DNS Bind question on first line

D

dpalme

I am trying to get myself back up to speed on several things, since it has been over 5 years since I have had to do any of this.

In a zone file, I have the following line:

Code: 
@       IN      SOA     ns.dougpalme.com. dpalme.cwtruck.com. (

I know that the ns.dougpalme.com. is the name server, but isn't the next entry the dpalme.cwtruck.com. supposed to be the domain name? As in FQDN?
 
RFC 1035 specifies it as:
Code: 
RNAME           A <domain-name> which specifies the mailbox of the
                person responsible for this zone.
('@' is substituted with '.')
 
ahhh got it, sorry its been a while since I have messed with this.

Thanks a bunch my friend!
 
If I might ask one final followup question, as a basic DB format, do you see any issues with this layout?
Code: 
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

dougpalme.com.           IN NS   ns.dougpalme.com.
mail.dougpalme.com.      IN A    64.150.176.124
[url]www.dougpalme.com[/url].       IN CNAME       dougpalme.com. 
ns.dougpalme.com.        IN A    664.150.176.124 
dougpalme.com.           IN A    66.226.76.185
dougpalme.com.           IN MX  10 mail.dougpalme.com.
 
The @ sign is actually the domain name. It is derived from the entry in named.conf pointing to this zonefile.
 
You could actually use

Code: 
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

[rest of records]

but that's just a detail. Looks fine otherwise, though I believe the serial number is usually 10 characters long (yyyymmdd##).
 
IIRC bind will actually add that $TTL in there if you don't have it. It will also add an $ORIGIN.

The full detailed version would look something like:
Code: 
$ORIGIN .
$TTL 86400   ; 1 day
@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

$ORIGIN dougpalme.com.
[rest of the records]
 
See the link I posted earlier:

The symbol @ is used in BIND to denote zone root (which is sometimes also called the zone apex. The value substituted for @ is either:

* The last $ORIGIN directive encountered in the file. OR
* If no $ORIGIN directive is present - BIND synthesizes one from the value of the zone name in the named.conf file , for example:
Click to expand...
 
SirDice said:
The full detailed version would look something like:
Code: 
$ORIGIN .
$TTL 86400   ; 1 day
@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

$ORIGIN dougpalme.com.
[rest of the records]
Click to expand...

I suspect you mean:
Code: 
$ORIGIN com.
$TTL 86400   ; 1 day
dougpalme       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

$ORIGIN dougpalme.com.
[rest of the records]
 
I don't think so. If you look in an expanded secondary zonefile, you will generally see three types of origin:

zone root (.)
domain (domain.com.)
hostname/subdomain (host.domain.com., sudomain.host.domain.com., etc.)
 
Ok,
I made the slight change and here is what it looks like now:
Code: 
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        2009110801      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                         IN NS   ns.dougpalme.com.
mail.dougpalme.com.      IN A    64.150.176.124
www.dougpalme.com.       IN CNAME       dougpalme.com. 
ns.dougpalme.com.        IN A    664.150.176.124 
dougpalme.com.           IN A    66.226.76.185
dougpalme.com.           IN MX  10 mail.dougpalme.com.
 
Oh, and assuming you're not in a different IP universe, I advise you to drop the 664. network ;)
 
dpalme said:
So do I really need to add the $ORIGIN entries?
Click to expand...
I do because I believe it is good practice, except I do other things differently too. My equivalent of your zone would be something like:

Code: 
$ORIGIN dougpalme.com.
$TTL    1D

@              IN     SOA    ns.dougpalme.com. dpalme.dougpalme.com. (
                                20091108001 1H 30M 7D 12H )
               IN     NS     ns
               IN     A      66.226.76.185
               IN     MX     10 mail

mail           IN     A      64.150.176.124
www            IN     CNAME  @
ns             IN     A      664.150.176.124
 
LOL Dutchman you are ok :)

Aragon:
I plan on bumping the expire up once I have everything up and running smoothly. Previous experience taught me to always drop the TTL's etc down to 1 hour while making config changes such as a new server, once I know that everything is up and running I bump it back up.
 
I appreciate everyone's assistance and help, it is greatly appreciated. One final question:

In the named.conf file I have an old entry as follows:
Code: 
zone "dougpalme.com" {
        type master;
        file "dougpalme.com";
        allow-transfer {
                66.226.76.185;
                66.226.72.77;
                common-allow-transfer;
        };
};
I understand what master is, the file, etc. Allow transfer if I am not mistaken is specifying which name servers I will transfer the zone file to; what I am not sure about is the common-allow-transfer. I do not recall seeing that before. A short explanation would be greatly appreciated.

Thanks again everyone, you have been most helpful.

Douglas
 
dpalme said:
Allow transfer if I am not mistaken is specifying which name servers I will transfer the zone file to; what I am not sure about is the common-allow-transfer.
Click to expand...
allow-transfer specifies which name servers are allowed to transfer the zone from you.

common-allow-transfer is probably an ACL. Look further up in named.conf for an acl {} block called common-allow-transfer.
 
It does not appear that named is either started or working correctly, since a netsat -an does not show it listening on port 53.

I did add a named_enable="YES" to the /etc/rc.conf and then did a KILLALL -HUP inetd to restart inetd, however that did not seem to do anything.

I know I am probably missing something very simple, but a suggestion or two would be helpful.

I have the zone file(s) modified and ready, just need to figure out why named is not listening on port 53 yet.
 
My apologies for my ignorance on the tags Dutch, I will certainly make an effort to remember that for the future :)

Thanks again for all the help today.

Douglas
 
You must log in or register to reply here.
Back
Top