Re: [DNSOP] valid value range for SOA REFRESH/RETRY/EXPIRE

Mark Andrews <marka@isc.org> Thu, 17 October 2019 23:25 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEA1712080C for <dnsop@ietfa.amsl.com>; Thu, 17 Oct 2019 16:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hS-ZgG6AliZx for <dnsop@ietfa.amsl.com>; Thu, 17 Oct 2019 16:25:33 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFBE2120168 for <dnsop@ietf.org>; Thu, 17 Oct 2019 16:25:32 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id A94923AB002; Thu, 17 Oct 2019 23:25:32 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 97AA7160054; Thu, 17 Oct 2019 23:25:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 7499916007B; Thu, 17 Oct 2019 23:25:32 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3j0b1tpfqY6h; Thu, 17 Oct 2019 23:25:32 +0000 (UTC)
Received: from [1.0.0.3] (n1-40-244-161.bla1.nsw.optusnet.com.au [1.40.244.161]) by zmx1.isc.org (Postfix) with ESMTPSA id C46BD160054; Thu, 17 Oct 2019 23:25:31 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAJE_bqcM1PvmwR-icgz4UJuwsV_21FGs615OmExvWmHCVZX4Jw@mail.gmail.com>
Date: Fri, 18 Oct 2019 10:25:29 +1100
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8B56E64-AC0A-441E-A9C9-56E4BF02238F@isc.org>
References: <CAJE_bqcM1PvmwR-icgz4UJuwsV_21FGs615OmExvWmHCVZX4Jw@mail.gmail.com>
To: =?utf-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/D9F2iTpnLC05YT3BkIzYwiO7g7o>
Subject: Re: [DNSOP] valid value range for SOA REFRESH/RETRY/EXPIRE
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 23:25:35 -0000


> On 18 Oct 2019, at 10:11 am, 神明達哉 <jinmei@wide.ad.jp>; wrote:
> 
> I have a question for which I believe there's an answer already that I
> couldn't find: what's the valid range for SOA REFRESH/RETRY/EXPIRE
> values?
> 
> RFC1035 says:
> 
>   REFRESH         A 32 bit time interval ...
>   RETRY           A 32 bit time interval ...
>   EXPIRE          A 32 bit time value ...
> 
> and since it explicitly uses "unsigned" for SERIAL and MINIMUM, e.g:
> 
>   SERIAL          The unsigned 32 bit version number of the original copy

REFRESH         A 32 bit time interval before the zone should be
                refreshed.

RETRY           A 32 bit time interval that should elapse before a
                failed refresh should be retried.

EXPIRE          A 32 bit time value that specifies the upper limit on
                the time interval that can elapse before the zone is no
                longer authoritative.

> one obvious interpretation is that REFRESH/RETRY/EXPIRE are signed 32
> bit integers.

They are all intervals.  How do you have a negative interval?

>  And, since negative values for these don't make much
> sense, we might even interpret it similar to RR TTLs as clarified in
> RFC2181, i.e., 0 <= REFRESH/RETRY/EXPIRE <= 2^31-1.
> 
> Is this correct?  Implementations seem to vary on this point, btw.
> From my quick experiment with some code reading,
> - BIND 9 accepts any unsigned 32-bit values
> - Same for Knot
> - NSD treats them like TTL (values >= 2^31 are reduced to the "default
>   TTL" value)
> (I've only checked at the primary side; I didn't do any test how the
> secondary side of the implementation uses these values when they are
> very large).
> 
> Such huge values for these parameters don't make sense in practice
> anyway, so this is probably a pedantic question.  But if anyone knows
> an authoritative reference that can answer it I'd appreciate it very
> much.
> 
> Thanks,
> 
> --
> JINMEI, Tatuya
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org