Upcoming change to SOA values in .com and .net zones
Mans Nilsson
mansaxel at sunet.se
Thu Jan 8 17:26:07 UTC 2004
Subject: Re: Upcoming change to SOA values in .com and .net zones Date: Thu, Jan 08, 2004 at 08:35:54AM -0800 Quoting Owen DeLong (owen at delong.com):
> I don't see any real reason for Verisign to do this, other than possibly
> some
> lazy coding in automation tools (that SN is slightly easier to use as a
> timestamp in automation than one that is the encoded date). It doesn't
> provide
> the functionality they are striving for.
Oh, but I can see why.
The primary master server's implementor might choose to autoincrement
the SOA SERIAL if any of the following events occurs:
(1) Each update operation.
(2) A name, RR or RRset in the zone has changed and has subsequently
been visible to a DNS client since the unincremented SOA was
visible to a DNS client, and the SOA is about to become visible
to a DNS client.
(3) A configurable period of time has elapsed since the last update
operation. This period shall be less than or equal to one third
of the zone refresh time, and the default shall be the lesser of
that maximum and 300 seconds.
(4) A configurable number of updates has been applied since the last
SOA change. The default value for this configuration parameter
shall be one hundred (100).
Vixie, et. al: RFC 2136 Dynamic Updates in the Domain
Name System (DNS UPDATE), pp16-17
(formatting slightly edited)
Given:
a/ The size of the .com and .net zones and the hassle associated with doing
legacy-style maintenance of zones that size,
b/ The desire of customers with the usual bad planning habits (ie. they want
DNS delegation changes like yesterday and what is this TTL crap?)
..it is obvious that an administrator of a large, frequently updated zone
would want to prepare for dynamic updates. One of the constraints with
date-style serial numbers (the only situation when .us residents write
dates in the sensible ISO standard YYYYMMDD style ;-) is that the size of
the SOA serial number limits the number of zone generations to 100
per 24h period, which might be an issue when using dynamic updates
especially if they are being processed automatically.
Again, this is not a problem, not something to bother about, and the suits
at Verisign will not break things by this.
--
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
I'm wet! I'm wild!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040108/5fd1b36a/attachment.sig>
More information about the NANOG
mailing list