CC:
dnsop@cafax.se
From:
"Eric A. Hall" <ehall@ehsco.com>
Date:
Sun, 22 Apr 2001 10:29:43 -0700
Sender:
owner-dnsop@cafax.se
Subject:
Re: Tips for DNS zone administration
> > * If possible, make the TTLs for the NS records for your domain as > > long as possible (604800 seconds--one week, is a good number). > > This will speed up accesses to your domain, since caches will not > > have to query the root servers as often before querying your name > > servers. > > If you do remember to set it down well before any changes... I think > that TTL's over 1-2 days should be well motivated before use. If an authoritative DNS server does get renumbered, then full-service resolvers which are unable to reach that server at its cached address will flag it as unreachable, and will use the other servers which are listed as being authoritative for the zone. In those situations, the loss of connectivity for one of the Name Servers will likely cause some minor hiccups, but it should not trigger any fatal errors unless zone replication is also prevented (if all of the copies of the zone expire because the primary master server was unreachable for an extended period of time, major problems will definitely occur). But for lookups, large TTLs on NS RRs are fine, since other servers will just stop querying them. Also, the delegation glue from the gTLDs is 2 days, so the in-zone versions of the NS *and* A RRs should definitely be at least that long (if your zone is in one of those portions of the namespace). In other words, the TTL of the NS (and the associated A) RRs for your in-zone list should be longer than the parent delegation RRs. Both the NS and A RRs should have the same TTL, otherwise deadlocks can occur. > Instead, recommend a long expire. I've seen 1 hour in zones... A week > or two is usually good. Short TTLs and long expires for non-NS hosts is an excellent suggestion -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/