Stealth dns and SOA record

[Barry Margolin]

In article <949609442.47822 at shelley.paradise.net.nz>,
Nicholas Lee <nj.lee at kiwa.co.nz> wrote:
>
>"Cricket Liu" <cricket at acmebw.com> wrote in message
>news:003701bf6e79$867b7800$b577a8ce at boulder.acmebw.com...
>> > Furthermore, would I be correct in say that NOTIFYs wont work if the
>> > published primary is in the SOA entry and the other published
>secondaries
>> > slave off it.
>> >
>> > So the unpublished primary wont ever decide to send NOTIFY messages out.
>>
>> No, I think the primary master just uses the intrazone NS records to
>> determine
>> where to send NOTIFY messages.
>
>Huh?
>
>   " DNS NOTIFY works like this: [...]. It determines which servers are the
>slaves for the zone by looking at the list of NS records in the zone and
>*taking out* the one that points to the name server listed in the first
>record-specific field in the zone's SOA record as well as the local host."

If you're going to put something in the SOA record other than the
unpublished primary, make sure it's not one of the published servers.  I'm
not sure what you mean by the distinction between "published primary" and
"published secondary" -- all the published servers are slaves, so none of
them are primary.  Ignore the fact that Network Solutions's registration
form still calls the first server "Primary" -- it's a meaningless
distinction.

>So I'd be correct in saying that the SOA record is used only by: dynamic
>updates, NOTIFYs and zone tranfers?

The MinTTL field is used by caching servers as the negative cache time.
And some lame delegation warning scripts use the point of contact as the
destination for mail.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.