> On 27 Feb 2026, at 06:41, Florian Obser <[email protected]> wrote: > > On 2026-02-26 15:50 UTC, Jim Reid <[email protected]> wrote: >>> On 26 Feb 2026, at 15:11, Florian Obser <[email protected]> wrote: >>> >>> How can the LocalRoot server figure out what the real expire time is >>> when using http? At what time should it stop using the zone file and >>> switch to querying the root name servers? >> >> Surely the SOA record's metadata answers those questions? Maybe I'm >> missing something. > > Yes, it's the expire time. The root zone currently expires 604800 > seconds (i.e. one week) after it gets loaded: > > . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. ( > 2026022602 ; serial > 1800 ; refresh (30 minutes) > 900 ; retry (15 minutes) > 604800 ; expire (1 week) > 86400 ; minimum (1 day) > ) > > Note that this is an interval, not a time stamp. If I load a root zone > from ten days ago it will be valid for another week. Surely that is not > correct.
That’s why nameservers look at file modification times when setting the expiry time. It’s also why they back date file modification times when using EDNS EXPIRE so that the zone will expire at the correct time after a restart. > Now, if you squint just right, the serial kinda looks like a date. The > 02 at the end looks a bit weird, maybe that's 2 a.m.? > > The only thing we know about this number is this (RFC 1035): > SERIAL The unsigned 32 bit version number of the original copy > of the zone. Zone transfers preserve this value. This > value wraps and should be compared using sequence space > arithmetic. > > I'm not aware of any nameserver that tries to interpret that number as a > date. I'm also not aware of any document that states that the serial > number of the root zone has any meaning beyond what 1035 tells us. > >> >> Apologies for using a meaningful and relevant Subject: header. >> >> _______________________________________________ >> DNSOP mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > > -- > In my defence, I have been left unsupervised. > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
