[dns-operations] Recommended zone serial number format for over 100 changes / day
Matthew Ghali
mghali at snark.net
Thu Mar 31 21:12:30 UTC 2016
I'll say it, since everyone else is dancing around the issue:
If you are updating zone data more often than once/second and are concerned with a) encoding time into soa serial and b) have traditional secondaries doing {a,i}xfr based on serial, you're just Doing It Wrong, and most likely have other, much larger issues, and should likely consider that sending updates to BIND might not be a sustainable long-term solution.
If your data is in constant flux, shoehorning it into a constant series of point-in-time snapshots seems pointless and inefficient. This is probably why Route 53 doesn't bother supporting zone transfers.
Matt
> On Mar 31, 2016, at 12:22 PM, Dave Warren <davew at hireahit.com> wrote:
>
> My point was more this: Don't update more than once a second, any further updates can wait for the next second.
>
> If you're using dynamic updates or something that is doing updates in real time, fine, let it increment the serial as many times a second as you want but if you're generating static zonefiles from a database or updating by hand or other script where you want to generate new serials without having to worry about some "nn" per day counter, epoch is perfectly fine, and subsequent updates waiting a second won't hurt you.
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
> On 2016-03-30 18:49, Roy Hooper wrote:
>> Even with thousands of updates a day, and 86400 seconds per day, there's plenty of headroom to handle same-second updates when they do happen...
>>
>> One approach is to use this pseudocode:
>>
>> if time() > current_serial:
>> new_serial = time()
>> else:
>> new_serial = serial + 1
>>
>> This handles both clock rewind scenarios (that never happens in the real world...) as well as multiple updates in the same second.
>> It also simply becomes a counter if you have over 86400 updates/day, although in that case the suggestion to just use a counter makes more sense so you can start at 1.
>>
>>
>>> On Wed, Mar 30, 2016 at 4:32 PM, Dave Warren <davew at hireahit.com> wrote:
>>>> On 2016-03-30 12:35, Mark Andrews wrote:
>>>> Or you can just use it as a serial number. Encoding date / time
>>>> since epoch only works if the freqency of updates is low.
>>>
>>> Even if you have more than one update per second, isn't incrementing the serial number and rebuilding the zone once per second going to be sufficient for real world purposes?
>>>
>>> Or am I misunderstanding?
>>>
>>> --
>>> Dave Warren
>>> http://www.hireahit.com/
>>> http://ca.linkedin.com/in/davejwarren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160331/11081d85/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6100 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160331/11081d85/attachment.bin>
More information about the dns-operations
mailing list