Re: [DNSOP] valid value range for SOA REFRESH/RETRY/EXPIRE

Thu, 17 Oct 2019 16:26:36 -0700 


> On 18 Oct 2019, at 10:11 am, 神明達哉 <jin...@wide.ad.jp> wrote:
> 
> I have a question for which I believe there's an answer already that I
> couldn't find: what's the valid range for SOA REFRESH/RETRY/EXPIRE
> values?
> 
> RFC1035 says:
> 
>   REFRESH         A 32 bit time interval ...
>   RETRY           A 32 bit time interval ...
>   EXPIRE          A 32 bit time value ...
> 
> and since it explicitly uses "unsigned" for SERIAL and MINIMUM, e.g:
> 
>   SERIAL          The unsigned 32 bit version number of the original copy

REFRESH         A 32 bit time interval before the zone should be
                refreshed.

RETRY           A 32 bit time interval that should elapse before a
                failed refresh should be retried.

EXPIRE          A 32 bit time value that specifies the upper limit on
                the time interval that can elapse before the zone is no
                longer authoritative.

> one obvious interpretation is that REFRESH/RETRY/EXPIRE are signed 32
> bit integers.

They are all intervals.  How do you have a negative interval?

>  And, since negative values for these don't make much
> sense, we might even interpret it similar to RR TTLs as clarified in
> RFC2181, i.e., 0 <= REFRESH/RETRY/EXPIRE <= 2^31-1.
> 
> Is this correct?  Implementations seem to vary on this point, btw.
> From my quick experiment with some code reading,
> - BIND 9 accepts any unsigned 32-bit values
> - Same for Knot
> - NSD treats them like TTL (values >= 2^31 are reduced to the "default
>   TTL" value)
> (I've only checked at the primary side; I didn't do any test how the
> secondary side of the implementation uses these values when they are
> very large).
> 
> Such huge values for these parameters don't make sense in practice
> anyway, so this is probably a pedantic question.  But if anyone knows
> an authoritative reference that can answer it I'd appreciate it very
> much.
> 
> Thanks,
> 
> --
> JINMEI, Tatuya
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to