Is the domain name after SOA important?

Geert Jacobs gjacobs at domocomm.com
Thu Oct 28 11:11:39 UTC 1999 

Hi All,

> Joseph S D Yao <jsdy at cospo.osis.gov> wrote :
>
>If you have more than one name server, the one where you actually
>update the tables with an editor [or whatever] must be the name after
>the SOA.  (This is now called the "master" server, rather than the
>"primary" server.)  Plus, humans reading the SOA will expect that the
>host named there is in fact one of the zone's name servers, albeit
>perhaps hidden.

Now, I have been faced with a requirement of the Dutch ccTLD registrar in this 
respect :

The Dutch ccTLD registrar requires/demands that the name server mentioned in the 
SOA record is the same as the "primary" name server you mention in the 
registration request for your domain.

Now, we have the master server behind a firewall and 2 slave servers running on 
our firewall. We want only the 2 name servers on the firewalls to be known to 
the Internet community. We had the master name server mentioned in the SOA of 
the master server and obviously this ripples through to the SOAs of the slave 
servers on the bastions. This results in an error for the Dutch ccTLD registrar 
and they will not register your domain. Because of this rule, we are forced to 
put the name of the external slave server in the second field of the SOA record 
of our internal master name server.

Can someone tell me whether :

   - Is our original set up good practice ?
   - In the scenario described above, is this a sensible rule of the Dutch ccTLD
     Registrar ?
   - Is this good practice of the ccTLD registrar ?
   
In our plans to set up a split-meshed DNS environment, where the Internet 
visible/registered name servers are all slave servers on bastion hosts, this 
interferes with our policy that we intend to apply in other countries.

Many thanks,

Geert



>
>You could in fact set up the SOA in this manner:
>@		IN SOA	ns1 hostmaster (
>	...
>)
>
>Then, if your origin is "foo.com", the name server will be perceived to
>be "ns1.foo.com" and the "responsible party" address will be perceived
>to be "hostmaster at foo.com".  Similarly, "bar.com" => "ns1.bar.com" and
>"hostmaster at bar.com".
>
>This presupposes that everything else in the zone file should be
>identical modulo the domain name; but that seems to be what you are
>suggesting.
>
>--
>Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
>COSPO/OSIS Computer Support					EMT-B
>-----------------------------------------------------------------------
>This message is not an official statement of COSPO policies.
>

More information about the bind-users mailing list