[dns-operations] Recommended zone serial number format for over 100 changes / day

Colm MacCárthaigh colm at stdlib.net
Mon Apr 4 13:48:40 UTC 2016

On Mon, Apr 4, 2016 at 4:51 AM, Andrew Sullivan <ajs at anvilwalrusden.com>

> On Sun, Apr 03, 2016 at 08:44:41PM -0700, Colm MacCárthaigh wrote:
> > Not quite, it's out of date - but not broken. That's much better.
> Well, it _might_ be better.  It depends on what you're trying to achieve.

> For instance, DNAMEs are sometimes introduced in order to move
> operators.  If the losing operator is hostile, then actually having
> the old service data being served authoritatively could be worse than
> nothing.

Serving broken responses and undefined behavior is never a good idea, and
it won't help you move operators.

> > On the slave, the zone is not up to date and will eventually fail
> because
> > > of
> > > the inability to transfer.
> >
> >
> > It needn't.
> It certainly must if the issue isn't fixed -- it'll hit the expire
> time.

just ignore the expire time; it's better to serve a stale zone than to
expire it; deletes should be explicit.

> You seem to be suggesting that the slave server needs to be
> upgraded in some way before the new (unknown) RR can be accepted on
> that slave.  The decision about that may not be under the control of
> the zone administrator, becuase the slave name server might be under
> the control of someone else.

The administrator of the zone can delete the record too. One or the other
is needed. Serving broken records helps no-one though.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160404/1d15bec1/attachment.html>

More information about the dns-operations mailing list