Multiple SOA records?
kcd at chrysler.com
Tue May 6 22:37:59 UTC 2008
Lars Hecking wrote:
> RFC 1935 says:
> 2. Exactly one SOA RR should be present at the top of the zone.
> Note: "should", not "must".
The language you quote from 1035 (1935 was obviously a typo) refers to
the validation of the data being loaded from a master file. Yes, there
*should* be only 1 SOA RR, but if the master file is *wrong*, there
*might* be more than 1 SOA RR. Stuff happens. Implicit here is the
conclusion that such a master file should be rejected by the nameserver.
But, when describing what is a valid zone and what isn't, I think a much
better source of authority is Section 4.2.1 of RFC 1034 (the companion
to 1035), which describes "
The data that describes a zone" and specifically says it includes "a single SOA RR that
describes zone management parameters.". Can't get much clearer that: "single".
Note, however, that *transactionally* a zone transfer response includes 2 SOA RRs. But those should be identical, unless perhaps the zone changed while the zone transfer was in progress.
> What kind of consequences can I expect trying to resolve records in a
> domain that has more than one SOA? The domain that is making problems
> is traininghott.com. Querying for its SOAs returns SERVFAIL, but querying
> the domain's name servers directly returns two (different) SOAs. This
> appears to create problems with mail (not sure here - another entity in
> my organisation is experiencing the problem)
traininghott.com definitely seems to have a standards-conformance issue
in the way it handles SOA queries (anyone feel like fingerprinting their
nameservers to see what DNS implementation they're running?), but I
wouldn't expect that to affect mail since mail shouldn't have any need
(that I can think of) to make SOA queries.
More information about the bind-users