Chris.
Thanks for the correction on the term TTL instead of timer. The engineer I
inherited this environment from has the refresh set to 40 minutes and the zone
expiration set to 2 hours. The explanation I got was that since we are
authoritative for AD we want ensure that some kind of scavenging is in place.
Your explanation suggests that the refresh time is strictly survivability and
will not force an update if the serial numbers do not increment enough to
implement the refresh.
Am I stating this correctly? Any suggestions?
Thanks
Paul
________________________________
From: Chris Buxton <chris.p.bux...@gmail.com>
To: Paul Romano <ittec...@yahoo.com>
Cc: "bind-us...@isc.org" <bind-us...@isc.org>
Sent: Sunday, December 2, 2012 7:41 PM
Subject: Re: Expiration TTLs
On Dec 1, 2012, at 12:17 PM, Paul Romano wrote:
> What is a good compromise on zone expiration TTLs? Our DNS is authoritative
> for AD DNS and we want to make sure we force records to refresh but do not
> want to expose ourselves to the risk of zone failures.
The zone expiration timer is not a TTL timer. The two are different.
Zone expiration should usually be at least a week. I've set mine to 6 weeks.
This timer has nothing to do with the refresh interval, which is also defined
in the SOA record.
Chris Buxton
BlueCat Networks
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
