How does DynamicDNS act immediately?

My understanding of the core functionality of DNS is to provide a naming/mapping service between domain names (e.g. blah-whatever.com) and IP addresses (e.g. 100.2.3.4).

Furthermore, my understanding of how Internet DNS servers work is that when a domain/IP mapping record is changed (say, changing blah-whatever.com to now point to 105.2.3.4, etc.), this change needs to be propagated over every DNS server in the world before the change can be said to be "complete". This propagation period can sometimes last up to 24 hours.

So to begin with, if anything I have said so far is misguided or incorrect, please begin by correcting me!

Assuming I'm more or less correct, I don't understand how companies like CloudFlare or DynamicDNS can offer "instant rollover"-type services whereby you change your DNS record with them and - boom - the change takes affect instantly.

I understand there is something called "TTL" (time to live, I presume ?!?) that plays a role in this instant rollover capability, but since I'm already fuzzy on the capability to begin with it's hard to make sense of what this TTL is or what purpose it serves.

So I ask: what is it about Dynamic DNS and its competitors that allows them to change DNS mappings instantly (without taking 24 hours to propagate DNS changes like everybody else), and how does TTL fit into this process? Thanks in advance.


My previous answer contained false information because I had a few misconceptions regarding how DNS changes are propagated. So here is a second attempt. For a detailed explanation, I encourage you to read Alex answer.

To my understanding, there are 2 factors involved in how quickly a DNS change propagates:

  1. Zone transfers between the DNS servers that are authorative for a zone.
  2. The TTL set for single records in that zone.

Zone Transfers

Given that you need two distinct name servers to manage a zone, you'd want these servers to quickly have the latest version of that zone available to them.

This is either achieved by pulling the latest version of the zone at a fixed interval, or waiting for a NOTIFY from an authorized name server.

Given that this mechanism is under complete control of whoever runs the name servers, any delays in this area can be fully controlled.

TTL

The TTL is a timeout specified for every single resource record in a zone. This value defines how long the record should be cached by non-authorative DNS providers.

Please keep in mind that this value only comes into play if an existing record is changed. New records can't be cached yet.

Given that the TTL is also under full control of whoever controls the zone, the delay can also be fully controlled.


You have some misconceptions, so I'll try to explain the whole process. (I'm good with the details since I involved in operating a public dynamic DNS service).

Let's say your domain is example.com, and let's say example.com domain hosted with some dynamic DNS company, let's call it lightfastdns.net (fictional name). Your domain contains DNS record - somehost.example.com, which currently points to 1.1.1.1.

  1. When you make a change to your DNS record, this change is first submitted to some intermediate server, operated by lightfastdns.net, e.g. updates.lightfastdns.net. This happens almost instantly (in fraction of second). You can submit your update via web interface or with a dynamic updates client, or via some API. That doesn't matters, in any case this update will arrive on some server which handles DNS updates.

  2. This updates server pushes your updated record (let's say, 1.2.3.4) to "master" DNS server for your domain. This DNS server is also operated by lightfastdns.net. How fast that happens: depends on how DNS provider designed their software. (It can be instantly, and can be every 24 hours. For example gandi.net push DNS updates once per hour.) Of course, our lightfastdns.net will do it instantly.

  3. This master DNS server will push updates to slave DNS servers for example.com domain. This servers are also operated by the same lightfastdns.net company. How fast this happens: with modern software master will instantly send NOTIFY message to the slaves, and they will instantly get the updated record from the master. with older software we had REFRESH and RETRY values in the SOA record, but today it's rarely relevant. Of course, our lightfastdns.net implements NOTIFY and updates propagate instantly.

What we have now is that all "authoritative" servers for your domain received the updated record (1.2.3.4). For lightfastdns.net it took about two seconds.

  1. Now, we will move to Ivan's home at Russia, and Ivan wants to open "somehost.example.com" in his browser. If he never opened that before, his browser does not knows the address, so browser will ask his operating system . But, if he visited the site recently, the address may still be stored inside the browser, and he will use the old (obsolete) address ! For how long ? - Depends on browser, Google Chrome for example stores DNS records only for up to 60 seconds. We have up to 60 seconds delay. for this fact, I'd say that DNS change did not propagate to this browser yet.

  2. In any case, after 60 seconds, or immediately, browser will eventually ask operating system to get the address. Operating system may already know the (old, obsolete) answer, and return it, in this case I'd say that the new record did not propagated yet to Ivan's OS. How long OS will store the old value - fow modern operating systems this controlled by TTL parameter. TTL in DNS defines how long a record may be stored in cache. Our lightfastdns.net allowed to use quite low TTL - 30 seconds, so we got a new delay of up to 30 seconds, overall - 90 seconds so far.

  3. If OS does not know the answer, or if the answer it knew is now outdated by TTL, OS will ask DNS resolver (Ivan's ISP assigned him with a DNS resolver dns.moscow-telecom.ru). Here to, old record may be cached up to TTL seconds, or dns.moscow-telecom.ru may not know the address. We get another 30 seconds, as dns.moscow-telecom.ru also caches DNS for no longer than TTL value. We have 120 seconds delay. That is what called that the new DNS record did not propagated yet to Moscow-Telecom's DNS servers.

  4. If ISP's DNS server does not know the answer, or if the answer it knew is already obsolete because it's TTL expired - dns.moscow-telecom.ru will ask one of AUTHORITATIVE DNS servers for example.net (do you remember them ?). Those got the change about 118 seconds ago, and they will return the new answer, this answer will be immediately sent by chain to DNS resolver, to OS, and to Ivan's browser.

Thus, propagating the record took from 2 to 120 seconds, depending on the state of various caches. Longer TTL - longer delays may take place.

To make it complete - some ISPs violate the standards and cache records for long time. Some older OSes kept old record for long time, and older browsers too. But for most users it will works as expected.