Decrease SOA TTL

Hello!
Can I have the SOA TTL down to 1 hour for my domain.
(I don’t want to reveal my domain in a public forum, can I do it privately?).

SOA record has a high retry value (86400), recommended around 1h.

Thanks.

Dear fatgrizzly,

please contact support@desec.io for private communication. Meanwhile, for which use case would you like to decrease the SOA high retry value?

While we currently have no option to set SOA details on a per-user or per-domain basis, we’re always open for improvements.

Best,
Nils

Our DNS Monitoring solution reported this error when we analyzed our domain.
SOA record has a high retry value (86400), recommended around 1h.

Hi fatgrizzly,

DNS providers store their DNS data on several servers, usually distributed world-wide. The mechanism by which updates are circulated is called replication. There are several replication mechanisms. One of these mechanisms relies on the time interval given in the SOA record. The number you are talking about means that if replication fails, it should be retried after that interval.

We think that even one hour is too long to distribute our DNS updates. deSEC therefore uses a different replication mechanism that does not at all rely on the intervals specified in the SOA record. Our updates get distributed within seconds. The retry SOA value has no meaning at deSEC, and is purely “historical”.

Hope that helps!

Stay secure,
Peter

1 Like

Thanks for the explanation Peter, I don’t need that to be changed anymore.
And also, thanks for the Free DNS Service <3

@peter, we could consider reducing that number to more accurately reflect what’s going on, as a cosmetic change. What do you think?

So far, I thought that there is some reason why I set SOA REFRESH and RETRY to the same value, but it looks like there is no specific relationship between these. We have a good reason why we set REFRESH to 1d, and RETRY has the same value as REFRESH probably because I figured it’s easy and doesn’t matter.

But yes, it seems like there is no reason to stick to that approach, and we can set RETRY to 1h. I created an issue.