docs/ripe-203</a><br>
<br>
RFC1912 (1996) recommends one day for refresh and 2-4 weeks for<br>
expire:<br>
<br>
=C2=A0 =C2=A0<a href=3D"
http://www.faqs.org/rfcs/rfc1912.html" target=3D"_=
blank">
http://www.faqs.org/rfcs/rfc1912.html</a><br>
<br>
So let's say you go with RIPE's recommendations. You'd receive<=
br>
a warning alert after your secondary DNS setup was broken for 36 hours,<br>
and you'd receive a critical alert if it was still broken after 500<br>
hours (almost 3 weeks). 500 hours after that, your domain stops<br>
being served on the secondary servers.<br>
<br>
That seems reasonable.<br>
<br>
Finally getting around to the point of this email: what do you think<br>
I should do about problematic SOA values that customers have chosen?<br>
<br>
For example, there are some domains currently on BitFolk's servers<br>
where the refresh and expire are both set to 300 seconds (5<br>
minutes). Ignoring what happens with alerts for a moment, that means<br>
that every 5 minutes the secondary servers check the primary, and if<br>
that fails even once, the domain will return SERVFAIL for all<br>
queries until contact is made again.<br>
<br>
I can't understand what the use is of such a fragile setting; it<br>
looks erroneous to me. This isn't just DNS purism saying, "ooh, I<=
br>
don't like your non-standard values!" It will actually cause<br>
breakage very easily. But perhaps it is not for me to reason why.<br>
<br>
Those domains have been like that for a long time and I assume no<br>
one has noticed. It must have caused some problems any time the<br>
primary nameserver was unreachable by the secondary servers. But<br>
arguably that is not my problem.<br>
<br>
When combined with this new alerting though, what happens is that<br>
there isn't a refresh for 5 minutes then 2.5 minutes into that a<br>
critical alert fires since we're half way to expire (5 minutes). All<br=
>
being well there should be a recovery ~2.5 mins later. In reality<br>
these times will be variable because BitFolk's Nagios doesn't check=
<br>
DNS every few minutes, more like an hour plus.<br>
<br>
That is the most extreme example of this problem, but there are a few<br>
other domains in there where refresh and expire have been set to the<br>
same value. It will lead to a cycle of alert and then recovery,<br>
forever.<br>
<br>
So, what do you think I should do?<br>
<br>
I'm not willing to give up on the alerts because I think most people<br=
>
would like to know when their DNS setup is broken (or in danger of<br>
being broken), and it saves me having to personally interact to tell<br>
people this. Intentional DNS breakage is not my problem, but<br>
answering/opening support tickets is.<br>
<br>
Alerting can be disabled on a per-domain basis. Currently only by<br>
asking support, but eventually you'll be able to flip that on the<br>
Panel=C2=B9.<br>
<br>
So how about have Panel warn on the web page about what are<br>
considered unwise SOA values, and just allow the alerts to be<br>
disabled if for some reason this sort of fragile DNS setup is<br>
intentional?<br>
<br>
Cheers,<br>
Andy<br>
<br>
=C2=B9 <a href=3D"
https://panel.bitfolk.com/dns/#toc-secondary-dns" target=
=3D"_blank">
https://panel.bitfolk.com/dns/#toc-secondary-dns</a><br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
<a href=3D"
http://bitfolk.com/" target=3D"_blank">
http://bitfolk.com/</a> -=
- No-nonsense VPS hosting<br>
</font></span><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iEYEAREDAAYFAk8lZeEACgkQIJm2TL8VSQtTRwCfe9AbxMoKFbgdv/8xA8A8dfaH<br>
7RYAn1zljbTaxOVjcWXItydio80cYDOY<br>
=3DAS62<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
users mailing list<br>
<a href=3D"
mailto:users@lists.bitfolk.com">users@???</a><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/users" target=3D"_bla=
nk">
https://lists.bitfolk.com/mailman/listinfo/users</a><br>
<br></blockquote></div><br><br clear=3D"all"><br>-- <br><div>Keith Williams=
</div><div>=C2=A0</div><div>
<p style=3D"margin-bottom:0cm">I can picture in my
mind a world without war, a world without hate. And I can picture us
attacking that world, because they'd never expect it. </p><p style=3D"m=
argin-bottom:0cm">- Jack Handey</p>
</div><div>=C2=A0</div><div>I'm sick of following my dreams. I'm ju=
st going to ask them where they're<br>going and hook up with them later=
.<br> - Mitch Hedberg</div><div><br>=E0=B8=97=E0=B8=B3=E0=B8=94=E0=B8=B5=E0=
=B9=84=E0=B8=94=E0=B9=89=E0=B8=94=E0=B8=B5 =E0=B8=97=E0=B8=B3=E0=B8=8A=E0=
=B8=B1=E0=B9=88=E0=B8=A7=E0=B9=84=E0=B8=94=E0=B8=8A=E0=B8=B1=E0=B9=88=E0=B8=
=A7</div><div><br></div>
<div>=C2=A0</div>
<div>=C2=A0</div><br>
--14dae9399b0dd8bad004b7addbb3--
From andy@??? Sun Jan 29 17:41:48 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1RrYlA-0004c6-J7
for users@???; Sun, 29 Jan 2012 1
