and seeing funny blinking lights on a world map is cool. Doesn't mean there'd be an intent to convey the process as a geographical spread.

OptionOfTabout 5 hours ago
Vibe-coded. Sorry.

https://github.com/514-labs/dnsglobe/blob/c29802162636832e88...

You take the `other`, do a `to_string()` on it, which creates a String representation. Then you pass a reference to that String, and, in the case it doesn't contain `time out` or `timeout` or `refused`, the reference gets turned AGAIN into a String (i.e. new allocation), truncated to 48, and then returned.

There is no check whether that the character at the 48th byte is a character boundary.

Add to that the fact that this is a Rust project with the oldest commit created yesterday and it is using the 2021 edition.

Be better.

orangeboatsabout 5 hours ago
It's gotten to the point that the moment I see "Rust" and "TUI" together, I immediately assume it's vibe coded. The combination just seems to be vibe coders' favorite, for some reason.
zx8080about 2 hours ago
> The combination just seems to be vibe coders' favorite, for some reason.

It's the secret key to HN front page!

Calliclesabout 5 hours ago
This was 100% vibe-coded with Claude Code and Fable.

https://x.com/thatsFrScience/status/2073741209592295866

Thanks for the feedback, though, and for taking the time to look at the code. I can ship a round of cleanup.

seamossfetabout 3 hours ago
Nothing wrong with vibecoding a toy project.
Calliclesabout 1 hour ago
Addressed the feedback
rvzabout 4 hours ago
Quite mixed on this one given that the author has experience with Rust before coding agents and this is just his toy project.

There is going to be a time where these vibe coded projects have silent bugs, vulnerabilities or unnecessary performance issues and the AI coding agent just lies to the user that it has none.

The AI agent will be the one to introduce new issues in the codebase regardless of "tests". The new issue is now the non-technical human vibe-coding is none the wiser.

We have already seen this in Codex itself. Imagine this propagated in many other code-bases.

rickydrollabout 1 hour ago
Having created and debugged human-written code with silent bugs, vulnerabilities, or unnecessary performance issues since my first day on the job, and pointing you to myriad companies with bugs and vulnerabilities that existed pre-AI, all I can say is "plus ça change, plus c'est la même chose."
robohoeabout 6 hours ago
Aren’t there websites already that check global DNS servers to check TTL expiry of DNS records?
teddyhabout 6 hours ago
There are many; I often use <https://dnschecker.org/>
Calliclesabout 5 hours ago
Yeah, I used to use https://www.whatsmydns.net/. I wanted it in the terminal without ads.
LouisvilleGeekabout 3 hours ago
Not sure of why everyone is negative against this tool?

I quite like it. Thanks for sharing!

krypd0habout 3 hours ago
I like it. Tell the vibe-coder haters to take a hike. Suggestion: It would be helpful if you could sort by COLUMN or group by LOCATION.

Keep on vibin'.

Calliclesabout 1 hour ago
Released a new version with the suggestion ;)
Calliclesabout 3 hours ago
Thanks for the feedback!