 |  |
At 1:05 PM -0500 8/23/01, Mia's Virtual Post Office wrote:
Re: DNS related questions
From: Men & Mice Support
Date: Thursday, August 23, 2001
Time: 12:28:15 pm
>I came accross and interest DNS test site/script on the Internet, and
>found some error/problems that I am curious about:
>
>WARNING: Your SOA REFRESH interval is : 28800 seconds. This seems a bit
>high. You should consider decreasing this value to about 3600-7200
>seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20
>minutes to 12 hours). This value determines how often secondary/slave
>nameservers check with the master for updates. A value that is too high
>will cause DNS changes to be in limbo for a long time.
>
>I notice that QDNS's default for Refresh is 28800. Is RFC1912 2.2 valid
>in this case? If so, why is the default for QDNS so high?
You'll note that 28800 is within the range recommended by the cited RFC.
We chose default values for refresh, retry, and expire from RFC 1537
section 1. <http://www.faqs.org/rfcs/rfc1537.html>
Note that RFC 1033 also recommends values, and their recommendations
are completely different from the other two (much shorter). But then,
none of these three RFC's are considered "standards", merely
"recommendations". Anyone can submit a recommendation RFC.
Of course, with modern DNS servers, the refresh and retry values are
not needed except as a safety net - with QuickDNS, for example, when
a changed zone is saved, both master and slave servers are notified
to reload the zone within seconds. Therefore, if you're connected to
all of your servers at the time you make the change, all of your
servers will be immediately updated.
Bind has a different method of achieving the same result (DNS Notify).
>WARNING: You have 9 nameservers. RFC1912 2.8 recommends that you have no
>more than 7 nameservers.
>
>This is a new one on me... There is really an RFC recommending no more
>than 7 name servers? Why? What is the logic?
One should take RFC 1912 with a grain of salt. However, there is some
logic to limiting the number of NS records in a zone - after all, if
you have too many records of a given name, it's possible to exceed
the size of a UDP packet. You don't want to do that as a general rule.
For example, the number of root servers was stopped from growing
beyond 13 expressly because 13 root servers and their glue records
(but assuming no SOA record) were calculated to exactly fit in a UDP
packet. 14 would not. (Actually, since a certain bug was fixed in
Bind, under certain circumstances, those 13 NS records and their A
records *do not* fit in a single UDP packet. In that case, some of
the A records are dropped.)
____________________________________________________________________
Chris Buxton Men & Mice
cbuxton@menandmice.com We Make DNS Easy!
Messages In This Thread:
Return to Digital Point Solutions' Home Page