Bind 9.5 configuration doubt
barmar at alum.mit.edu
Thu Dec 18 05:08:47 UTC 2008
In article <giai8i$1444$1 at sf1.isc.org>,
Stacey Jonathan Marshall <Stacey.Marshall at Sun.COM> wrote:
> Reinaldo Matukuma wrote:
> > Hello.
> >> I'm in doubt about defining a SOA record to a zone.
> >> Is this correct and valid?
> >> $TTL 86400
> >> $ORIGIN teste.com.
> >> @ 1D IN SOA @ root (
> >> 42 ; serial (d.
> >> adams)
> >> 3H ; refresh
> >> 15M ; retry
> >> 1W ; expiry
> >> 1D ) ; minimum
> >> 1D IN NS @
> >> 1D IN A 192.168.1.3
> >> www IN A 192.168.1.2
> >> This is just a example. In fact, my zone will be a public zone with
> >> valid
> >> ip addresses.
> >> My doubt is if it's correct specify the "owner" and "source-dname" with
> >> "@", once "@" denotes the current origin. If I used $ORIGIN like in
> >> example
> >> then I suppose that "@" will define just "teste.com" too.
> >> But I make this test into a interna DNS server and look as a valid
> >> configuration.
> I've seen a number of configurations where the $ORIGIN is set and then
> the '@' sign is used as the first position in the SOA.
> But I've never understood that as I thought that the idea of the @ was
> to use the ORIGIN as defined in the 'zone' statement. Either way the
> ISC training suggested that the @ not be used in practice as its often
> looked-over and inappropriately copied to other files. Therefore I
> would suggest that placing the '@' character in other locations really
> isn't a good idea. think about the inverse address, the above isn't
> going to work there.
"@" represents whatever the current origin is. If you have no $ORIGIN
directives then this defaults to the one in the "zone" statement in the
named.conf. If you do have $ORIGIN, @ will be replaced with the most
recent origin specified that way.
The benefit of "@" is not having to retype the zone name throughout the
file. For subdomains you achieve this by entering relative names (with
no trailing "."), but if you want to use the zone name (or origin)
itself you need to use "@" to achieve this.
There's nothing wrong with using it on the RHS, although this is
relatively uncommon because it's unusual to point anything to the zone
itself except maybe as a synonym for www.<zone>. The above example uses
the zone name as the nameserver, which is quite unusual I think.
While copying records like this may sometimes be inappropriate, it also
can make things easier. It's not uncommon to have lots of domains that
are all identical, and you can do this by using the same file for all of
them. This works as long as the zone file only uses relative names.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users