-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 16/06/16 15:52, W.C.A. Wijngaards wrote: Hi Wouter,>> I wrote a patch to limit too long or too short SOA refresh and >> retry parameters. This allows the slave server to override the >> definition of SOA RR. Changes are welcome. > > Thank you for the patch. I have applied it to the code repository. > I hope the options are useful.Thanks for accepting these patches. They can certainly be useful. We have occasionally suffered from refresh floods when a zone that we slave decides to set the refresh to 1 second. Regards, Anand -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXY6dLAAoJEBXgoyUMySoF3tgP+wVSMacGsKUCkiB83C80CgGA 9rRgC8Z0xeXHBnRcWSm9eoIHtiOlO3OHM4FFPfLP24aJz2MI3uDE6if2bzWusbGq bMxbg11lhs3GWSGq0MxwJs97YS51YhHAdHbB2zda3y1aV25s+RdMQAYytYBBMoQ3 YA/isM6WOv+3WJSjI46vmeoLHJUx7+E5iP2lg53PnvRHx3Vjya6BkMJr1cXS0aDw NIFenOMgW5wgY79JDq+F+R4nwV05M1a7vJezD7lKOameUDKDbyGcilon7H3cJRA0 4FKR0EfLOu0mEhJVqNrCg0ZtkOSTaywlUeLoUfNPBBkrA7beVQNKLbEXVALpH5b7 EG34+4XaHaekc0sjT2Gm2oVLB+lV4B6Mua4wohV2dt7YiBsdZ0tdIIAgcTzHidrR XzVtcNHua1BMCwzEMMPYxOK1gA9s02o+eRmUToQoIrvwQQR3TS9W5RnCJp6Hwd3h ZoF9dqaqPgpPDtu1Q6ca3SPdXFLK0kVAnsRgI/E6GbpTxRvSwvOBPfUG/IW0U6rQ hCwYNzGiXVF2+zzxMDuOMGNXjkaGPaLG1HBKSOoKdR6BLjFi7YuUQBZEounW65Ev nB29RJUzwvmqES7dj3787/h50t0LC1q7/Ity2fBu4PrceTj1nkWXt6RMr12HhwYq Tm33/RaxwYmFC57lGr6L =lWqR -----END PGP SIGNATURE-----
Hi, I also appreciate these options but I'd like to comment on default value of min-{refresh,retry}-time, which seems to be 300 and 500 respectively. It changes default behavior of NSD, and will surprise people (including me) who really want small REFRESH value to minimise zone propagation time. So I suggest that default value of min-{refresh,retry}-time option to be 0, to leave NSD's default behavior unchanged. The option is useful for to "secondary DNS provider" who want to supress refresh flooding. If they want to do it they would select appropriate values and set these options. Regards, -- Daisuke Higashi