Confused about what $ORIGIN does in relation to @

Barry Margolin barmar at alum.mit.edu
Wed Sep 12 04:23:05 UTC 2007


In article <fc6ops$n42$1 at sf1.isc.org>,
 "Ryan McCain" <Ryan.McCain at dss.state.la.us> wrote:

> Gotcha.
> 
> Why would my zone file have 2 $ORIGIN directives?

The $ORIGIN directive sets the default domain suffix for names that 
follow it, until the next $ORIGIN.  So your file has 2 of them because 
some records are in different subdomains than others, and whoever wrote 
it wanted to minimize the repetitive typing.

If the file was created by a zone transfer, this is simply BIND's 
automatic behavior.  It always uses $ORIGIN so that the names being 
defined are just a single label.  E.g. rather than

foo.bar.com. IN A 1.2.3.4
x.y.bar.com. IN A 4.4.4.4

it will write

$ORIGIN bar.com.
foo IN A 1.2.3.4
$ORIGIN y.bar.com.
x IN A 4.4.4.4

> And how does the @ in the 
> SOA record relate to the $ORIGIN directive?

@ is expanded to the current origin.

> 
> Thanks..
> 
> 
> >>> On Tue, Sep 11, 2007 at  1:38 PM, in message
> <4F19260FE7477F4DA03B00B62E7F63903DA55189A9 at CHERRYPEPSI.uwec.edu>, "Paine,
> Thomas Asa" <PAINETA at uwec.edu> wrote: 
> > Ryan,
> > 
> >         The $ORIGIN directive will get appended to any owner or record data 
> > (like cnames) which are not already fully qualified.
> > 
> > So in the case of say "acess", it does not have a trailing . so it would 
> > become acess.$ORIGIN or acess.dss.state.la.us.
> > 
> > By commenting it out, you in essence turned acess into a toplevel acess. 
> > Since the only previous $ORIGIN statement was .
> > 
> > In slave databases you'll see an $ORIGIN directive anytime there is a 
> > change 
> > the domain portion of the owners.
> > 
> > i.e.
> > 
> > $ORIGIN foobar.com.
> > www             ......
> > $ORIGIN hr.foobar.com.
> > www             ......
> > 
> > 
> > That help?
> > 
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
> >    Thomas Paine {paineta at uwec.edu)}
> >    University of Wisconsin - Eau Claire
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> > 
> > -----Original Message-----
> > From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On 
> > Behalf Of 
> > Ryan McCain
> > Sent: Tuesday, September 11, 2007 1:00 PM
> > To: bind-users at isc.org
> > Subject: Confused about what $ORIGIN does in relation to @
> > 
> > This is another post in my attempt to gain knowledge of BIND.  Here is the 
> > top of one of my zone files:
> > 
> > $ORIGIN .
> > $TTL 3600       ; 1 hour
> > dss.state.la.us         IN SOA  dssns.dss.state.la.us. 
> > rmccain.dss.state.la.us (
> >                                 2007091103        ; serial
> >                                 1200        ; refresh (20 minutes)
> >                                 600        ; retry (10 minutes)
> >                                 1209600    ; expire (2 weeks)
> >                                 3600       ; minimum (1 hour)
> >                                 )
> >                         NS      dssns.dss.state.la.us.
> >                         NS      dssns2.dss.state.la.us.
> >                         A       205.172.49.49
> >                         MX      10 smtp-ext1.dss.state.la.us.
> >                         MX      20 smtp-ext2.dss.state.la.us.
> > $ORIGIN dss.state.la.us.
> > acess                   A       205.172.49.23
> > acess-info              A       205.172.49.23
> > acspoc                  A       205.172.49.9
> > 
> > 
> > I have the O'Reilly BIND book but it doesn't really clarify what the 
> > $ORIGIN 
> > statement is doing.  This zone file was created when the server was acting 
> > as 
> > a slave to a master Microsoft DNS server.
> > 
> > What confuses me is I have 2 $ORIGIN statements.  I am assuming this is 
> > repetitive however, I'm not 100% sure.
> > 
> > I changed the zone file to comment out the 2nd $ORIGIN statement:
> > 
> > 
> > $ORIGIN .
> > $TTL 3600       ; 1 hour
> > dss.state.la.us         IN SOA  dssns.dss.state.la.us. 
> > rmccain.dss.state.la.us (
> >                                 2007091103        ; serial
> >                                 1200        ; refresh (20 minutes)
> >                                 600        ; retry (10 minutes)
> >                                 1209600    ; expire (2 weeks)
> >                                 3600       ; minimum (1 hour)
> >                                 )
> >                         NS      dssns.dss.state.la.us.
> >                         NS      dssns2.dss.state.la.us.
> >                         A       205.172.49.49
> >                         MX      10 smtp-ext1.dss.state.la.us.
> >                         MX      20 smtp-ext2.dss.state.la.us.
> > ;$ORIGIN dss.state.la.us.
> > acess                   A       205.172.49.23
> > acess-info              A       205.172.49.23
> > acspoc                  A       205.172.49.9
> > 
> > 
> > and also tried it by changing the first $ORIGIN statement:
> > 
> > $ORIGIN dss.state.la.us.
> > $TTL 3600       ; 1 hour
> > dss.state.la.us         IN SOA  dssns.dss.state.la.us. 
> > rmccain.dss.state.la.us (
> >                                 2007091103        ; serial
> >                                 1200        ; refresh (20 minutes)
> >                                 600        ; retry (10 minutes)
> >                                 1209600    ; expire (2 weeks)
> >                                 3600       ; minimum (1 hour)
> >                                 )
> >                         NS      dssns.dss.state.la.us.
> >                         NS      dssns2.dss.state.la.us.
> >                         A       205.172.49.49
> >                         MX      10 smtp-ext1.dss.state.la.us.
> >                         MX      20 smtp-ext2.dss.state.la.us.
> > ;$ORIGIN dss.state.la.us.
> > acess                   A       205.172.49.23
> > acess-info              A       205.172.49.23
> > acspoc                  A       205.172.49.9
> > 
> > 
> > ..Both produced weird errors when I queried the domain via dnsstuff.com.
> > 
> > Can someone clarify where my $ORIGIN statement should be and also can I 
> > change dss.state.la.us in the SOA record to just @?
> > 
> > Thanks again for everyones help..

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list