We currently have our DNS SOA record set to the following for stackoverflow.com:
primary name server = ns1.p19.dynect.net
serial = 2009090909
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 604800 (7 days)
default TTL = 60 (1 min)
Are there better choices for our refresh / retry / expire / default TTL for a site like stackoverflow.com which receives close to 1M pageviews per day?
The actual traffic rate to the site is irrelevant.
All of those settings (except for "default TTL") only affect how frequently your domain's secondary DNS servers poll the primary DNS server for updates.
If your zone only changes infrequently (which I believe yours does) then your value for "refresh" is currently a bit on the low side. Typically the primary should send a
NOTIFY
message to each of the secondaries whenever there's an update at which point the secondaries grab the zone file immediately. These days the "refresh / retry / expire" mechanism is only a backstop to that.In any event, it's likely that your DNS provider is automatically syncing changes to all of the relevant DNS servers on the fly without using DNS's built-in synchronisation mechanisms so the actual values are probably irrelevant.
Note that the "default TTL" field no longer means what it says. The real default TTL is set (in BIND at least) with the
$TTL
directive, and that's only used when there isn't an explicit TTL set on each record.The "default TTL" field's meaning was changed in RFC 2308 and it's actually a hint for negative caching. If your server returns a negative response (e.g.
NXDOMAIN
orNODATA
) it's how long the remote server should wait before trying again.The current value is a bit on the low side, but there's no harm leaving it as is. It's often ignored anyway.
Interestingly, the DNS diagnostic page from the dyn guys (our DNS hosts)..
http://dnscog.com/report/stackoverflow.com
.. says this on MINTTL:
and this on SOA refresh
Another diagnostic page at http://www.intodns.com/stackoverflow.com doesn't offer any real hints.
From Pingdom: http://dnscheck.pingdom.com/