Re: [DNS] DNS problems

From: Nick Andrew <lists-dns§>
Date: Thu, 14 Mar 2002 21:48:52 +1100
On Thu, Mar 14, 2002 at 04:31:33PM +1100, Chris Disspain wrote:
> * At 7am Melbourne IT generated an incomplete zone file (it was
>   missing lots of domains), with a version serial number of 2002031407.

If the receiver ( did a simple sanity check on the count
of domains in the new versus the old files, the receiver could have
ignored the new file and sent a warning. For example if the new file
is more than 1000 domains smaller than the old file, then ignore and
raise an error.

The rule is a heuristic, i.e. it's an estimate of what might indicate
a failure. The appropriate number can be found by a statistical
analysis of the daily count of domains over (say) the last
2 years, a number can be chosen such that there's a 99% probability
that if the file shrinks by that much in one day, that the file
is bogus.

(That number may well be zero if the namespace is growing real
quickly. Presumably Melbourne IT delete unregistered domains in batches;
there might be exemptions for this.)

