<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Wes,</span></div><div><span>Thanks for the quick response. Are you authoritative for AD and, if yes, how many masters do you have for the AD domain?</span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>We have a single hidden master pair for our AD and core domains and are set for 2 hours. We lost a device and never got alerts for the failure until after the zones failed. I am looking for some added security to avoid a failure but still want to make
sure changes are propagated efficiently. Is there another factor that I should be using to define this value? Our refresh is set for 40 minutes. </span></div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span></span> </div><div style="color: rgb(0, 0, 0); font-family: times new roman, new york, times, serif; font-size: 16px; font-style: normal; background-color: transparent;"><span>Paul</span></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> <div style="margin: 5px 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); height: 0px; line-height: 0; font-size: 0px;" class="hr" contentEditable="false"
readonly="true"></div> <b><span style="font-weight: bold;">From:</span></b> Wes Zuber <wes@uia.net><br> <b><span style="font-weight: bold;">To:</span></b> Paul Romano <ittech68@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "bind-users@isc.org" <bind-users@isc.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Saturday, December 1, 2012 3:56 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: Expiration TTLs<br> </font> </div> <br>
<div id="yiv884746794"><div>We go with 1 hour.<div><br></div><div>--Wes</div><div><br></div><div><div><div>On Dec 1, 2012, at 12:17 PM, Paul Romano <<a href="mailto:ittech68@yahoo.com" rel="nofollow" target="_blank" ymailto="mailto:ittech68@yahoo.com">ittech68@yahoo.com</a>> wrote:</div><br class="yiv884746794Apple-interchange-newline"><blockquote type="cite"><div><div style='font-family: "times new roman", "new york", times, serif; font-size: 12pt; background-color: rgb(255, 255, 255);'><div><span>What is a good compromise on zone expiration TTLs? Our DNS is authoritative for AD DNS and we want to make sure we force records to refresh but do not want to expose ourselves to the risk of zone failures.</span></div><div style='font-family: "times new roman", "new york", times, serif; font-size: 16px; font-style: normal; background-color: transparent;'><span></span> </div><div style='font-family: "times new roman", "new york", times,
serif; font-size: 16px; font-style: normal; background-color: transparent;'><span>Thanks</span></div><div style='font-family: "times new roman", "new york", times, serif; font-size: 16px; font-style: normal; background-color: transparent;'><span>Paul</span></div><div><br><br> </div> </div></div>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="nofollow" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org" rel="nofollow" target="_blank" ymailto="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>https://lists.isc.org/mailman/listinfo/bind-users</blockquote></div><br></div></div></div><br><br> </div> </div> </div></body></html>