MNAME not a listed NS record

Barry Margolin barmar at
Wed Jan 16 21:42:05 UTC 2013

In article <mailman.1077.1358370123.11945.bind-users at>,
 Chuck Swiger <cswiger at> wrote:

> On Jan 16, 2013, at 12:40 PM, Dave Warren wrote:
> > Is there anything technically wrong with having a SOA MNAME field that 
> > isn't listed as a NS record?
> Sure.  The SOA MNAME is expected to be the "primary master" nameserver for 
> the zone; it's where things like dhcpd and such send dynamic updates for the 
> zone to.

But that doesn't mean it should be the server for resolver queries.

> > The server listed as MNAME will host the zone and is authoritative for the 
> > zone, but out of latency concerns it isn't ideal to have other resolvers 
> > querying this server.
> why would you use that nameserver at all, then?
> Choose a nameserver which is suitable for other resolvers to query for your 
> master.

The master could be behind a firewall that only allows the published 
nameservers to connect to it.

The performance requirements of a nameserver that serves public queries 
are different from a server that only has to respond to zone transfer 
requests from the published nameservers.

> > Various online DNS diagnostic tools throw warnings, but as far as I can 
> > tell from the RFCs, this is a valid configuration. Is it valid? Are there 
> > any operational gotchas to be aware of or can I ignore the "warnings"?

Consider this a sanity check, in case you intended to list one of the NS 
records but made a typo, not a validity check.

Barry Margolin
Arlington, MA

More information about the bind-users mailing list