mail malady - dns/postfix

Norberto Meijome freebsd at meijome.net
Wed Aug 31 16:30:18 GMT 2005 

Jerod Prothe wrote:
> 
> 
> Norberto Meijome wrote:
> 
>> Jerod Prothe wrote:
>>> Norberto Meijome wrote:
>>>> Jerod,
>>>> pls define 'local citizens'. My view of "local" is surely different 
>>>> to yours.
[...]
> 
> Actually the ones complaining are the ones in the same domain as our 
> ISP. Meaning, pld.com (the one and only ISP in the area) subscribers are 
> having trouble emailing staff here.

well, you could ask your ISP to make sure they have expired your zone if 
they haven't.

you can easily test by doing
nslookup - [your_isp's_NS]
which will force nslookup to query that server.

I've known ISPs that ignore the settings in SOAs and set their 
own....which is a real pain.

Still that doesn't help with those others that haven't updated yet,  so 
they are going to otto's IP for SMTP service. make that IP the one that 
galley uses (as well as galley's real...). or just wait it out...though 
for 100 days that wait will be long. I would definitely check whether 
your ISP's NS is playing along nicely.

>> over time (depending on your SOA) this will get fixed.
>>
> 
> What are good values to have for refresh/expire/retry times in zone 
> files? I would very much like to have other's records concerning my 
> network to be up-to-date.

well, it really all depends to what delay you're happy to live with.
from memory:

Refresh is the one that tells non-authoritative (downstream) DNS servers 
  when to refresh the  data.

expire when to consider it too old to serve it at all (in case your 
authoritative is down)

retry is how often to try to get the real info from your authoritative 
server.

so refresh is the one you really want to focus on for when things work 
ok, and the others for when your server is in trouble ;). I'd say it 
roughly takes 2 times refresh time for propagation to most the network 
(from experience, could be completelly wrong). It also depends on how 
much your zone is cached of course (how many users request this zone 
determines how many non-auth servers you need to worry about).

As I said, I've set some high traffic zones to 20 minutes refresh and it 
works really well for us - YMMV

B

More information about the freebsd-questions mailing list