On Dec 1, 2012, at 12:17 PM, Paul Romano wrote: > What is a good compromise on zone expiration TTLs? Our DNS is authoritative > for AD DNS and we want to make sure we force records to refresh but do not > want to expose ourselves to the risk of zone failures.
The zone expiration timer is not a TTL timer. The two are different. Zone expiration should usually be at least a week. I've set mine to 6 weeks. This timer has nothing to do with the refresh interval, which is also defined in the SOA record. Chris Buxton BlueCat Networks _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users