What happens if you make a mistake when you change the authoritative nameservers for a domain?
This concern is based on false assumptions that the current authoritative name servers for the domain example.com. would transfer the responsibility to the new authoritative servers and that this would then somehow propagate everywhere. This is not how DNS works. In reality:
-
The parent zone (
com.) delegates control with theNSrecords it has.From
dig example.com +trace:example.com. 172800 IN NS a.iana-servers.net. example.com. 172800 IN NS b.iana-servers.net. ;; Received 535 bytes from 192.5.6.30#53(a.gtld-servers.net) -
DNS does not propagate; the recursive queries are cached for the TTL (RFC 1034, 3.6):
TTL which is the time to live of the RR. This field is a 32 bit integer in units of seconds, an is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded.
So, what would happen if the incorrect NS records were updated...
-
to the parent zone? The domain would stop working because the delegated authoritative name servers are inexistent or not responding. This is a recoverable condition, as you can simply give the correct name servers to your registrar to be updated to the parent zone.
However, this takes some time, because the TTL for the
NSrecords on the parent is rather long: e.g., this172800equals 48 hours, so it might take up to 48 hours for the caches to expire. -
to the current authoritative zone? That would simply be a misconfiguration; DNS inconsistency. It is still the parent zone that delegates the control, so nothing has really changed.