SOA serial increment when we update SOA RR

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Wed Oct 4 17:58:24 UTC 2017 

Well, it's not *obvious* how Dynamic Update works in the case of an SOA RR, but RFC 2136 does say:

3.4.2.2. Any Update RR whose CLASS is the same as ZCLASS is added to
   the zone.  In case of duplicate RDATAs (which for SOA RRs is always
   the case, and for WKS RRs is the case if the ADDRESS and PROTOCOL
   fields both match), the Zone RR is replaced by Update RR.  If the
   TYPE is SOA and there is no Zone SOA RR, or the new SOA.SERIAL is
   lower (according to [RFC1982]) than or equal to the current Zone SOA
   RR's SOA.SERIAL, the Update RR is ignored.

So, the server ignores the update if the serial number of the new one is equal or lower. If the serial number is higher, the new SOA replaces the old one.

Bottom line: you can explicitly bump the serial number of an SOA RR, via Dynamic Update, by replacing the SOA RR with one that has a higher serial number.

In nsupdate terms, this is an "update add" operation, even though the effect is intended to be a "replace".


-          Kevin

[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
Information Security Projects - North America

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.darcy at fcagroup.com

From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Alberto Colosi
Sent: Wednesday, October 04, 2017 8:16 AM
To: rams <bramesh80 at gmail.com>; bind-users <bind-users at isc.org>
Subject: Re: SOA serial increment when we update SOA RR


SOA is a special record. As already said to read ................



you update SOA (should be only for email address if not ONLY intranet NS).



In all case if u make n update mean is needed n update. So the question is:           wy to not reflect on slave NS            if any



Increasing SN , start a NOTIFY to NS defined as slave and ALSO NOTIFY.



If n update is made and r slaves or a distribution recursive and secondary(slave) and so on, is correct to update and start a ZONE TRANSFER.



If u hve only 1 DNS at all and is not internet faced, u can decide to not update SN



Simply , the change start an incremental transer o a total transfer (depending on DNS engine on slaves NS and also notify)









________________________________
From: bind-users <bind-users-bounces at lists.isc.org<mailto:bind-users-bounces at lists.isc.org>> on behalf of rams <bramesh80 at gmail.com<mailto:bramesh80 at gmail.com>>
Sent: Wednesday, October 4, 2017 11:39 AM
To: bind-users
Subject: SOA serial increment when we update SOA RR

Greetings!!
When we change any resource record like A or AAAA, then SOA serial number gets incremented. But If we update only SOA record ,Is serial number of SOA remain same as before or serial number of SOA will increment?.

Do we have any RFC for this?

Regards,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171004/b43447aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: image001.jpg
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171004/b43447aa/attachment-0001.jpg>

More information about the bind-users mailing list