[dns-operations] Recommended zone serial number format for over 100 changes / day
Colm MacCárthaigh
colm at stdlib.net
Mon Apr 4 13:48:40 UTC 2016
On Mon, Apr 4, 2016 at 4:51 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
wrote:
> On Sun, Apr 03, 2016 at 08:44:41PM -0700, Colm MacCárthaigh wrote:
> > Not quite, it's out of date - but not broken. That's much better.
>
> Well, it _might_ be better. It depends on what you're trying to achieve.
> For instance, DNAMEs are sometimes introduced in order to move
> operators. If the losing operator is hostile, then actually having
> the old service data being served authoritatively could be worse than
> nothing.
>
Serving broken responses and undefined behavior is never a good idea, and
it won't help you move operators.
> > On the slave, the zone is not up to date and will eventually fail
> because
> > > of
> > > the inability to transfer.
> >
> >
> > It needn't.
>
> It certainly must if the issue isn't fixed -- it'll hit the expire
> time.
just ignore the expire time; it's better to serve a stale zone than to
expire it; deletes should be explicit.
> You seem to be suggesting that the slave server needs to be
> upgraded in some way before the new (unknown) RR can be accepted on
> that slave. The decision about that may not be under the control of
> the zone administrator, becuase the slave name server might be under
> the control of someone else.
>
The administrator of the zone can delete the record too. One or the other
is needed. Serving broken records helps no-one though.
--
Colm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160404/1d15bec1/attachment.html>
More information about the dns-operations
mailing list