The setting of SOA Expire in the name server was problematic. If secondary servers can not contact a primary server due to network outages or whatever reasons, and after 3600 seconds, the information contained in the secondary servers is considered no longer authoritative. Once SOA expiry is reached, the secondary servers will not respond to any query. IETF suggests a minimum of 1 week and the maximum is 4 weeks.
This was a big mistake. There are cases of power interruption, landslides and cable cut in which the damages last for several hours. Though the serving ISP can claim itself very technically capable to restore server problem within 1 hour, the cases of power lines breaking down, landslides and cable damages due to road digging are outside the control of the serving ISPs. We therefore have to bear the risk of people not able to reach our various websites due to the ISP’s secondary nameservers not responding which could be other source of failure outside the ISP’s control for more than 1 hour.
We escalated our complaint to the highest level and the problem was rectified. We also learnt a lesson. In future, in case of moves and changes in domain name records, apart from checking the changes are carried out, we must check the SOA serial numbers which reflect the changes made on a certain day and the SOA Expire is not inadvertently amended.
No comments:
Post a Comment