[rbldnsd] RFC: Data expire support

Amos Jeffries amos at treenetnz.com
Mon Dec 19 13:53:21 MSK 2005 

----- Original Message ----- 
From: "Michael Tokarev" <mjt at tls.msk.ru>
To: <rbldnsd at corpit.ru>
Sent: Monday, December 19, 2005 10:52 PM
Subject: Re: [rbldnsd] RFC: Data expire support


> Jeff Chan wrote:
>> On Monday, December 19, 2005, 12:11:17 AM, Michael Tokarev wrote:
> []
>>>Yes there is `expire' field in the SOA record, which is not used
>>>currently, but I'm for another way to specify this expire time,
>>>because of several reasons:
>>
>> Your ideas are interesting, but I would suggest applying the
>> SOA expire time to the last time the file updated, if possible.
>> rbldnsd should have a concept of the file updating, if I'm
>> understanding things correctly.  In other words, do what the
>> expire *should* do.
>
> Well...  A dataset can consists of more than one file (which is
> very handy at times), including local additions (like metadata),
> and including locally-added SOA record (which is normal for
> mirroring a dnsbl locally).
>
> As I mentioned before, each file in a dataset can have its own
> demands for the expire time (when combining different "kinds"
> of data into one dataset).
>
> Which 'file update time' you're referring to above?  A smallest
> (ie, 'oldest') in the set (like, locally updated metadata addition)?
>
> Also, when a file is rsync'ed from remote site, unless you specify
> -t rsync option (everyone should be using it, right?), it will have
> current time as a timestamp, not 'created' time.
>
> I'm all for using SOA expire field, but there are several problems
> with that, mentioned in my first email...  And the more I think
> about all this, the less chances I see to use "normal" expire time
> from SOA.
>
> /mjt
>

My long reply to your original description hold out some hope.

Actual SOA.expiry can (correctly to the intended purpose) be based on the 
$TIMESTAMP picked from the data.

SOA.expiry = (local)data.expiry - local.now.

So whether the local clock is out or not, SOA.expiry means 'this data is 
definately invalid at nn, ask again after that', just like every DNS is 
supposed to.

Amos Jeffries
Treehouse Networks Ltd.

More information about the rbldnsd mailing list