49 comments

  • teddyh 13 hours ago ago

    The myth of DNS “propagation” needs to die. Changed DNS entries do not “propagate”. The old cached DNS entries in DNS resolvers simply expire, in an arbitrary order. DNS resolvers are not linked geographically; there is no “propagation”.

    If this tool was querying a list of widely-used public (and/or private) DNS resolvers, it might be useful. But pretending that DNS entries propagate geographically does not do anyone any favors.

    • walrus01 an hour ago ago

      > The old cached DNS entries in DNS resolvers simply expire, in an arbitrary order.

      I really wish that was so. There's lots of weird resolvers out there used by weird ISPs that don't properly respect the TTL value. Setting TTL to some really low number a full day before making a major change is no guarantee that your zone will expire in a bunch of places. All kinds of weird ISPs try to do things with the dns results they present to their customers.

    • toast0 11 hours ago ago

      a) different DNS systems get the change out to all the authoritatives different ways. Some of them with much delay. Delays are hopefully minimal on modern systems, but I've worked with bad systems where you change dns in the api and it takes minutes and sometimes hours for the authoritatives to start returning new results; traditional notify/axfr based systems often have a queue of several seconds at least.

      b) as resolver caches expire, new queries will hopefully get new answers (as long as the authoritatives get updated per a), and eventually you get the new results everywhere except for resolvers that do terrible things...

      When the change is made and it takes time for the results to show up everywhere, I think propagate is a reasonable verb. You could use disperse or diffuse or something else, but you need a verb to let people know it's going to take time for your changes to be visible everywhere.

      I don't know that propagate necessary implies the change becomes visible in an orderly way. 'Around the globe' doesn't really either, it's just observing from around the globe as resolvers get new data.

      What verb do you prefer to use to describe how unsychronized caches obtain new values?

      • jon-wood 3 hours ago ago

        > Delays are hopefully minimal on modern systems

        The delays are almost always self inflicted by people who've blindly put 36400 in the TTL field like some sort of magic charm rather than considering how long they want the cache expiry to be. Long ago I was one of them and then I had the company greybeard point out that DNS record updates are a thing we had control over - just drop the TTL to 30 seconds or whatever a day before a planned change of servers and (barring the odd stubborn resolver which thinks it knows better than you do) the time it takes for those caches to refresh goes from 24 hours to 30 seconds.

        • bux93 an hour ago ago

          djbdns/tinydns can schedule a change and give out a lower and lower TTL the nearer the changeover time gets - a quick search doesn't show any newer implementations but this is surely a good way to do it.

      • timwis 5 hours ago ago

        My interpretation of the concern is that propagate implies that the new value is being pushed out to other resolvers, when in fact those other resolvers pull the new value (once their cached value expires).

      • c22 10 hours ago ago

        Percolate?

    • MaulingMonkey 10 hours ago ago

      > The myth of DNS “propagation” needs to die.

      What's the actual issue? Are you being frustrated by people laboring under the assumption that DNS records are being sent by carrier pidgeon or something?

      > There is no geographical connection whatsoever.

      DNS censorship will presumably be based on geopolitical boundaries, which in turn are bound by geography. And I wouldn't be entirely suprised if poor network connections - including those potentially geographically bound (poor weather / flooding / tornados severing or degrading links or power) had some (minor, infrequent) impact on the rate stale cache entries are evicted in favor of fresh ones.

      Granted, none of that means a DNS resolver halfway across the globe from the authoritative servers can't typically get updated results <200ms (≈light speed), which is safely ignorable / won't be visible as records propagating from geographic neighbor to geographic neighbor. And granted further, I'm both too boring to censor, and too smart to be on call for anything that would make me aware of global outage reports - so the map is admittedly useless to me beyond farming that hacker vibe aura.

      But I imagine there's at least one or two dudes out there that'll see a red dot in, say, Australia - and that'll save them a few minutes, by giving them a shortcut to determining the root cause of some issue reported in Australia by letting them correctly guess/blame stale DNS records.

      • teddyh 3 hours ago ago

        Yes, I am constantly needing to disabuse people of their misconception that DNS changes start to apply gradually by geographic distance, instead of applying arbitrarily by pure chance of when each resolver happened to query the record previously.

      • AndyMcConachie 4 hours ago ago

        >> The myth of DNS “propagation” needs to die.

        > What's the actual issue? Are you being frustrated by people laboring under the assumption that DNS records are being sent by carrier pidgeon or something?

        The actual issue is that some people misunderstand how DNS works, and the notion that records propagate doesn't help people understand it better. It propagates a misunderstanding of DNS.

        • phikappa 4 hours ago ago

          DNSGlobe – Rust TUI to watch misunderstandings about DNS propagate around the world (github.com/514-labs)

          There I fixed it for you.

    • Callicles 12 hours ago ago

      That's what the tool is doing - querying a bunch of public resolvers around the world to see the state of what they resolve to. Since end users usually use DNS servers close to their location, this gives an idea, around the world, of who sees what.

      Agreed, this is a cache that expires and refreshes from the source DNS server. It just looks like a virus that propagates when the cache expires.

      • teddyh 12 hours ago ago

        > It just looks like a virus that propagates when the cache expires.

        No it does not. The changes do not happen geographically. There is no geographical connection whatsoever. Calling the tool “DNSGlobe”, and displaying a map, only further reinforces the myth.

    • muppetman 8 hours ago ago

      Thank you. I have this discussion all the time. The argument I get back "Right, but it seems like the change takes awhile because of the DNS cache expiring, so it's the same as propagating". My counter to that is to say "If I punch you in the mouth, would you just tell people I'd asked you be to be quiet, or would you use the right explanation as to what'd happened?"

      (It's a stupid counterargument, btw, but it ends the discussion)

      • timwis 5 hours ago ago

        Just FYI, those discussions might be ending because your analogy comes across as a threat to punch them in the mouth, rather than because it convinces them.

      • tgv 6 hours ago ago

        But is there a functional difference between push and pull in this case? Is there something that cannot be explained in terms of propagation? Perhaps timing: there's no reason for propagation to wait an hour or a day.

        BTW, only last week I explained a potential problem of a DNS change with caching, and it was understood. There doesn't seem to be a need to simplify it.

        • jon-wood 3 hours ago ago

          There is absolutely a reason for propagation to wait an hour or a day, and you've set that value in the TTL field for the record in question. It stands for Time To Live and specifies how long downstream resolvers should cache the last value they saw before querying the authoritative server again, if you set that value to a few seconds then almost every DNS resolver in the world will get updated values within a few seconds as they expire the cached value.

    • browningstreet 9 hours ago ago

      Ehh do you remember the defaults back in the day? And how long local vs intermediary vs backbone TTLs could be cached for, even above and beyond the set TTL?

      The propagation part refers to how long it would take for all those cached requests to expire and when you could tell some random client they should be able to see the new value. Especially when you forgot to lower the TTL ahead of time.

      It’s a term of art and it’s fine.

      Oh that reminds me. I made a bunch of DNS changes a while ago and left all the TTLs set to 5 minutes. I should up them.

      • teddyh 3 hours ago ago

        > local vs intermediary vs backbone TTLs

        This is an example of the myth in action. There are no such things. There is a single resolver, which you use, and a set of authoritative server, which that resolver will query when the TTL in the resolver’s cache times out. There is no chain of resolvers.

        • inigyou 2 hours ago ago

          What do you call it when an application queries systemd-resolved and systemd-resolved queries PiHole and PiHole queries your home router and your home router queries your ISP? What is that if not a chain?

    • perching_aix 10 hours ago ago

      There is no such myth that I'd be aware of, and I seriously doubt the author behind this would be operating under such a misunderstanding either. Maybe you used to at some point, but then that's a separate issue.

      Propagation is just an incremental spread across a topology. Doesn't need to be a physical topology whatsoever.

      It may seem like this program suggests a physical propagation as far as its elevator pitch goes, but one glance at the readme clears it up pretty quickly that that's not actually the case.

      Changes do propagate, and seeing funny blinking lights on a world map is cool. Doesn't mean there'd be an intent to convey the process as a geographical spread.

  • bcjdjsndon an hour ago ago

    What's with the rust community and terminals? I get that gui's are tedious in those languages, but surely you don't have to write everything in rust? Or has rust become the be-all-and-end-all for them?

    • khurs an hour ago ago

      You can do GUI/web easily enough in Rust, but as this is DNS and so most users will be network/sysadmin types, their natural habitat is the terminal.

      Rust is taking over from C/C++ (as per US Government guidance on using more secure languages) and so is attracting the most hardcore programmers.

      Libraries for everything: https://crates.io

      p.s. stop being so grumpy!

      • bcjdjsndon a minute ago ago

        > so most users will be network/sysadmin types, their natural habitat is the terminal.

        But we've moved beyond learning commands like a programmer just to operate a program.... Have some respect or at least sympathy for your users

      • oksurerly 33 minutes ago ago

        > most hardcore programmers

        > Vibe-coded

        LOL.

        LMAO.

        • khurs 13 minutes ago ago

          Microsoft are using Rust for Windows and Azure

          Google are using Rust despite having developed GO

          SpaceX and NASA are using Rust for critical life and death systems.

          Cloudflare use Rust to obtain extreme high performance.

          And many, many more.

          Stop being a pain: https://en.wikipedia.org/wiki/Straw_man

  • OptionOfT 12 hours ago ago

    Vibe-coded. Sorry.

    https://github.com/514-labs/dnsglobe/blob/c29802162636832e88...

    You take the `other`, do a `to_string()` on it, which creates a String representation. Then you pass a reference to that String, and, in the case it doesn't contain `time out` or `timeout` or `refused`, the reference gets turned AGAIN into a String (i.e. new allocation), truncated to 48, and then returned.

    There is no check whether that the character at the 48th byte is a character boundary.

    Add to that the fact that this is a Rust project with the oldest commit created yesterday and it is using the 2021 edition.

    Be better.

    • orangeboats 11 hours ago ago

      It's gotten to the point that the moment I see "Rust" and "TUI" together, I immediately assume it's vibe coded. The combination just seems to be vibe coders' favorite, for some reason.

      • inigyou 2 hours ago ago

        It must be because if you program in Rust, you don't have bugs ;)

      • blacklite 4 hours ago ago

        That's not whose favorite it is; it's the favorite of who's doing the work. :)

      • zx8080 9 hours ago ago

        > The combination just seems to be vibe coders' favorite, for some reason.

        It's the secret key to HN front page!

    • egorfine 2 hours ago ago

      The very first thing written about this tool is the programming language it's written in.

      Like, when I'm querying a bunch of DNS servers, it is crucial for me to know which compilable language it was written in. Like, the most important thing.

    • Callicles 12 hours ago ago

      This was 100% vibe-coded with Claude Code and Fable.

      https://x.com/thatsFrScience/status/2073741209592295866

      Thanks for the feedback, though, and for taking the time to look at the code. I can ship a round of cleanup.

    • seamossfet 9 hours ago ago

      Nothing wrong with vibecoding a toy project.

      • teddyh 3 hours ago ago

        There is if you present it to others without telling anyone it’s slop.

        • bcjdjsndon an hour ago ago

          For some vague reason you can't really articulate, that's a bad thing?

    • rvz 10 hours ago ago

      Quite mixed on this one given that the author has experience with Rust before coding agents and this is just his toy project.

      There is going to be a time where these vibe coded projects have silent bugs, vulnerabilities or unnecessary performance issues and the AI coding agent just lies to the user that it has none.

      The AI agent will be the one to introduce new issues in the codebase regardless of "tests". The new issue is now the non-technical human vibe-coding is none the wiser.

      We have already seen this in Codex itself. Imagine this propagated in many other code-bases.

      • rickydroll 8 hours ago ago

        Having created and debugged human-written code with silent bugs, vulnerabilities, or unnecessary performance issues since my first day on the job, and pointing you to myriad companies with bugs and vulnerabilities that existed pre-AI, all I can say is "plus ça change, plus c'est la même chose."

    • Callicles 8 hours ago ago

      Addressed the feedback

  • robohoe 12 hours ago ago

    Aren’t there websites already that check global DNS servers to check TTL expiry of DNS records?

  • panki27 4 hours ago ago

    It's called DNSGlobe but it does not feature a globe, only a map :(

  • throwitaway222 6 hours ago ago

    Rust terminal apps are the bees knees right now

  • LouisvilleGeek 9 hours ago ago

    Not sure of why everyone is negative against this tool?

    I quite like it. Thanks for sharing!

    • drcongo 3 hours ago ago

      I like it too. I'll almost certainly get a lot of use out of this and not once will I ever get upset that it uses the word propagation.

  • krypd0h 9 hours ago ago

    I like it. Tell the vibe-coder haters to take a hike. Suggestion: It would be helpful if you could sort by COLUMN or group by LOCATION.

    Keep on vibin'.

    • Callicles 8 hours ago ago

      Released a new version with the suggestion ;)

    • Callicles 9 hours ago ago

      Thanks for the feedback!