DNS records contain a lot of important data, including the information on how quickly such data becomes obsolete, the so-called TTL (Time To Live). TTL in the DNS indicates for how long the data can be stored on a recursive nameserver (resolver) without it being retrieved from an authoritative nameserver. The lower the TTL, the more frequently resolvers query authoritative nameservers and obtain the most recent data. At the same time, however, a short TTL causes heavier load on nameservers, and if DNS records do not change often, the TTL is usually set to several hours.
TTL for the .cz zone has always been set to five hours. That means that delegation changes in the registry (for example registration, change or cancellation of a domain) in some DNS resolvers used to take five hours to appear. Given the fact that in the previous year we strengthened our DNS infrastructure and based on studies on TTL reduction in other national zones, we decided to gradually reduce the TTL for the .cz zone to one hour. We generate the zone every 30 minutes, so that all delegation changes in the registry will get in a very short time not only to authoritative servers, but to resolvers as well. We decided for gradual reduction in order to be able to analyze its impact on our DNS server load at each substep.
The first step (the reduction to four hours) was conducted this year on February 22 at 2 PM. If all goes well, we will gradually (in the next three weeks) reduce the TTL to one hour. According to the first results of load measurement on our authoritative DNS servers, next week we will continue with the TTL reduction and the results of TTL reduction for the .cz zone will be published in late March. So far we only captured the expected temporary increase in the number of NXDOMAIN responses (responses for non-existent domains), see chart below. On the contrary, the number of normal queries with expired NS entries in the cache resolver has not seen a notable increase. We were expecting an increased number of such queries from substandard or improperly configured DNS resolvers.