Bind 9.5 configuration doubt

Barry Margolin barmar at alum.mit.edu
Thu Dec 18 05:08:47 UTC 2008 

In article <giai8i$1444$1 at sf1.isc.org>,
 Stacey Jonathan Marshall <Stacey.Marshall at Sun.COM> wrote:

> Reinaldo Matukuma wrote:
> > Hello.
> >> I'm in doubt about defining a SOA record to a zone.
> >> Is this correct and valid?
> >>
> >> $TTL    86400
> >> $ORIGIN teste.com.
> >> @                       1D IN SOA       @ root (
> >>                                        42              ; serial (d.
> >> adams)
> >>                                        3H              ; refresh
> >>                                        15M             ; retry
> >>                                        1W              ; expiry
> >>                                        1D )            ; minimum
> >>
> >>                        1D IN NS        @
> >>                        1D IN A         192.168.1.3
> >> www                     IN A            192.168.1.2
> >>
> >>
> >> This is just a example. In fact, my zone will be a public zone with 
> >> valid
> >> ip addresses.
> >>
> >> My doubt is if it's correct specify the "owner" and "source-dname" with
> >> "@", once "@" denotes the current origin. If I used $ORIGIN like in 
> >> example
> >> then I suppose that "@" will define just "teste.com" too.
> >>
> >> But I make this test into a interna DNS server and look as a valid
> >> configuration.
> >>
> >
> I've seen a number of configurations where the $ORIGIN is set and then 
> the '@' sign is used as the first position in the SOA.
> But I've never understood that as I thought that the idea of the @ was 
> to use the ORIGIN as defined in the 'zone' statement.  Either way the 
> ISC training suggested that the @ not be used in practice as its often 
> looked-over and inappropriately copied to other files.  Therefore I 
> would suggest that placing the '@' character in other locations really 
> isn't a good idea.  think about the inverse address, the above isn't 
> going to work there.

"@" represents whatever the current origin is.  If you have no $ORIGIN 
directives then this defaults to the one in the "zone" statement in the 
named.conf.  If you do have $ORIGIN, @ will be replaced with the most 
recent origin specified that way.

The benefit of "@" is not having to retype the zone name throughout the 
file.  For subdomains you achieve this by entering relative names (with 
no trailing "."), but if you want to use the zone name (or origin) 
itself you need to use "@" to achieve this.

There's nothing wrong with using it on the RHS, although this is 
relatively uncommon because it's unusual to point anything to the zone 
itself except maybe as a synonym for www.<zone>.  The above example uses 
the zone name as the nameserver, which is quite unusual I think.

While copying records like this may sometimes be inappropriate, it also 
can make things easier.  It's not uncommon to have lots of domains that 
are all identical, and you can do this by using the same file for all of 
them.  This works as long as the zone file only uses relative names.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list