Question re dynamically updating an SOA

Karl Auer kauer at biplane.com.au
Mon Dec 19 06:46:47 UTC 2005


Hi there.

I'm trying to automate the updating of our DNS from data held in a database. I'm using Brian Wellington's excellent dnsjava package. At present we are using BIND9.

Most update records are no problem at all, but I'm having difficulty getting my head around updating a zone's SOA.

Most of the items in an SOA have values that are ours to control; the exception is the serial number. Sending an update with an SOA record overrides the serial number; or, if the new serial number is lower than the old, the update is ignored (returning NOERROR!). The update does not, as in the case of (say) an A record update, cause an automatic increment of the serial number, it just replaces the old one. There doesn't appear to be any way to set the various components of the SOA separately.

This means that to change (say) the refresh time, I would have to get the current SOA, note all the values in it, increment the serial number value, replace the refresh value with my desired value, and do the update. Sounds plausible, except that other dynamic updates are coming into my zone all the time. So in between me getting the SOA and me updating it, the serial number could have been effectively incremented by someone else.

RFC3007 says "the primary server for a dynamic zone must increment the zone SOA serial number when an update occurs or before the next retrieval of the SOA", which I can see might not be quite so absolute when the update is an SOA. On the other hand, it seems odd that there is no way to tell the server to just deal with the serial number - such as by sending the illegal value zero.

RFC2136 says "if the zone's SOA's serial is not changed as a result of an update operation, then the server shall increment it automatically before the SOA or any changed name or RR or RRset is included in any response or transfer". Which specifically excludes an SOA update from autoincrementing. 

RFC2136 also says, just before that, "if the zone's SOA serial is changed by an update operation, that change must be in a positive direction [...]". Zero clearly doesn't count as "positive" (fair enough, see RFC1982), as attempts to change only things other than the serial number are ignored.

Soooo - what to do? Have I overlooked something obvious? Or should I forget about trying to do dynamic updates of the SOA?

Riddlingly yours, K.
 
PS: Most relevant RFC seems to be RFC2136.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (w/h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)



More information about the bind-users mailing list