[BALUG-Admin] [sf-lug] [DO NOT REPLY ALL! ...] reduced DNS redundancy: balug.org/sf-lug.org/sf-lug.com: Fwd: ns1.linuxmafia.com downtime

Rick Moen rick@linuxmafia.com
Thu Oct 25 17:03:05 PDT 2018


Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

> Impacts should mostly be pretty minimal 

Yay for DNS secondaries.  (My domains have _four_ secondaries with
diverse locations, server software, and management, in addition to
ns1.linuxmafia.com.)

Yay for SMTP robustness.  Downtime was about 2 days and 7 hours;
SMTP retries are supposed to continue at least 4-5 days according to 
RFC 5321 section 4.5.4.1.  So, I don't expect _any_ mail en-route to
linuxmafia.com to fail, unless the sending MTA is extremely
standards-incompliant.

It should be noted that the second robustness (SMTP retries) really
works only if the first one also does (authoritative DNS fallback).
Which is why, as a domain operator, one wants to have diverse
secondaries and set DNS timeout values carefully.

Let's see how long the secondaries' zones would have continued to 
be valid if ns1.linuxmafia.com had remained offline (and I didn't
otherwise fix the situation):

$ more linuxmafia.com.zone
;called as ORIGIN linuxmafia.com.
$TTL 86400
@       IN      SOA     ns1.linuxmafia.com.
rick.deirdre.net. (
                        2018101400              ; serial
                        7200                    ; refresh 2 hours
                        3600                    ; retry 1 hour
                        2419200                 ; expire 28 days
                        900                     ; negative TTL 15 mins
                        )
;
[...]

So, the DNS secondaries would have had me covered for almost a month
(but SMTP mail would have started bouncing in a couple of days).





More information about the BALUG-Admin mailing list