SOA/NS Question

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Sep 16 15:49:17 UTC 1999 

I have a question about SOA and NS records, and their interaction.

In our DNS configuration, we have three machines - dns0, dns1, and dns2
(plus two off-site secondaries).  We make updates to dns0, and make sure
that the changes are correct.  Then we propogate the changes to dns1 and
dns2.  Our forward zones look like this:
-----
$ORIGIN ctd.anl.gov.
; $INCLUDE named.local
;       named.soa
;       define start of authority, name servers and loopback
;       As per BIND 4.9 operations guide, serial number format is now
;               "YYYYMMDDNN" where NN is the daily sequence number.
;
@               IN      SOA     dns1.anl.gov. hostmaster.anl.gov. (
                                1999091600      ; Serial
                                7200            ; Refresh     - 2 hours
                                3600            ; Retry       - 1 hour
                                1209600         ; Expire      - 14 days
                                604800     )    ; Minimum TTL - 7 days
                IN      NS      dns1.anl.gov.
                IN      NS      dns2.anl.gov.
                IN      NS      nsx.lbl.gov.
                IN      NS      ns2.es.net.
localhost       IN      A       127.0.0.1
$INCLUDE hosts.ctd
$INCLUDE mx.ctd
$INCLUDE cname.ctd
-----

We have NOT listed dns0 in a NS record, as we do not want machines to
query that name server.  The SOA record points to dns1, as that is the
"primary" dns server we want machines to be querying.  Our off-site
secondaries are generating error messages stating that dns1 is really 
not the SOA.

Can I correct the problem by changing the SOA to point to dns0?
Will machines begin to query dns0, or will they not query dns0 because
dns0 does not appear in an NS record?  

If I can change the SOA to point to dns0 without problems, then this 
will aid in one problem I will have with Windows 2000.  Win2000 finds
the SOA for a zone to determine to which dns it should send a dynamic 
update.  In the example trace I posted last week, Win2000 sends a
request to register 

     lizzard.ctd.anl.gov    IN   A    146.137.160.161

to 

     dns1.anl.gov

and we do not want dynamic updates to that dns.  We want any dynamic 
updates (once we decide how to handle them) to be sent to dns0, as it
is dns0 that has the master copy of each zone.  Thanks.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
Building 221, Room B236              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4844             IBMMAIL:  I1004994

More information about the bind-users mailing list