SOA/NS Question
Barry Margolin
barmar at bbnplanet.com
Thu Sep 16 17:23:34 UTC 1999
In article <199909161549.KAA23569 at achilles.ctd.anl.gov>,
Barry Finkel <b19141 at achilles.ctd.anl.gov> wrote:
>I have a question about SOA and NS records, and their interaction.
>
>In our DNS configuration, we have three machines - dns0, dns1, and dns2
>(plus two off-site secondaries). We make updates to dns0, and make sure
>that the changes are correct. Then we propogate the changes to dns1 and
>dns2. Our forward zones look like this:
>-----
>$ORIGIN ctd.anl.gov.
>; $INCLUDE named.local
>; named.soa
>; define start of authority, name servers and loopback
>; As per BIND 4.9 operations guide, serial number format is now
>; "YYYYMMDDNN" where NN is the daily sequence number.
>;
>@ IN SOA dns1.anl.gov. hostmaster.anl.gov. (
> 1999091600 ; Serial
> 7200 ; Refresh - 2 hours
> 3600 ; Retry - 1 hour
> 1209600 ; Expire - 14 days
> 604800 ) ; Minimum TTL - 7 days
> IN NS dns1.anl.gov.
> IN NS dns2.anl.gov.
> IN NS nsx.lbl.gov.
> IN NS ns2.es.net.
>localhost IN A 127.0.0.1
>$INCLUDE hosts.ctd
>$INCLUDE mx.ctd
>$INCLUDE cname.ctd
>-----
>
>We have NOT listed dns0 in a NS record, as we do not want machines to
>query that name server. The SOA record points to dns1, as that is the
>"primary" dns server we want machines to be querying. Our off-site
>secondaries are generating error messages stating that dns1 is really
>not the SOA.
What is the specific error message they're giving? I've never seen a
message that complained that a server is not the SOA. I just queried dns1
for the SOA record and the response looked fine to me.
>Can I correct the problem by changing the SOA to point to dns0?
>Will machines begin to query dns0, or will they not query dns0 because
>dns0 does not appear in an NS record?
As far as I know, the only DNS software that cares about the hostname in
the SOA record is Dynamic Update -- it will send updates to the primary
server listed there. Nothing else uses that field of the SOA record (I
think BIND 8.1.0 had a "feature" where it would reject a zone if the MNAME
weren't also an NS record, but it was fixed when lots of complaints were
received from people with hidden primaries, like you're doing).
>If I can change the SOA to point to dns0 without problems, then this
>will aid in one problem I will have with Windows 2000. Win2000 finds
>the SOA for a zone to determine to which dns it should send a dynamic
>update. In the example trace I posted last week, Win2000 sends a
>request to register
>
> lizzard.ctd.anl.gov IN A 146.137.160.161
>
>to
>
> dns1.anl.gov
>
>and we do not want dynamic updates to that dns. We want any dynamic
>updates (once we decide how to handle them) to be sent to dns0, as it
>is dns0 that has the master copy of each zone. Thanks.
Yes, as I said above, putting dns1 in the SOA record will not cause queries
to go there, it will only affect dynamic updates. So everything should be
OK if you do this.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list