On 2026/05/08 14:44, Anurag Bhatia via NANOG wrote:
Hello everyone
Was wondering if anyone who has worked across root servers ops could answer about the expire value in SOA record:
dig @a.root-servers.net. . soa +short a.root-servers.net. nstld.verisign-grs.com. 2026050800 1800 900 604800 86400
So 604800 (1 week) would actually make the DNS replicas to stop resolving if disconnected for an extended period of over a week from their master? Unsure of tech root operators use to replicate zone (if other than traditional zone transfers) but many of auth DNS providers these days use database backend and thus in their case primary is DB primary, secondaries are DB replicas but from DNS software point of view all are just the masters and expire value is just ignored.
Is that also true for some or all or none of the root DNS servers?
It's true for the F-root nodes that I run. Note however that as soon as the zone expires and the server at a site starts returning SERVFAIL, a watchdog script detects this and withdraws the Anycast BGP announcements for that site. Ray