coredns: tighten SOA timers to nudge HE's internal sync
Previously: refresh=3600 retry=1800 minimum=300 (RFC-conformant but
slow). With HE's free secondary service exhibiting puller→anycast
replication lag of up to ~1 hour, we want to give them every signal
to refresh faster.
New: refresh=300 retry=120 minimum=60.
- refresh 300s: slaves poll our SOA every 5 minutes. ~91 zones polled
by HE = ~1 query/sec to dell01:53, trivial load. If HE honors the
master's refresh internally (some secondary providers do, some
don't), this also nudges their puller→anycast sync.
- retry 120s: kept < refresh per RFC 1912 §2.2.
- minimum 60s: tightens NXDOMAIN negative-cache TTL on public
resolvers from 5 min to 1 min. The dominant window when a newly-
added name is briefly NX-cached on Cloudflare/Google/Quad9 before
they re-ask HE.
expire stays at 604800 (1 week) — that's "how long HE keeps serving
stale data if we vanish," unrelated to fresh-data propagation.
This commit is contained in:
parent
f6111c2cbd
commit
fb3f4c5b31
@ -76,10 +76,14 @@ for src in "$SRC_DIR"/*.zone; do
|
||||
echo "\$TTL 3600"
|
||||
echo "@ 3600 IN SOA ns1.he.net. ${ADMIN_EMAIL}.${zone}. ("
|
||||
echo " ${SERIAL} ; serial — bump per change (SERIAL=YYYYMMDDNN make prep)"
|
||||
echo " 3600 ; refresh (1 hour)"
|
||||
echo " 1800 ; retry (30 minutes)"
|
||||
echo " 300 ; refresh (5 min) — slaves poll us this often;"
|
||||
echo " ; tightened from 3600 to nudge HE's internal"
|
||||
echo " ; puller→anycast replication"
|
||||
echo " 120 ; retry (2 min) — kept < refresh per RFC 1912"
|
||||
echo " 604800 ; expire (1 week)"
|
||||
echo " 300 ; minimum (5 minutes)"
|
||||
echo " 60 ; minimum (1 min) — negative-cache TTL on public"
|
||||
echo " ; resolvers; shrinks the window when an old"
|
||||
echo " ; NXDOMAIN keeps showing after we add a name"
|
||||
echo " )"
|
||||
echo ""
|
||||
# Inject HE nameservers as the authoritative NS set.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user