Expiration TTLs

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Dec 5 13:02:24 UTC 2012

On 02.12.12 18:10, Paul Romano wrote:
>Thanks for the correction on the term TTL instead of timer.  The engineer I
> inherited this environment from has the refresh set to 40 minutes and the
> zone expiration set to 2 hours.  The explanation I got was that since we
> are authoritative for AD we want ensure that some kind of scavenging is in
> place.

... and if your primary server(s) fill fail for 2 hours, your zone will stop

> Your explanation suggests that the refresh time is strictly
> survivability and will not force an update if the serial numbers do not
> increment enough to implement the refresh.

that is how DNS works. The problem with microsoft DNS servers and AD is that
they do not follow this standard. 

>Am I stating this correctly?  Any suggestions?

according to what I know, use 2-3 AD servers and keep DNS on them.
Just make sure they will not fail at the same time...

If anyone has better info on how do microsoft AD sevrers work with DNS, just
let us know...
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

More information about the bind-users mailing list