mail malady - dns/postfix
Norberto Meijome
freebsd at meijome.net
Wed Aug 31 16:30:18 GMT 2005
Jerod Prothe wrote:
>
>
> Norberto Meijome wrote:
>
>> Jerod Prothe wrote:
>>> Norberto Meijome wrote:
>>>> Jerod,
>>>> pls define 'local citizens'. My view of "local" is surely different
>>>> to yours.
[...]
>
> Actually the ones complaining are the ones in the same domain as our
> ISP. Meaning, pld.com (the one and only ISP in the area) subscribers are
> having trouble emailing staff here.
well, you could ask your ISP to make sure they have expired your zone if
they haven't.
you can easily test by doing
nslookup - [your_isp's_NS]
which will force nslookup to query that server.
I've known ISPs that ignore the settings in SOAs and set their
own....which is a real pain.
Still that doesn't help with those others that haven't updated yet, so
they are going to otto's IP for SMTP service. make that IP the one that
galley uses (as well as galley's real...). or just wait it out...though
for 100 days that wait will be long. I would definitely check whether
your ISP's NS is playing along nicely.
>> over time (depending on your SOA) this will get fixed.
>>
>
> What are good values to have for refresh/expire/retry times in zone
> files? I would very much like to have other's records concerning my
> network to be up-to-date.
well, it really all depends to what delay you're happy to live with.
from memory:
Refresh is the one that tells non-authoritative (downstream) DNS servers
when to refresh the data.
expire when to consider it too old to serve it at all (in case your
authoritative is down)
retry is how often to try to get the real info from your authoritative
server.
so refresh is the one you really want to focus on for when things work
ok, and the others for when your server is in trouble ;). I'd say it
roughly takes 2 times refresh time for propagation to most the network
(from experience, could be completelly wrong). It also depends on how
much your zone is cached of course (how many users request this zone
determines how many non-auth servers you need to worry about).
As I said, I've set some high traffic zones to 20 minutes refresh and it
works really well for us - YMMV
B
More information about the freebsd-questions
mailing list