Reverse checker out-of-sync with RIPE-203
The reverse delegation checker on www.ripe.net seems to be out-of-sync with the recommended values in RIPE-203 (or vice-versa). For example RIPE-203 recommends 3600000 seconds (1000 hours = 5 weeks and something) for the SOA expire value. However if I actually put this into my zone file the checker at http://www.ripe.net/cgi-bin/nph-dc.cgi complains that this is too high and suggests a value between 2-4 weeks. Which is is right? One of these should be changed/corrected to resolve this discrepancy. PS: What are the current actual officially recommended SOA values for revese zones? -- Andre
Andre Oppermann <oppermann@pipeline.ch> wrote:
For example RIPE-203 recommends 3600000 seconds (1000 hours = 5 weeks and something) for the SOA expire value. However if I actually put this into my zone file the checker at http://www.ripe.net/cgi-bin/nph-dc.cgi complains that this is too high and suggests a value between 2-4 weeks.
as far as I can see that is reported as a warning only. However, the reference to RFC 1912 is a bit outdated. There's a wg action item 48.3 (see action list at http://www.ripe.net/ripe/wg/dns/action-list.html) already to document, evaluate and replace as necessary the currently applied tests. Your suggestions are welcome.
Which is is right? One of these should be changed/corrected to resolve this discrepancy.
RIPE 203 aims at "small and stable" zones. Not all IN-ADDR.ARPA zones do fall into this category. The values suggested there may still be applicable to many IN-ADDR.ARPA zones, but that depends. -Peter
participants (2)
-
Andre Oppermann -
Peter Koch