Expiration TTLs

Paul Romano ittech68 at yahoo.com
Sat Dec 1 21:40:40 UTC 2012

Thanks for the quick response.  Are you authoritative for AD and, if yes, how many masters do you have for the AD domain?
We have a single hidden master pair for our AD and core domains and are set for 2 hours.  We lost a device and never got alerts for the failure until after the zones failed.  I am looking for some added security to avoid a failure but still want to make sure changes are propagated efficiently.  Is there another factor that I should be using to define this value?  Our refresh is set for 40 minutes.     

 From: Wes Zuber <wes at uia.net>
To: Paul Romano <ittech68 at yahoo.com> 
Cc: "bind-users at isc.org" <bind-users at isc.org> 
Sent: Saturday, December 1, 2012 3:56 PM
Subject: Re: Expiration TTLs

We go with 1 hour.


On Dec 1, 2012, at 12:17 PM, Paul Romano <ittech68 at yahoo.com> wrote:

What is a good compromise on zone expiration TTLs?  Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures.
>    _______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>bind-users mailing list
>bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121201/946493fb/attachment.html>

More information about the bind-users mailing list