Expiration TTLs
Paul Romano
ittech68 at yahoo.com
Sat Dec 1 21:40:40 UTC 2012
Wes,
Thanks for the quick response. Are you authoritative for AD and, if yes, how many masters do you have for the AD domain?
We have a single hidden master pair for our AD and core domains and are set for 2 hours. We lost a device and never got alerts for the failure until after the zones failed. I am looking for some added security to avoid a failure but still want to make sure changes are propagated efficiently. Is there another factor that I should be using to define this value? Our refresh is set for 40 minutes.
Paul
________________________________
From: Wes Zuber <wes at uia.net>
To: Paul Romano <ittech68 at yahoo.com>
Cc: "bind-users at isc.org" <bind-users at isc.org>
Sent: Saturday, December 1, 2012 3:56 PM
Subject: Re: Expiration TTLs
We go with 1 hour.
--Wes
On Dec 1, 2012, at 12:17 PM, Paul Romano <ittech68 at yahoo.com> wrote:
What is a good compromise on zone expiration TTLs? Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures.
>
>Thanks
>Paul
>
>
> _______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121201/946493fb/attachment.html>
More information about the bind-users
mailing list