If SOA negative TTL is too low, your authoritative server gets repeated NXDOMAIN queries. In HestiaCP defaults, this can be suboptimal for production traffic.
Practical workflow
- backup current template;
- patch future-zone generation;
- validate pilot zone;
- roll out to existing zones gradually.
cp /usr/local/hestia/func/domain.sh /usr/local/hestia/func/domain.sh.bak.$(date +%F-%H%M)
sed -i 's/ 180 )/ 1800 )/g' /usr/local/hestia/func/domain.shValidate zones:
named-checkzone example.com /home/admin/conf/dns/example.com.db
rndc reloadConfirm with dig:
dig +noall +answer SOA example.comUpdate persistence
Panel updates may overwrite template files. Keep backup, diff, and post-update checks.
Final takeaway
SOA tuning is easy to implement, but operational rigor is required to keep it consistent and safe over time.
This post is licensed under CC BY-NC.
Comments
Join the discussion below.
Comments are not configured yet. Add Cusdis settings in /assets/json/config/blog-comments-config.json.