It's been a few days that I am doing my best to properly understand the bind9 official documentation:
http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.html
There are many bind9 tutorials out there. However, I do have many problems reconciling the proposed solutions to any official definition of a SOA RR that I can find.
Among others, I also checked:
http://en.wikipedia.org/wiki/Resource_record#DNS_resource_records
http://en.wikipedia.org/wiki/List_of_DNS_record_types
https://www.rfc-editor.org/rfc/rfc1035#page-12
And despite all that, I am still very confused about the proper format for a SOA RR.
Many tutorials seem to offer a syntax similar to this one:
example.com. 43200 IN SOA ns1.example.com. other.example.com. (
2011090302 ;Serial Number
86400 ;refresh
7200 ;retry
1814400 ;expire
86400 ;minimum
)
I don't quite explain the presence of the two domains before the opening of the parenthesise. However, without the second one, named-checkzone complained.
However, this site in particular:
http://forums.devshed.com/dns-36/bet-you-want-to-setup-a-dns-server-huh-141940.html
offers a zonefile with a SOA RR like this:
@ SOA ns1 ( ; ns1.basiczone.com is the primary server for basiczone.com
postmaster ; contact email for basiczone.com is [email protected]
2004041700 ; Serial ID in reverse date format
21600 ; Refresh interval for slave servers
1800 ; Retry interval for slave servers
604800 ; Expire limit for cached info on slave servers
900 ) ; Minimum Cache TTL in zone records
Note the absence of the class IN. Also, only one domain (ns1) is present before the opening parenthesis.
So, the main question is: what is the precise, official, or most recommended grammar for an SOA RR? Where is this grammar most precisely defined?
Finally, when to use a SOA record? My understanding is that I need a SOA record for any domain that I want to host and for which I want to be an authoritative name server.
The first name after the word SOA is
MNAME
, the name server that is authoritative for the zone -- e.g., the name of your name server itself.The second name,
RNAME
, looks like a domain name but isn't. It's the string you get if you replace the "@" character with "." in the email address of the person responsible for the zone. (Hopefully your email address doesn't have a "." before the "@".)For both of these names (and others in zone files) the zone name itself is implicitly appended unless the name ends in a period:
foo
meansfoo.example.com
, whilefoo.
meansfoo
. A common mistake is to writefoo.example.com
, which bind publishes to the world asfoo.example.com.example.com
, when you should have writtenfoo.example.com.
.The parentheses allow you to write a resource record that spans multiple lines in your text file. One of the examples you supplied puts the opening parenthesis between the
MNAME
and theRNAME
, while the other puts it after theRNAME
, but there's no functional difference."IN" specifies the "internet" class, which is the default, so you can leave it out.
Recommended grammar: Follow the wikipedia example and use a tool like
dig
ordnsq
to show what your name server is actually telling the world, instead of spending too much effort second-guessing how bind is parsing your zone file.Precise grammar: BIND source code. (Only if you're really trying to be pedantic -- not necessary if you're just trying to make your zone file work.)
Official grammar (or at least the internet equivalent of official):
Every zone should have an SOA. If you serve that zone ("authoritative" or not) you should have SOA along with all the other records in the zone. Practically speaking, if you're writing a zone file, put an SOA in there -- and if you're copying the entire zone file from someone else, so you'll get the SOA that way, so you don't need to worry about it.