Douglas Muth on 9 Feb 2009 14:27:37 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] reducing DNS expiry value

On Mon, Feb 9, 2009 at 5:19 PM, Bill Hance <> wrote:
>  I am going to be changing the IP address of a web and email server.  I
> also serve the DNS for the domain.  Is it the BIND "expiry" value that I
> want to reduce to something like one hour in advance of the change?
> There are configurable values for refresh, retry, expiry, and minimum
> TTL.
>  I set the expiry value from 4W to 1D for all my domains a few weeks ago,
> and want to make sure I'm on the right track.  If I understand the
> process correctly, a couple of days prior to the change, I could change
> the expiry value to 1H.

The expiry value in the SOA record governs how long secondary DNS
servers will continue to keep zone data is the primary server becomes
unreachable.  Recommended value is 4W.  In the example you give above,
setting the expiry to 1H would mean that if your primary DNS server
were to say, go offline due to a natural disaster, after 1H the
secondary DNS server would purge its own records of that domain,
essentially leaving your domain unresolvable.  That is very bad.

I think you mean the TTL values, which are usually stored with each
individual record. (though there may be a default TTL set for the
domain)  Setting them to 1H (or less) is generally a good idea when
switching IP addresses.

-- Doug
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --