Hello Paul, Paul Hoffman writes:
> On 11 Aug 2017, at 5:40, Carsten Strotmann wrote: > >> The original SOA values for RIPE 203: >> >> example.com. 3600 SOA dns.example.com. hostmaster.example.com. ( >> 1999022301 ; serial YYYYMMDDnn >> 86400 ; refresh ( 24 hours) >> 7200 ; retry ( 2 hours) >> 3600000 ; expire (1000 hours) >> 172800 ) ; minimum ( 2 days) >> >> the new proposed and updated values >> >> $TTL 3600 >> example.com. 3600 SOA dns.example.com. hostmaster.example.com. ( >> 2017080101 ; serial YYYYMMDDnn >> 7200 ; refresh ( 2 >> hours) >> 1800 ; retry ( 30 >> minutes) >> 3600000 ; expire (1000 >> hours) >> 3600 ) ; minimum/negative TTL ( 1 >> hour) >> > > The new values seem fine, and should not cause strain to an > authoritative server unless the zone's number of NXDOMAIN queries is > massively mis-matched with the capabilities of the server. > > Dropping the retry value down further seems reasonable, maybe to 5 > minutes. You always want your secondaries to have fresh data. If you > have secondaries that are having problems contacting you, you have an > operational problem. Maybe add some text to the new version explaining > why this number is lower and suggesting that the watch the logs on their > secondaries for failures to refresh. We'll consider this. Care must be taken that once a server is not reachable because of too much traffic, a too low RETRY value might make things worse. But I agree it is preferrable to have fast recovery. > > The idea of matching the negative TTL to the SOA TTL makes good sense, > and certainly is better than having a huge negative TTL. > > Adding the "$TTL 3600" is a great addition. If you can add text about > the semantic differences between the three 3600 values, that would be > very useful. > Yes, good point, I will write some info about the different TTL values in the document. Best regards Carsten Strotmann
