> From: "listmail" <listm...@entertech.com> > Date: Tue, 29 Mar 2011 09:58:27 -0700 > Sender: bind-users-bounces+oberman=es....@lists.isc.org > > I'm investigating the failure of a slave server during a network outage at a > primary server. > > The slave server was running and answering queries, but not delivering results > for domains for which it is authoritative during the outage. Since the outage > occurred in the middle of the night, I have no tests during the outage period > and have to infer from logs and the behavior of everything that depended on > this server. > > The SOA TTL was 1 week on most zones, but the individual records had short > TTLs, on the order of an hour. The outage lasted long enough for these shorter > TTLs to expire. > > My question is: Will a BIND slave server stop serving RRs when their > individual TTLs have expired, or only when the SOA TTL has expired?
Bill, You are getting issues confused. TTL is the time for a server to cache data for which it is not authoritative. For an authoritative server TTL is irrelevant. Also, the TTL in the SOA is the TTL for negative cache entries, not cached data. (And, if the server is authoritative, it is NOT cached data.) The relevant field in the SOA is the "expire' field. If the server has either transferred the zone from the master server or confirmed (via serial #) that the current data is still current. If the data is expired, the slave will stop serving it. Until then, it will serve it and TTL has absolutely nothing to do with this. I should note that you really need to have rational values for refresh, retry, and expire in your SOA. I like a refresh on the order of an hour for stable zones and 15-30 minutes for fast changing ones. I set retry to about 15 minutes and expire to a couple of weeks. Finally, you probably want your minimum TTL set to a fairly short time like 15 minutes so that you will not continue to use a negative cache entry for too long. It is fairly common for a new name to be queried before it gets into DNS. It may get updated in just a few seconds, but the server will continue to respond that it does not exist until the negative cache TTL expires. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users