The Start of Authority

At the start of the zone, you have the SOA record. The Start of Authority dictates that this zone is authoritative for the domain in question, palmcoder.net.

j f - - p Notice that palmcoder.net ends in a full stop (a period). This is extremely impor-

— , tant in the zone file for any domain. A full stop is the delimiter for the end of the DNS tree, following the palmcoder.net domain all the way up the tree, the full domain name is palmcoder.net (with the full stop). If a full stop is not found, as in the zen record listed at the end in the example, the SOA's domain will be appended to the host name in the record.

The SOA can be further analyzed to break down the record's uses.

The SOA Server

After the definition of the domain you are managing, you need to define the server that is authoritative for the domain. It may seem bizarre, but you are referring to a name, not an IP

address in this case, because BIND is aware that it needs to find the IP address for the server from its zone file (it may sound like a vicious circle, but it does work). In Listing 21-2, for example, the SOA for palmcoder.net is zen.palmcoder.net.

The Hostmaster

As with most things on the Internet, it is common practice to provide a technical contact for the service. In this case, it is the e-mail address justin.palmcoder.net. You will notice that there is no @ sign in the e-mail address, but a full stop (period). The hostmaster for the palmcoder.net zone is justin.palmcoder.net ([email protected]).

r : i' j If the e-mail address of the hostmaster contains a full stop, you need to ''escape''

i-.-.,". it with a backslash. For example, if your email address is justin.davies

@palmcoder.net, the hostmaster entry is justin\.davies.palmcoder.net.

The SOA Record

The brackets around the rest of the data dictate that everything else up to the closing bracket is part of the SOA record. All time settings are in seconds.

The Serial Number

The first entry is the serial number for the zone. This is one of the most important parts of the SOA because it must be changed any time you edit the zone file. It is the serial number that tells other DNS servers that are querying your DNS server that data has changed. If you do not change the serial number, your changes will not get propagated through the system.

i- ■ i■ . If you use emacs to edit the zone file, it will use DNS mode to edit the file and the

W '3 . i-.-.,".\s ^ serial number will be automatically updated by emacs when you save the file.

The general form of the serial number is the date, followed by an arbitrary number. For the 24th of July, you use 2007072401 (July 24, 2007). Notice that the date is in the format yyyymmdd, with the year (2007), month (07), and day (24), with an additional two digits able to represent multiple changes in one day.

The Refresh Rate

If you have a slave DNS server in your system (as a backup to your master), the refresh rate tells the slave server how often to check for updates to the zone. If you look back at Listing 21-2, you will see the refresh rate set to 10,800 seconds (3 hours).

The Retry Rate

If your slave server cannot contact the master, the retry rate refers to how often it will attempt to contact the master. In Listing 21-2, we have set the retry rate to 3,600 seconds (1 hour).

The Expiry Time

If the slave server cannot update the zone data in this time, it stops functioning. In Listing 21-2, we have set the expiration time to 604,800 seconds (1 week).

The Time to Live

When a server caches your DNS data (for example, if a home DNS server looks up www.palmcoder.net), this is how long that data will stay in the cache until a fresh query is sent to the authoritative server. This is a very important entry because any changes you make to your zone will not propagate potentially until this TTL has expired. In Listing 21-2, we have set the TTL to 38,400 seconds (10 hours).

Was this article helpful?

0 0

Post a comment