Re: [mailop] DNS issues for CloudFilter?
That NS is provided by AWS Route53. My experience is that they have some sort of internal propriatory propagation of updates which does not use the serial number. Looking at another zone, I also think that they leave the serial number at 1 all the time. Best wishes, Matthew -- >From: Bill Cole via mailop >To: "Frank Bulk via mailop" >Cc: >Date: Mon, 11 Jan 2021 15:07:29 -0500 >Subject: Re: [mailop] DNS issues for CloudFilter? >On 11 Jan 2021, at 13:33, Frank Bulk via mailop wrote: > >> Looks like it's good now. > >Yes. I think I see a likely source of the problem: > >$ dig mx.a.cloudfilter.net soa >[...] >;; ANSWER SECTION: >mx.a.cloudfilter.net. 900 IN SOA ns-1804.awsdns-33.co.uk. >awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 > >It seems likely that there was at some point a higher zone serial >number. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DNS issues for CloudFilter?
On 12 Jan 2021, at 3:02, Matthew Richardson via mailop wrote: That NS is provided by AWS Route53. My experience is that they have some sort of internal propriatory propagation of updates which does not use the serial number. Looking at another zone, I also think that they leave the serial number at 1 all the time. That seems likely to cause (transient) problems for resolvers that expect authoritative servers to behave in standard ways. Best wishes, Matthew -- From: Bill Cole via mailop To: "Frank Bulk via mailop" Cc: Date: Mon, 11 Jan 2021 15:07:29 -0500 Subject: Re: [mailop] DNS issues for CloudFilter? On 11 Jan 2021, at 13:33, Frank Bulk via mailop wrote: Looks like it's good now. Yes. I think I see a likely source of the problem: $ dig mx.a.cloudfilter.net soa [...] ;; ANSWER SECTION: mx.a.cloudfilter.net. 900 IN SOA ns-1804.awsdns-33.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 It seems likely that there was at some point a higher zone serial number. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DNS issues for CloudFilter?
As far as I am aware, the SOA SERIAL on authoratitive servers is not involved in any resolution by resolvers; in short, resolvers don't make use of it. The only thing resolvers do use from the SOA is the TTL for negative caching. Best wishes, Matthew -- >From: Bill Cole via mailop >To: "Matthew Richardson via mailop" >Cc: >Date: Tue, 12 Jan 2021 08:24:36 -0500 >Subject: Re: [mailop] DNS issues for CloudFilter? >On 12 Jan 2021, at 3:02, Matthew Richardson via mailop wrote: > >> That NS is provided by AWS Route53. My experience is that they have >> some >> sort of internal propriatory propagation of updates which does not use >> the >> serial number. Looking at another zone, I also think that they leave >> the >> serial number at 1 all the time. > >That seems likely to cause (transient) problems for resolvers that >expect authoritative servers to behave in standard ways. > > > >> Best wishes, >> Matthew >> -- >>> From: Bill Cole via mailop >>> To: "Frank Bulk via mailop" >>> Cc: >>> Date: Mon, 11 Jan 2021 15:07:29 -0500 >>> Subject: Re: [mailop] DNS issues for CloudFilter? >> >>> On 11 Jan 2021, at 13:33, Frank Bulk via mailop wrote: >>> Looks like it's good now. >>> >>> Yes. I think I see a likely source of the problem: >>> >>> $ dig mx.a.cloudfilter.net soa >>> [...] >>> ;; ANSWER SECTION: >>> mx.a.cloudfilter.net. 900 IN SOA ns-1804.awsdns-33.co.uk. >>> awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 >>> >>> It seems likely that there was at some point a higher zone serial >>> number. >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DNS issues for CloudFilter?
matthew-l> As far as I am aware, the SOA SERIAL on authoratitive servers matthew-l> is not involved in any resolution by resolvers; in short, matthew-l> resolvers don't make use of it. The only thing resolvers do matthew-l> use from the SOA is the TTL for negative caching. Yup. Serial number is only relevant to secondary authoritative servers trying to figure out if they need to AXFR/IXFR a fresh copy of the zone data. And that assumes they're using the normal NOTIFY or SOA refresh/retry/expire timers and not using some other form of notification and zone propogation (which AWS and other large DNS providers are making more common). I miss the old days convention of serial number encoding the date/time of the last update but it's been years since that is in any way consistent or reliable. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
