Is the domain name after SOA important?

Joseph S D Yao jsdy at cospo.osis.gov
Thu Oct 28 17:36:33 UTC 1999


Geert Jacobs wondered:
> > Joseph S D Yao <jsdy at cospo.osis.gov> wrote :
> >If you have more than one name server, the one where you actually
> >update the tables with an editor [or whatever] must be the name after
> >the SOA.  (This is now called the "master" server, rather than the
> >"primary" server.)  Plus, humans reading the SOA will expect that the
> >host named there is in fact one of the zone's name servers, albeit
> >perhaps hidden.
> 
> Now, I have been faced with a requirement of the Dutch ccTLD registrar in this 
> respect :
> 
> The Dutch ccTLD registrar requires/demands that the name server mentioned in the 
> SOA record is the same as the "primary" name server you mention in the 
> registration request for your domain.
> 
> Now, we have the master server behind a firewall and 2 slave servers running on 
> our firewall. We want only the 2 name servers on the firewalls to be known to 
> the Internet community. We had the master name server mentioned in the SOA of 
> the master server and obviously this ripples through to the SOAs of the slave 
> servers on the bastions. This results in an error for the Dutch ccTLD registrar 
> and they will not register your domain. Because of this rule, we are forced to 
> put the name of the external slave server in the second field of the SOA record 
> of our internal master name server.
> 
> Can someone tell me whether :
> 
>    - Is our original set up good practice ?

I always wonder about how an update is secured through a firewall.  ;-?
Other than that, though, having a hidden master is not a bad practice.
But there seem to be a number of registrars who dislike it.

>    - In the scenario described above, is this a sensible rule of the Dutch ccTLD
>      Registrar ?
>    - Is this good practice of the ccTLD registrar ?

It does not seem reasonable to me.  It is making old assumptions.  But
I have no say over those registrars.  ;-)

--
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.


More information about the bind-users mailing list