SOA RNAME Value

Justin Krejci jkrejci at usinternet.com
Thu Apr 14 15:07:45 UTC 2011 

Sorry, was a long day (for other reasons) here is a maybe an easier to
follow summary.

When the SOA RNAME value does not include the final dot at the end you
append the zone automatically. The zone in this case contains a forward
slash character "/" which is not a valid email address in the domain
part.
When the zone "d/26.c.b.a.in-addr.arpa." contains an SOA RNAME value of
"hostmaster" thereby making the email address
hostmaster at d/26.c.b.a.in-addr.arpa. and then BIND will just give
SERVFAIL on any query for that zone. When the same zone contains
"hostmaster.domain.com." instead BIND serves the records as expected.

So I am wondering if this is normal/expected behavior for BIND and if so
should debug logging or named-checkzone with debugging be able to
identify this as the problem. Or am I missing something else altogether?

Thank

On Wed, 2011-04-13 at 22:06 -0500, Justin Krejci wrote:

> Hello List,
> 
> When troubleshooting a particular reverse delegated zone to us we used
> the normal "d/26.c.b.a.in-addr.arpa" naming for the zone. A couple of
> zones did not get served correctly (tried on BIND 9.7.0-P2 and 9.7.3)
> and any query for a record within these zones always came back with a
> SERVFAIL. After coming thru all of the syntax in the config and zone
> everything checked out as valid. I enabled debug logging which didn't
> really yield any useful data. I tried running debug on the
> named-checkzone and everything came back clean. Web searches were not
> very helpful especially since I didn't really know what search
> keywords to use. Eventually I compared one working reverse delegated
> zone to one of the problem ones with a more granular eye and I noticed
> the RNAME in the SOA was different where the SERVFAIL one had
> "hostmaster" and the working one had "hostmaster.domain.com.". I
> thought well I might as try it out and replaced the "hostmaster" with
> "hostmaster.domain.com." and sure enough it was serving the domain
> just fine after that.
> 
> So I know you can get away with using just "hostmaster" in the RNAME
> field if your zone/domain actually makes sense but in this case it was
> not working and I can only think it has to do with the slash "/"
> character in the zone name. Is this behavior documented? Is it perhaps
> a bug? Certainly I personally will remember this as an issue going
> forward but will others run into this trouble as well? Am I way off
> base on thinking it should have been more easily identifiable what the
> problem is with using the debug logs and debug named-checkzone tool? I
> know the RNAME field should just be set to an appropriate value but
> does anyone generally even use the RNAME? The authoritative name
> servers are giving an NXDOMAIN or SERVFAIL or whatever it's not like
> you can even see the SOA anyways.
> 
> Thanks for any insight!! 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110414/6a6f324b/attachment.html>

More information about the bind-users mailing list