DNS zone transfer interval

binddomain-name-systemsolaris

I've never made a change to a DNS record before. In researching the DNS servers I inherited (Solaris 5.6 with BIND v9.2.3), I found that DNS_A (private) is the primary DNS server and it replicates to DNS_B and DNC_C (both public) via the zone's db file option:

allow-transfer { 192.in.ter.nal; 173.ex.ter.nal; };

The header from the zone file is:

@ IN SOA DNS_A.redacted.com. postmaster.redacted.com. (
    2013010401  ; serial
    300 ; refresh
    120 ; retry
    6048000 ; expire
    300 )   ; ttl

I understand that I have to increment the serial number when I make the change so that the secondary DNS servers recognize a change, but will my secondary DNS servers not look for a change until the "expire" time is reached? If that's specified in seconds, that's 70 days.

What do the refresh, retry, expire, and ttl times mean?

Best Answer

You have to change the serial value to send a notification to all your slave servers telling them that the zone just changed so they can get the update.

Here follows the meaning of these items:

ttl: default time-to-live for cached entries, defines how long those entries should be considered fresh;
refresh: the time used by slave to check for updates on master;
retry: time between retries when slave fails to contact master after refresh time;
expiry: indicates that the zone is no longer valid after this time, used by slave servers only.

More on: http://www.zytrax.com/books/dns/ch8/soa.html

Related Solutions

DNS SOA Record – Recommended TTL Default

The actual traffic rate to the site is irrelevant.

All of those settings (except for "default TTL") only affect how frequently your domain's secondary DNS servers poll the primary DNS server for updates.

If your zone only changes infrequently (which I believe yours does) then your value for "refresh" is currently a bit on the low side. Typically the primary should send a NOTIFY message to each of the secondaries whenever there's an update at which point the secondaries grab the zone file immediately. These days the "refresh / retry / expire" mechanism is only a backstop to that.

In any event, it's likely that your DNS provider is automatically syncing changes to all of the relevant DNS servers on the fly without using DNS's built-in synchronisation mechanisms so the actual values are probably irrelevant.

Note that the "default TTL" field no longer means what it says. The real default TTL is set (in BIND at least) with the $TTL directive, and that's only used when there isn't an explicit TTL set on each record.

The "default TTL" field's meaning was changed in RFC 2308 and it's actually a hint for negative caching. If your server returns a negative response (e.g. NXDOMAIN or NODATA) it's how long the remote server should wait before trying again.

The current value is a bit on the low side, but there's no harm leaving it as is. It's often ignored anyway.

BIND – How to Set Up Wildcard DNS

Your origin for the zone is . per your configuration. You are creating records for ns1. and ns2. instead of ns1.example.com. and ns2.example.com. Since ns1.example.com and ns2.example.com aren't defined, they are matched by the wildcard.

EDIT: here's an edit of your config and zone:

zone "example.com." {
        type master;
        file "ext.zone";
};

ext.zone:

$TTL    3600
@       IN      SOA     ns1 root (
                              1         ; Serial
                         3600         ; Refresh
                          300         ; Retry
                         3600         ; Expire
                         300 )        ; Negative Cache TTL


        IN      NS      ns1
        IN      NS      ns2
        IN      A       192.0.2.6


ns1     IN      A       192.0.2.4
ns2     IN      A       192.0.2.5

*      IN      A       192.0.2.6

Everything in the zone is relative to the zone name in the named configuration, so adding a second zone just points to the same file:

zone "example.net." {
    type master;
    file "ext.zone";
};

Best Answer

Related Solutions

DNS SOA Record – Recommended TTL Default

BIND – How to Set Up Wildcard DNS

Related Topic