[DNSOP] valid value range for SOA REFRESH/RETRY/EXPIRE

神明達哉 <jinmei@wide.ad.jp> Thu, 17 October 2019 23:11 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 867A5120890 for <dnsop@ietfa.amsl.com>; Thu, 17 Oct 2019 16:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.477
X-Spam-Level:
X-Spam-Status: No, score=-1.477 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pd5EALGeYKBV for <dnsop@ietfa.amsl.com>; Thu, 17 Oct 2019 16:11:54 -0700 (PDT)
Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F36B9120168 for <dnsop@ietf.org>; Thu, 17 Oct 2019 16:11:53 -0700 (PDT)
Received: by mail-wr1-f42.google.com with SMTP id o15so3732334wru.5 for <dnsop@ietf.org>; Thu, 17 Oct 2019 16:11:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VRC1posQMZb1+VIzDORWQ9VdOgm56cN3jn+r1DBy3Q0=; b=nH/YAaYbfQBOhaPU0wb55YIs+rlKUsvI1tIR0T21rwOJCZAxJWIuD2/jxpBMNDlHKC wYHLjKikVTTvhELUNiUvU6eZkGvl1KgFmNOGXFjpKTjW/qzQX0Ylm89Dco34GXHVqUdR hiPiNKUGdPzJ2d91kUwKKHm4v0NrdH0GRUqEDFAWftz+3hkPV/ZAz8qLw3zfU5PhGFkz K4yvnTXNVCQjCT6nK+i9Q3tswJ+eoZcPQRreLfmA8bd5IzrDIv+0dajJGJuxACLan6CG 2UqZ9DJ/26wD5f/erx46lEybIxIqeih1yH4CLcVj7RH9IIONWf8UVjekoaOCRIhDESVn fbeg==
X-Gm-Message-State: APjAAAUIUwRrntnp8v1Zh9IUTcjddIb2oJLi8Se9eZIffrPYpsopuNtA 7J7ElLwqFqAcbj5cS03q0eT+ug273KKVd46TylKaYZVL
X-Google-Smtp-Source: APXvYqzdt3xC5kyqe4QiRpYWc8XF60uIIW8TsYE4HeF9Rer7nK1Lvjm6IyMZk7X4kbfSuMysVflP6O17ZhUPNBTmyW8=
X-Received: by 2002:a5d:6551:: with SMTP id z17mr4899393wrv.386.1571353911852; Thu, 17 Oct 2019 16:11:51 -0700 (PDT)
MIME-Version: 1.0
From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
Date: Thu, 17 Oct 2019 16:11:40 -0700
Message-ID: <CAJE_bqcM1PvmwR-icgz4UJuwsV_21FGs615OmExvWmHCVZX4Jw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bb8350059523571d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Z0045oQXCGXTlQjb-ZyPZ4qxN3M>
Subject: [DNSOP] valid value range for SOA REFRESH/RETRY/EXPIRE
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 23:11:56 -0000

I have a question for which I believe there's an answer already that I
couldn't find: what's the valid range for SOA REFRESH/RETRY/EXPIRE
values?

RFC1035 says:

  REFRESH         A 32 bit time interval ...
  RETRY           A 32 bit time interval ...
  EXPIRE          A 32 bit time value ...

and since it explicitly uses "unsigned" for SERIAL and MINIMUM, e.g:

  SERIAL          The unsigned 32 bit version number of the original copy

one obvious interpretation is that REFRESH/RETRY/EXPIRE are signed 32
bit integers.  And, since negative values for these don't make much
sense, we might even interpret it similar to RR TTLs as clarified in
RFC2181, i.e., 0 <= REFRESH/RETRY/EXPIRE <= 2^31-1.

Is this correct?  Implementations seem to vary on this point, btw.
>From my quick experiment with some code reading,
- BIND 9 accepts any unsigned 32-bit values
- Same for Knot
- NSD treats them like TTL (values >= 2^31 are reduced to the "default
  TTL" value)
(I've only checked at the primary side; I didn't do any test how the
secondary side of the implementation uses these values when they are
very large).

Such huge values for these parameters don't make sense in practice
anyway, so this is probably a pedantic question.  But if anyone knows
an authoritative reference that can answer it I'd appreciate it very
much.

Thanks,

--
JINMEI, Tatuya