Looking at a problem a user had, I see that the DNS zone file that we
automatically generate has an "expire" time that is the same as the "refresh"
time. In the user's example:
IN .
$TTL 1800 ; 30 minutes
mysipdomain.it IN SOA ns1.mysipdomain.it. root.mysipdomain.it. (
2010042303 ; serial
1800 ; refresh (30 minutes)
1800 ; retry (30 minutes)
1800 ; expire (30 minutes)
1800 ; minimum (30 minutes)
)
This means that if a DNS secondary cannot contact the DNS primary every 30
minutes, it will give up on providing answers for the domain.
Looking at RFC 1912, Common DNS Operational and Configuration Errors, I see
this advice:
Expire: How long a secondary will still treat its copy of the zone
data as valid if it can't contact the primary. This value
should be greater than how long a major outage would typically
last, and must be greater than the minimum and retry
intervals, to avoid having a secondary expire the data before
it gets a chance to get a new copy. After a zone is expired a
secondary will still continue to try to contact the primary,
but it will no longer provide nameservice for the zone. 2-4
weeks are suggested values.
This suggests the generated expire value should be at least 2 weeks.
The template for the DNS zone file appears to be
sipXcommserverLib/bin/sipx-dns.in. I think we should change the template for
the SOA record to:
generate_zone_header () {
ZoneSerialNumber=`date +%Y%m%d${SerialNumber}`
cat <<EOF
\$TTL 1800
@ IN SOA ns1.${SipDomain}. root.${SipDomain}. (
${ZoneSerialNumber} ; serial#
1800 ; refresh, seconds
1800 ; retry, seconds
1209600 ; expire, seconds
1800 ) ; minimum TTL, seconds
EOF
}
(1209600 seconds = 2 weeks)
Thoughts?
Dale
_______________________________________________
sipx-dev mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
sipXecs IP PBX -- http://www.sipfoundry.org/
