- dns-wg - mailman.ripe.net

Re: DNS recommendations - the paper
by Berislav Todorovic 24 Nov '98

24 Nov '98

>> >> yes, but only in the in-addr.arpa. zone does it have useful meaning. >> > OK - I took my "toy" (an old Linux box w/BIND 8.1.2 installed). >> >> 0 - i use rfcs not amateur pseudo-unix wannabe systems BIND works everywhere the same way - Unix implementation is irrelevant. Besides, I've just tested the same on a Sun - same result. >> 1 - i meant THE in-addr.arpa. zone, not the <whatever>.in-addr.arpa. zone. I agree with that remark - sorry for my previous misinterpretation of your message ... ;-) Nevertheless, in the case of in-addr.arpa zone the IP address should be reversed, e.g. 8.67.45.123. Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI(a)etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3370-106 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------

2 1

Re: DNS recommendations - the paper
by Randy Bush 24 Nov '98

24 Nov '98

> BIND works everywhere the same way unfortunately true. that's why i use the rfcs. randy

1 0

Re: DNS recommendations - the paper
by Randy Bush 24 Nov '98

24 Nov '98

>> yes, but only in the in-addr.arpa. zone does it have useful meaning. > OK - I took my "toy" (an old Linux box w/BIND 8.1.2 installed). 0 - i use rfcs not amateur pseudo-unix wannabe systems 1 - i meant THE in-addr.arpa. zone, not the <whatever>.in-addr.arpa. zone. randy

1 0

Re: DNS recommendations - the paper
by Berislav Todorovic 24 Nov '98

24 Nov '98

>> * The PTR section contains a possible mistake - are you sure you can write: >> 123.45.67.8 IN PTR mail.cust.com. >> >> yes, but only in the in-addr.arpa. zone does it have useful meaning. OK - I took my "toy" (an old Linux box w/BIND 8.1.2 installed). I created a bogus reverse zone 1.168.192.in-addr.arpa. Here is the zone file: @ IN SOA ns.nic.yu. hostmaster.nic.yu. ( 1997092300 10800 3600 604800 86400 ) IN NS ns.nic.yu. IN NS ns2.nic.yu. 192.168.1.1 IN PTR aaa.yyy.zz. 2 IN PTR bbb.yyy.zz. Remark: the first record is created according to the Elmar's text. The latter is a regular record. Now, watch what host utility gives: ~> host 192.168.1.1 192.168.1.1 has no PTR record (Authoritative answer) ~> host 192.168.1.2 Name: bbb.yyy.zz Address: 192.168.1.2 Conclusion? Let's see what really happened: ~> host -alv 1.168.192.in-addr.arpa 1.168.192.in-addr.arpa. 86400 IN NS ns.nic.yu. 1.168.192.in-addr.arpa. 86400 IN NS ns.nic.yu. 2.1.168.192.in-addr.arpa. 86400 IN PTR bbb.yyy.zz. 192.168.1.1.1.168.192.in-addr.arpa. 86400 IN PTR aaa.yyy.zz. Look at the last PTR record - think it looks ok? ;-) Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI(a)etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3370-106 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------

1 0

Re: DNS recommendations - the paper
by Berislav Todorovic 24 Nov '98

24 Nov '98

>> > serial number: >> > Changed zones are only reloaded if a higher serial number add "on the secondary servers" between "reloaded" and "if a ..." >> > Synopsis >> > [<hostname>] [<TTL>] IN A <IPV4 address> [<IPV4 address> ...] Wrong, of course ... RFC 1035 says clearly: 3.4.1. A RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ where: ADDRESS A 32 bit Internet address. Hosts that have multiple Internet addresses will have multiple A records. Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI(a)etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3370-106 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------

2 1

DNS-help document available?
by Kurt Kayser 24 Nov '98

24 Nov '98

Hi! Last time in Edinburgh we've started a document about basic DNS setup procedures. Did somebody continue on it? Where's the latest version available? Thanks, Kurt -- || Kurt Kayser - Internet Planning Engineer || || Viag Interkom - Riesstr. 25 - 80992 Munich - Germany|| || Tel: +49 89 1480 3827 - Fax: 3878 ||

3 2

Re: Recommendations for DNS
by Wilfried Woeber, UniVie/ACOnet 22 Sep '98

22 Sep '98

=>> SOA The address in this field must be a valid e-mail address to the =>> administrator for the DNS. =>> It's also good practise to have role address instead of =>> personal, ie root.. admin.. hostmaster.. =>> (when domain-administrator is leaving your company, you =>> only change the alias for role address). = =I would add: "The 'at' ('@') sign of the email address should be =replaced by a dot, e.g. instead of <hostmaster(a)foo.bar.com>, the =address should be specified as hostmaster.foo.bar.com, as given =in the following example." With regard to the '@' sign hack, I'd rather use 'must' than 'should' :-) On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at ! Wilfried. -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Tel: +43 1 4277 - 140 33 Vienna University : Fax: +43 1 4277 - 9 140 Universitaetsstrasse 7 : RIPE-DB (&NIC) Handle: WW144 A-1010 Vienna, Austria, Europe : PGP public key ID 0xF0ACB369 --------------------------------------------------------------------------

6 5

Re: Recommendations for DNS
by Berislav Todorovic 22 Sep '98

22 Sep '98

>> > On top of that, I suggest to clearly describe the requirement to quote >> > any "leading" dot(s) that are *not* supposed to be converted to an '@' >> > character. >> > Like in wilfried\.woeber.univie.ac.at ! >> >> While this particular hack works, it is a clear violation of the spec. The simplest solution to the problem is to stick with the recommendation, already given in the proposed document: instead of using real addresses, usage of role accounts is preferred. A very good practice is to create the role account <hostmaster@domain>. Besides, it's recommended by the RFC 2142, which has STD status. Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI(a)etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3370-106 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------

1 0

Re: Recommendations for DNS
by Simon Leinen 22 Sep '98

22 Sep '98

>> Like in wilfried\.woeber.univie.ac.at ! > While this particular hack works, it is a clear violation of the spec. Well, RFC 1035 explicitly uses this in its examples, and RFC 1912 also mentions this in section 2.2 "SOA records". So it may be a hack, but it's an IETF-sanctioned hack :-) -- Simon.

1 0

Re: Recommendations for DNS
by Berislav Todorovic 22 Sep '98

22 Sep '98

>> This is the action point from RIPE-28 thats in the final stage. >> I will be presenting this at RIPE-31 this Thursday. >> So any comments and suggestions will be looked at if they arrive before >> Thursday. In general, the text is ok, though I think a more detailed text covering DNS is really needed. However, that can be left for some next iteration. Minor changes I would suggest here follow: >> To have a document for LIR:s to use for their customers instead of a >> number of RFC:s. I would add: "This document should be taken as a brief DNS reminder. For thorough understanding, reading RFC's and books, listed at the end of this document, is highly recommended". >> SOA The address in this field must be a valid e-mail address to the >> administrator for the DNS. >> It's also good practise to have role address instead of >> personal, ie root.. admin.. hostmaster.. >> (when domain-administrator is leaving your company, you >> only change the alias for role address). I would add: "The 'at' ('@') sign of the email address should be replaced by a dot, e.g. instead of <hostmaster(a)foo.bar.com>, the address should be specified as hostmaster.foo.bar.com, as given in the following example." >> MX When pointing a domain to a mailserver/hostname, do not forget >> to add a record ( A ) for this. I would add: "only if the hostname is within the zone (see below)". >> Additional reading and references: >> >> ftp://ftp.ripe.net/internet-drafts/draft-ietf-dnsind-classless- >> inaddr-04.txt >> ( For reverse delegation methods for blocks smaller than /24, >> 256 addresses ) This is outdated and has to be changed with the pointer to RFC 2317. Regards, Beri .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI(a)etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3370-106 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------

1 0