Master server offline

[Chris Thompson]

On May 7 2010, Dave Filchak wrote:

>Well, my SOA Expires are set to 604800 (1 week ). Can I change those to 
>four weeks to give us some time.

Sure - just step into your time machine, go back to before the master
server died, and increase the SOA.expire value there so that it gets
propagated to the slave(s) in time.

If your disaster recovery plan doesn't include use of a time machine,
then you need to set SOA.expire large enough that you will have time
to execute the next stage of the plan before the copies expire -
convert a slave to be master, re-incarnate the master on new
(possibly virtual) hardware, or whatever.

BTW, there is an interaction with DNSSEC in setting a large SOA.expire
value for a signed zone. You don't want your slaves to be serving
expired signatures even if the zone copy is not expired, so you should
arrange that resigning occurs at least the SOA.expire period before
the old signature is due to expire. With BIND's defaults of a 30-day
signature validity period and resigning 3/4 of the way through that,
an SOA.expire period of 1 week works out quite nicely.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk