3

I need to test various DNS changes on my domain which require that the zone file changes I make are updated quickly.

I'm a bit confused between Refresh, Retry, Expire and TTL values. Which is the one I need to set to a minimum, to "propogate DNS changes" (if I may use the term) without much latency? I'm rather new to nameservers, but have three nameservers set to rsync their zone files every 2 minutes. The first server (ns1.mydomain) has the following setup:

mydomain.com.       IN      SOA     ns1.mainnameserver.co.in. admin.mydomain.com. (
                   2007010401           ; Serial
                         1800           ; Refresh [1h=3600] 1800=30m
                          600           ; Retry   [10m]
                        86400           ; Expire  [2weeks] 86400=1day
                          600 )         ; Negative Cache TTL [1h]
;
$TTL 3m;
mydomain.com.      IN     NS      ns1.mainnameserver.co.in.
mydomain.com.      IN     NS      ns2.mainnameserver.co.in.
mydomain.com.      IN     NS      ns3.mainnameserver.co.in.
mydomain.com.      IN     MX      10 her.mainnameserver.co.in.
mydomain.com.      IN     A       198.13.18.223
www.mydomain.com.  IN     A       198.13.18.223
ns1.mydomain.com.  IN     A       197.18.72.23
ns2.mydomain.com.  IN     A       36.124.102.106
ns3.mydomain.com.  IN     A       36.117.98.133
mydomain.com.     3501    IN     TXT   "v=spf1 a:her.mainnameserver.co.in mx:hermes.mainnameserver.co.in mx: ip4:191.21.218.223 ~all"
*.mydomain.com.   3600    IN      CNAME   mydomain.com.

I've assumed that TTL is the value I need, and have set it as above, to 3 minutes. Is it the right way to do it?

On a related note..With the above zonefile, when I do a named-checkzone, I get /var/lib/bind/db.mydomain.com:1: no TTL specified; using SOA MINTTL instead. Why is this message shown? How do I avoid the warning and do it properly?

Joel G Mathew
  • 890
  • 1
  • 9
  • 18
  • Related: http://serverfault.com/questions/389801/what-dns-settings-to-use-to-migrate-domain-from-one-server-to-another – Deer Hunter Jun 12 '13 at 07:42
  • Have you increased the serial after updating the zonefile and before reloading bind? – krissi Jun 12 '13 at 07:53
  • @krissi I've never incremented the serial, but have had DNS changes work. Is it required? – Joel G Mathew Jun 12 '13 at 07:57
  • Not sure in your case. If you restart all your servers after updating it may not be required. If you were using AXFR to replicate your zone to the servers or just reload your bind it would be required. For your scenario it would be a good idea to switch to AXFR anyways. It allows faster updates without downtimes. You can use `dig www.mydomain.com.` to check the remaining TTL of the record. – krissi Jun 12 '13 at 08:11
  • What I've done is two seperate cron jobs. One cron rsyncs zone and config files to the other two. A seperate cron (on each server) restarts bind9 half a minute after the rsync. These run every 5 minutes. Is this an inefficient implementation? – Joel G Mathew Jun 12 '13 at 08:16
  • Yep. DNS is able to transfer zones by itself via AXFR. When updating your zone (via `nsupdate` or via `rndc freeze mydomain.com`, edit zonefile, increase serial, and `rndc unfreeze mydomain.com` (your) bind will notify `ns[2,3].mainnameserver.co.in.` about the changes. If the servers were allowed to do an AXFR for this zone (via bind-acl) they would replicate the zone. Google for `AXFR` for howtos, this is off-topic in this question ;) – krissi Jun 12 '13 at 08:25

1 Answers1

2

TTL is definitly the value you need.

Have you tried writing it in seconds? set your TTL value to the following:

$TTL 180;

I believe the error you get is because you've used minutes. It doesn't understand you have actually specified the TTL and therefore defaults back to the SOA MINTTL value.

Remember to restart bind and run a new named-checkzone!

This page also describes what you're after in a nice way - Link

xstnc
  • 822
  • 1
  • 12
  • 20
  • I have never even thought of using other units I'm afraid.. I found this article http://ipamworldwide.com/dns-zone-files.html describing zonefiles and the ability of using m,h,d,w. On the other hand, that should have worked with your "3m" so it could be that Bind is the culprit here.. – xstnc Jun 12 '13 at 08:28
  • Actually the error message was still there. It disappeared when $TTL was added to the top of the file. It seems to accept 3m too as input. – Joel G Mathew Jun 12 '13 at 09:52
  • Good to know! Glad it worked out! – xstnc Jun 12 '13 at 10:12
  • 1
    The warning has a bit of history behind it. Originally, the last field of the SOA record defined the default TTL. RFC 2308 redefined it as negative TTL, and moved default TTL to the `$TTL` directive. Not specifying one rightly means that your server is falling back to the global default. – Andrew B Jun 16 '13 at 17:57