[dns-operations] Quick analysis of TLD SOA's

Joe Abley jabley at hopcount.ca
Thu Jul 14 03:11:12 UTC 2011


On 2011-07-13, at 19:06, Mark Andrews wrote:

> 
> In message <20110713201044.GC16779 at x27.adm.denic.de>, Peter Koch writes:
>> On Wed, Jul 13, 2011 at 08:49:34PM +0200, Gilles Massen wrote:
>> 
>>> Rickard Bellgrim did a nice analysis on SOA Expire vs. Signature Refresh
>>> interval, with the result that .SE lowered their expire time. This is
>>> something that obviously was not on the radar when most SOA
>>> recommendations were written.
>> 
>> true. What also needs to be taken into account is the length of the XFR path.
> 
> Which is infinite (a loop) in many cases.  There was even a loop
> presented as "best practice" earlier.  This breaks expire processing
> as SOA refresh queries get answered.

Well, it reduces the usefulness of EXPIRE processing to the case where a nameserver is genuinely (fully) isolated from the herd.

The assumption is that anybody who is paying enough attention to their DNS infrastructure to bother with loop xfr topologies surely is also monitoring SOA serial lag independently, and acting to fix problems long before an EXPIRE timer would trip anyway.

I agree that the assumption is worth spelling out.


Joe




More information about the dns-operations mailing list