refresh / expire
Barry Margolin
barmar at genuity.net
Mon Apr 8 22:50:31 UTC 2002
In article <a8t50e$ppp at pub3.rc.vix.com>,
Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>In my experience, many people set their EXPIRE values way too low. Probably
>some novice admins are confused between TTL and EXPIRE.
This is very true. I've seen many of our customers reduce *all* the timers
when they're getting ready to make major changes (e.g. renumbering their
network). I tell them that they should reduce Refresh and TTL, but not
Expire. In fact, this is the *worst* time to reduce Expire, since there's
a good chance that you'll screw something up when you're making lots of
changes, and if don't notice the problem before the Expire time runs out,
your domain could be totally dead.
Another problem contributing to the spread of low Expire times is good ol'
Microsoft. The default Expire time in Microsoft DNS Manager is 1 day. One
theory that has been put forth for this is that it counteracts a known
problem with Active Directory: if the DNS server crashes, the serial
number updates that AD made will not have been saved to permanent storage,
so it backs up when the server comes back up. After a day of failing to
transfer the zone because of the bad serial number, the slave server
expires the zone, forgets its old serial number, and then transfers the
zone again.
While this may be a decent rationalization of MS's low Expire time, I doubt
it's the real reason, since Microsoft has had this low default since long
before Active Directory was implemented.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list