ignored TTLs?
aklist_bind at enigmedia.com
aklist_bind at enigmedia.com
Mon Nov 7 18:48:58 UTC 2005
>> I needed to change the IP address for a domain, whose refresh had been
>> previously set to 3h (10800).
>>
>> I set the TTL for the domain to 5m (300), and I left it there for 3 days.
>
> So far so good.
>
>> I then changed the IP address for the corresponding A records (they did
>> not
>> have their own TTLs separate from the main TTL), set the TTL back to 3h,
>> and
>
> As someone else already pointed out, it's a good idea to leave the TTL
> short
> in the early stages of the change. Depending on your usage model, I would
> wait 24 hours before moving the TTL back to 3 hours, but I'm a bit
> paranoid.
I waited 48 hrs before changing it back, but that wasn't the problem in the
end!
>
>> reloaded Bind.
>>
>> The changes of course were picked up immediately by my slaves and my
>> upstream NS, and I thought all was fine.
>
> As Stephane pointed out in his message, this appears not to have been the
> case, although they are both showing the same serial number now. How did
> you
> test this?
I was wrong about that. I thought I had tested the secondary but I must've
forgotten (it was late on a Friday night). The problem was, with this
particular zone, I had changed that zone from a slave to a master file a few
months ago, and never changed it back. I just fixed it in the secondary's
named.conf and then the zone was loaded correctly from the primary. All the
problems I had were from the secondary serving the old zone data.
> BTW, you may be interested to know that recursion is enabled on
> ns1.enigmedia.com. That is generally a bad idea for an authoritative name
> server.
Thanks for pointing that out. I just checked my named.conf and see that I
inadvertently hosed a portion of it with some excessive use of "d" in VI
<g>. Prior to a little while ago I had recursion off outside my local subnet
<sigh>.
>
>> Question is, what did I do wrong? What do I need to do in the future to
>> prevent it from happening again?
>
> Hopefully this question is answered now, yes?
Yes, thanks Doug!
More information about the bind-users
mailing list