Is the domain name after SOA important?
Geert Jacobs
gjacobs at domocomm.com
Thu Oct 28 11:11:39 UTC 1999
Hi All,
> Joseph S D Yao <jsdy at cospo.osis.gov> wrote :
>
>If you have more than one name server, the one where you actually
>update the tables with an editor [or whatever] must be the name after
>the SOA. (This is now called the "master" server, rather than the
>"primary" server.) Plus, humans reading the SOA will expect that the
>host named there is in fact one of the zone's name servers, albeit
>perhaps hidden.
Now, I have been faced with a requirement of the Dutch ccTLD registrar in this
respect :
The Dutch ccTLD registrar requires/demands that the name server mentioned in the
SOA record is the same as the "primary" name server you mention in the
registration request for your domain.
Now, we have the master server behind a firewall and 2 slave servers running on
our firewall. We want only the 2 name servers on the firewalls to be known to
the Internet community. We had the master name server mentioned in the SOA of
the master server and obviously this ripples through to the SOAs of the slave
servers on the bastions. This results in an error for the Dutch ccTLD registrar
and they will not register your domain. Because of this rule, we are forced to
put the name of the external slave server in the second field of the SOA record
of our internal master name server.
Can someone tell me whether :
- Is our original set up good practice ?
- In the scenario described above, is this a sensible rule of the Dutch ccTLD
Registrar ?
- Is this good practice of the ccTLD registrar ?
In our plans to set up a split-meshed DNS environment, where the Internet
visible/registered name servers are all slave servers on bastion hosts, this
interferes with our policy that we intend to apply in other countries.
Many thanks,
Geert
>
>You could in fact set up the SOA in this manner:
>@ IN SOA ns1 hostmaster (
> ...
>)
>
>Then, if your origin is "foo.com", the name server will be perceived to
>be "ns1.foo.com" and the "responsible party" address will be perceived
>to be "hostmaster at foo.com". Similarly, "bar.com" => "ns1.bar.com" and
>"hostmaster at bar.com".
>
>This presupposes that everything else in the zone file should be
>identical modulo the domain name; but that seems to be what you are
>suggesting.
>
>--
>Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
>COSPO/OSIS Computer Support EMT-B
>-----------------------------------------------------------------------
>This message is not an official statement of COSPO policies.
>
More information about the bind-users
mailing list