Expiration TTLs

Paul Romano ittech68 at yahoo.com
Mon Dec 3 02:10:56 UTC 2012

Thanks for the correction on the term TTL instead of timer.  The engineer I inherited this environment from has the refresh set to 40 minutes and the zone expiration set to 2 hours.  The explanation I got was that since we are authoritative for AD we want ensure that some kind of scavenging is in place.  Your explanation suggests that the refresh time is strictly survivability and will not force an update if the serial numbers do not increment enough to implement the refresh. 
Am I stating this correctly?  Any suggestions? 


 From: Chris Buxton <chris.p.buxton at gmail.com>
To: Paul Romano <ittech68 at yahoo.com> 
Cc: "bind-users at isc.org" <bind-users at isc.org> 
Sent: Sunday, December 2, 2012 7:41 PM
Subject: Re: Expiration TTLs
On Dec 1, 2012, at 12:17 PM, Paul Romano wrote:

> What is a good compromise on zone expiration TTLs?  Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures.

The zone expiration timer is not a TTL timer. The two are different.

Zone expiration should usually be at least a week. I've set mine to 6 weeks. This timer has nothing to do with the refresh interval, which is also defined in the SOA record.

Chris Buxton
BlueCat Networks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121202/1829a82c/attachment.html>

More information about the bind-users mailing list