Multiple SOA records?
Chris Thompson
cet1 at hermes.cam.ac.uk
Wed May 7 16:11:54 UTC 2008
On May 6 2008, Lars Hecking wrote:
> RFC 1935 [corrected later to 1035] says:
>
> 2. Exactly one SOA RR should be present at the top of the zone.
>
> Note: "should", not "must".
Note also that RFC 1035 precedes RFC 2119. These are not the MUST and
SHOULD that we use these days.
> What kind of consequences can I expect trying to resolve records in a
> domain that has more than one SOA? The domain that is making problems
> is traininghott.com. Querying for its SOAs returns SERVFAIL, but querying
> the domain's name servers directly returns two (different) SOAs. This
> appears to create problems with mail (not sure here - another entity in
> my organisation is experiencing the problem).
As others have commented, there seem to be all sorts of problems with
ns{1,2}.safesecureweb.com. For example
;; reply from unexpected source: 208.112.127.177#53, expected
66.241.192.6#53
Frankly, I don't believe that the responses are coming from a BIND 9.4.x
installation, whatever TXT/CH/version.bind says, without later tampering.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list