Hello Paul, Paul Hoffman writes:
On 11 Aug 2017, at 5:40, Carsten Strotmann wrote:
The original SOA values for RIPE 203:
example.com. 3600 SOA dns.example.com. hostmaster.example.com. ( 1999022301 ; serial YYYYMMDDnn 86400 ; refresh ( 24 hours) 7200 ; retry ( 2 hours) 3600000 ; expire (1000 hours) 172800 ) ; minimum ( 2 days)
the new proposed and updated values
$TTL 3600 example.com. 3600 SOA dns.example.com. hostmaster.example.com. ( 2017080101 ; serial YYYYMMDDnn 7200 ; refresh ( 2 hours) 1800 ; retry ( 30 minutes) 3600000 ; expire (1000 hours) 3600 ) ; minimum/negative TTL ( 1 hour)
The new values seem fine, and should not cause strain to an authoritative server unless the zone's number of NXDOMAIN queries is massively mis-matched with the capabilities of the server.
Dropping the retry value down further seems reasonable, maybe to 5 minutes. You always want your secondaries to have fresh data. If you have secondaries that are having problems contacting you, you have an operational problem. Maybe add some text to the new version explaining why this number is lower and suggesting that the watch the logs on their secondaries for failures to refresh.
We'll consider this. Care must be taken that once a server is not reachable because of too much traffic, a too low RETRY value might make things worse. But I agree it is preferrable to have fast recovery.
The idea of matching the negative TTL to the SOA TTL makes good sense, and certainly is better than having a huge negative TTL.
Adding the "$TTL 3600" is a great addition. If you can add text about the semantic differences between the three 3600 values, that would be very useful.
Yes, good point, I will write some info about the different TTL values in the document. Best regards Carsten Strotmann