[dns-operations] Quick analysis of TLD SOA's

Joe Abley jabley at hopcount.ca
Wed Jul 13 15:22:29 UTC 2011

On 2011-07-13, at 11:11, Phil Regnauld wrote:

> 	Could be misconfiguration (unintentional, as you point out), or,
> 	as unlikely as this may be, it could be a TLD the authoritative slave
> 	servers of which don't use IXFR/AXFR for refreshing zone contents.  They
> 	might all be slaves from a hidden SOA, or even have a master copy pushed
> 	by some other distribution mechanism.

It's not the presence or absence of a hidden master that makes the SOA timers irrelevant, it's the mechanism by which zone data is propagated. For people using standard mechanisms, flooding NOTIFYs through a graph of nameservers makes REFRESH and RETRY values fairly unimportant.

EXPIRE is still something that needs some thought, in the sense that it determines how long you want to continue to serve stale data in the event that you lose access to a nameserver (and, conversely, how long you want to continue to answer queries in the event that your zone distribution fails).


More information about the dns-operations mailing list