[heroes] changing the TTL of the opensuse.org
Hello, we need to request from MF-IT to change the TTL of the opensuse.org zone. I would suggest to change it to 4 days, and the change should be done tomorrow around 16:00. Before the change is done, we will need to switch our DNS to point to the provo haproxy. Does that sound fine? If so, I'll file a ticket with MF-IT today -- Theo Chatzimichos <tampakrap@opensuse.org> <tchatzimichos@suse.com> System Administrator SUSE Operations and Services Team
On Thu, Oct 12, 2017 at 10:52:13AM +0200, Theo Chatzimichos wrote:
Hello,
we need to request from MF-IT to change the TTL of the opensuse.org zone. I would suggest to change it to 4 days, and the change should be done tomorrow around 16:00. Before the change is done, we will need to switch our DNS to point to the provo haproxy. Does that sound fine? If so, I'll file a ticket with MF-IT today
Ignore this mail please, darix told me that it is not needed. MF-IT DNS servers will use their cached values, we will just not be able to do any DNS changes during the outage. So all we need to do is to switch the DNS of the proxy to provo before the outage tomorrow. Theo
Hi On Thu, 12 Oct 2017 10:52:13 +0200 Theo Chatzimichos wrote:
we need to request from MF-IT to change the TTL of the opensuse.org zone.
Why? The opensuse.org domain is controlled by the openSUSE heroes - and once we change the SOA settings in FreeIPA and everythign should be fine. About changing the TTL (I guess this is what we talk about, but not what really needs to be done in the SOA section), there is a good information in the DNS book provided here: http://www.zytrax.com/books/dns/ch8/soa.html From RFC 1912: Expire: How long a secondary will still treat its copy of the zone data as valid if it can't contact the primary. This value should be greater than how long a major outage would typically last, and must be greater than the minimum and retry intervals, to avoid having a secondary expire the data before it gets a chance to get a new copy. After a zone is expired a secondary will still continue to try to contact the primary, but it will no longer provide nameservice for the zone. 2-4 weeks are suggested values. So I would suggest to change the value "SOA expire" in freeIPA for (at least) the opensuse.org zone from 600 to 1209600, which will result a 2 weeks expiry setting.
Before the change is done, we will need to switch our DNS to point to the provo haproxy.
What do you mean with this?
Does that sound fine? If so, I'll file a ticket with MF-IT today
No need to do so - just change it on the freeipa server. Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On Thu, Oct 12, 2017 at 12:43:11PM +0200, Lars Vogdt wrote:
So I would suggest to change the value "SOA expire" in freeIPA for (at least) the opensuse.org zone from 600 to 1209600, which will result a 2 weeks expiry setting.
I see you did the change already, thanks!
Before the change is done, we will need to switch our DNS to point to the provo haproxy.
What do you mean with this?
proxy.opensuse.org should become a CNAME to proxy-prv.openssue.org Theo
Am Thu, 12 Oct 2017 18:17:39 +0200 schrieb Theo Chatzimichos <tampakrap@opensuse.org>:
What do you mean with this?
proxy.opensuse.org should become a CNAME to proxy-prv.openssue.org
Ah, ok. Would you mind doing this change at the time you need it? I guess I will be busy with the other preparations that have to be done... ;-) Regards, Lars
Am Thu, 12 Oct 2017 20:36:27 +0200 schrieb Lars Vogdt <lrupp@suse.de>:
proxy.opensuse.org should become a CNAME to proxy-prv.openssue.org
@Theo: I checked the reverse DNS and found the following entries: 130.57.72.1 => proxy-prv.opensuse.org. 130.57.72.2 => proxy-prv1.opensuse.org. 130.57.72.3 => proxy-prv2.opensuse.org. I guess this is for the upcoming HA setup, right? In this case, please add the IP addresses above to the current machine before you change the alias => as I followed the reverse DNS entries also in the forward/opensuse.org zone in FreeIPA to be consistent. Regards, Lars
participants (3)
-
Lars Vogdt -
Lars Vogdt -
Theo Chatzimichos