SOA record no longer the first record in a zone
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jan 30 00:24:02 UTC 2003
Bert Hendriksen wrote:
>We are using Windows 2000 ADS (SP3) which uses a UNIX DNS server (Bind
>8.2.2-p5).
>In DNS we created a separate zone for ADS with allow update for the windows
>servers, now something strange happens, several times an hour dynamic
>updates take place in this zone and the reverse table (PTR records).
>After this update the SOA record is no longer the first record in
>configuration. This situation prevents the DNS administrator to make changes
>in de non-ADS zones, because the tool checks the configuration for
>inconsistencies (which is the case for the reverse lookup zone)
>
Your tool is making unwarranted assumptions. There's no rule that says
the SOA RR has to appear first in the zone file; that's just a
convention that most people follow, either because they feel it makes
the zone file more readable, or, simply out of habit. Once you enable
Dynamic Update for a zone, you're pretty much at the mercy of named's
preferences as to how the zone files get formatted. You really shouldn't
even be looking at zone files under Dynamic Update control, because
there's no guarantee that what is in the zone file exactly matches the
nameserver's perspective on the zone contents.
In any event, why would a DNS maintenance tool fail to allow changes in
one zone, just because it detected some sort of "inconsistency" in the
zone file of some *other* zone? That's seems a little paranoid to me.
- Kevin
- Kevin
More information about the bind-users
mailing list