[volunteers] Nameserver

Rick Moen rick at linuxmafia.com
Thu May 19 01:28:04 PDT 2016


Daniel:

1.  In gruyere's site-docs/Changelog you wrote:

Sa 2016-05-07   Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
           The range for negative TTL in SOA records is 5 minutes to 24 hours.
           It was set to 72 hours. Changed to 12 hours and re-enabled lists
           AAAA record. Added AAAA record for ns2.

Please go back and amend that entry to state what domain/domains.
ns1.svlug.org is a primary authoritative nameserver for two domains, 
svlug.com and svlug.org.   There is also a zonefile for svlug.net, for
which ns1.svlug.org is not currently authoritative.


$ dig -t soa svlug.org @ns1.svlug.org +short
ns1.svlug.org. root.svlug.org. 2016050701 7200 3600 2419200 43200
$ dig -t soa svlug.org @ns1.svlug.com +short
ns1.svlug.org. root.svlug.org. 2016050701 7200 3600 2419200 43200
$

It appears that you edited all three files to SOA negative TTL of 43200
seconds = 12 hours.  I do not know where you got the belief that 'the
range for negative TTL in SOA records is 5 minutes to 24 hours'.  RFC
2308 section 5 specifies a recommended maximum value for this field of
10800 seconds = 3 hours.  Specifically:

  Values of one to three hours have been found to work well and would
  make sensible a default.  Values exceeding one day have been found to
  be problematic.

So, both the 72 hour value you say was there until now and the 12 hours 
you changed it to are outside RFC recommendations.  On my own DNS for
linuxmafia.com, I've found 15 minutes to be good.  (I haven't yet rolled
out that change to unixmercenary.net, which still has my older choice 
of 3 hours.)  I'm going to re-edit the three zonefiles to have 
15 mins = 900 seconds as SOA negative TTL.


2.  While I'm at it, for all three zonefiles, I'm making these further
SOA changes:

REFRESH:  Increasing from 2 hours to 12 hours (43200 seconds), because 
we use NOTIFY (RFC 1996).   RFC 1912 section 2.2 recommends 1200 to
43200 seconds, low (1200) if the data are volatile or 43200 (12 hours)
if they're not.  That RFC recommendation is actually somewhat obsolete
because of the effect of NOTIFY messages from master to slaves (meaning
it's fine to increase REFRESH to a day or more).

(The RFC is from 1996 and predates BIND8.)

RETRY:  Doubling from 1 hour to 2 hours, as a reasonable backoff given 
the change the REFRESH.  

$ dig  -t soa  svlug.org @ns1.svlug.org +short
ns1.svlug.org. root.svlug.org. 2016051900 43200 7200 2419200 900
$ dig  -t soa  svlug.com @ns1.svlug.org +short
ns1.svlug.com. root.svlug.org. 2016051900 43200 7200 2419200 900
$


3.  Looking at another of your recent gruyere site-docs/ChangeLog entries:

Tu 2016-05-03   Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
           Removed vestiges of via.net from nameserver, and updated hostnames.
           Rebooted host and added IPv6 access.

What does 'updated hostnames' mean?  What does 'added IPv6 access' mean?
Please amend your 2016-05-03 to make it so intelligent readers can
understand what the hell you did.

Daniel, seriously, you need to document what you changed, not just
handwave about your having changed _something_.

I'm having to chew up a lot of time just figuring out what you've been
doing, and this really is not good.




More information about the volunteers mailing list