Is the domain name after SOA important?
Joseph S D Yao
jsdy at cospo.osis.gov
Thu Oct 28 17:36:33 UTC 1999
Geert Jacobs wondered:
> > Joseph S D Yao <jsdy at cospo.osis.gov> wrote :
> >If you have more than one name server, the one where you actually
> >update the tables with an editor [or whatever] must be the name after
> >the SOA. (This is now called the "master" server, rather than the
> >"primary" server.) Plus, humans reading the SOA will expect that the
> >host named there is in fact one of the zone's name servers, albeit
> >perhaps hidden.
>
> Now, I have been faced with a requirement of the Dutch ccTLD registrar in this
> respect :
>
> The Dutch ccTLD registrar requires/demands that the name server mentioned in the
> SOA record is the same as the "primary" name server you mention in the
> registration request for your domain.
>
> Now, we have the master server behind a firewall and 2 slave servers running on
> our firewall. We want only the 2 name servers on the firewalls to be known to
> the Internet community. We had the master name server mentioned in the SOA of
> the master server and obviously this ripples through to the SOAs of the slave
> servers on the bastions. This results in an error for the Dutch ccTLD registrar
> and they will not register your domain. Because of this rule, we are forced to
> put the name of the external slave server in the second field of the SOA record
> of our internal master name server.
>
> Can someone tell me whether :
>
> - Is our original set up good practice ?
I always wonder about how an update is secured through a firewall. ;-?
Other than that, though, having a hidden master is not a bad practice.
But there seem to be a number of registrars who dislike it.
> - In the scenario described above, is this a sensible rule of the Dutch ccTLD
> Registrar ?
> - Is this good practice of the ccTLD registrar ?
It does not seem reasonable to me. It is making old assumptions. But
I have no say over those registrars. ;-)
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list