Chris.
Thanks for the correction on the term TTL instead of timer.  The engineer I 
inherited this environment from has the refresh set to 40 minutes and the zone 
expiration set to 2 hours.  The explanation I got was that since we are 
authoritative for AD we want ensure that some kind of scavenging is in place.  
Your explanation suggests that the refresh time is strictly survivability and 
will not force an update if the serial numbers do not increment enough to 
implement the refresh. 
Am I stating this correctly?  Any suggestions? 
Thanks
Paul 

 

________________________________
 From: Chris Buxton <chris.p.bux...@gmail.com>
To: Paul Romano <ittec...@yahoo.com> 
Cc: "bind-us...@isc.org" <bind-us...@isc.org> 
Sent: Sunday, December 2, 2012 7:41 PM
Subject: Re: Expiration TTLs
  
On Dec 1, 2012, at 12:17 PM, Paul Romano wrote:

> What is a good compromise on zone expiration TTLs?  Our DNS is authoritative 
> for AD DNS and we want to make sure we force records to refresh but do not 
> want to expose ourselves to the risk of zone failures.

The zone expiration timer is not a TTL timer. The two are different.

Zone expiration should usually be at least a week. I've set mine to 6 weeks. 
This timer has nothing to do with the refresh interval, which is also defined 
in the SOA record.

Chris Buxton
BlueCat Networks
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to