# DNS Bind question on first line



## dpalme (Nov 8, 2009)

I am trying to get myself back up to speed on several things, since it has been over 5 years since I have had to do any of this.

In a zone file, I have the following line:


```
@       IN      SOA     ns.dougpalme.com. dpalme.cwtruck.com. (
```

I know that the ns.dougpalme.com. is the name server, but isn't the next entry the dpalme.cwtruck.com. supposed to be the domain name? As in FQDN?


----------



## crsd (Nov 8, 2009)

RFC 1035 specifies it as:

```
RNAME           A <domain-name> which specifies the mailbox of the
                person responsible for this zone.
```
('@' is substituted with '.')


----------



## dpalme (Nov 8, 2009)

ahhh got it, sorry its been a while since I have messed with this.

Thanks a bunch my friend!


----------



## dpalme (Nov 8, 2009)

If I might ask one final followup question, as a basic DB format, do you see any issues with this layout?

```
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

dougpalme.com.           IN NS   ns.dougpalme.com.
mail.dougpalme.com.      IN A    64.150.176.124
[url]www.dougpalme.com[/url].       IN CNAME       dougpalme.com. 
ns.dougpalme.com.        IN A    664.150.176.124 
dougpalme.com.           IN A    66.226.76.185
dougpalme.com.           IN MX  10 mail.dougpalme.com.
```


----------



## DutchDaemon (Nov 8, 2009)

The *@* sign is actually the domain name. It is derived from the entry in named.conf pointing to this zonefile.


----------



## DutchDaemon (Nov 8, 2009)

You could actually use


```
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

[rest of records]
```

but that's just a detail. Looks fine otherwise, though I believe the serial number is usually 10 characters long (yyyymmdd##).


----------



## SirDice (Nov 8, 2009)

IIRC bind will actually add that $TTL in there if you don't have it. It will also add an $ORIGIN.

The full detailed version would look something like:

```
$ORIGIN .
$TTL 86400   ; 1 day
@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

$ORIGIN dougpalme.com.
[rest of the records]
```


----------



## crsd (Nov 8, 2009)

Will not @ in your version's SOA denote current origin, "."?


----------



## DutchDaemon (Nov 8, 2009)

See the link I posted earlier:



> The symbol @ is used in BIND to denote zone root (which is sometimes also called the zone apex. The value substituted for @ is either:
> 
> * The last $ORIGIN directive encountered in the file. OR
> * If no $ORIGIN directive is present - BIND synthesizes one from the value of the zone name in the named.conf file , for example:


----------



## aragon (Nov 8, 2009)

SirDice said:
			
		

> The full detailed version would look something like:
> 
> ```
> $ORIGIN .
> ...



I suspect you mean:

```
$ORIGIN com.
$TTL 86400   ; 1 day
dougpalme       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        20091108001      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                        IN NS   ns.dougpalme.com.

$ORIGIN dougpalme.com.
[rest of the records]
```


----------



## DutchDaemon (Nov 8, 2009)

I don't think so. If you look in an expanded secondary zonefile, you will generally see three types of origin:

zone root (.)
domain (domain.com.)
hostname/subdomain (host.domain.com., sudomain.host.domain.com., etc.)


----------



## dpalme (Nov 8, 2009)

Ok, 
I made the slight change and here is what it looks like now:

```
$TTL    86400

@       IN      SOA     ns.dougpalme.com. dpalme.dougpalme.com. (
                        2009110801      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                         IN NS   ns.dougpalme.com.
mail.dougpalme.com.      IN A    64.150.176.124
www.dougpalme.com.       IN CNAME       dougpalme.com. 
ns.dougpalme.com.        IN A    664.150.176.124 
dougpalme.com.           IN A    66.226.76.185
dougpalme.com.           IN MX  10 mail.dougpalme.com.
```


----------



## dpalme (Nov 8, 2009)

So do I really need to add the $ORIGIN entries?


----------



## DutchDaemon (Nov 8, 2009)

No, they're not strictly necessary, the @ will take care of it.


----------



## DutchDaemon (Nov 8, 2009)

Oh, and assuming you're not in a different IP universe, I advise you to drop the 664. network


----------



## aragon (Nov 8, 2009)

dpalme said:
			
		

> So do I really need to add the $ORIGIN entries?


I do because I believe it is good practice, except I do other things differently too.  My equivalent of your zone would be something like:


```
$ORIGIN dougpalme.com.
$TTL    1D

@              IN     SOA    ns.dougpalme.com. dpalme.dougpalme.com. (
                                20091108001 1H 30M 7D 12H )
               IN     NS     ns
               IN     A      66.226.76.185
               IN     MX     10 mail

mail           IN     A      64.150.176.124
www            IN     CNAME  @
ns             IN     A      664.150.176.124
```


----------



## aragon (Nov 8, 2009)

DutchDaemon said:
			
		

> Oh, and assuming you're not in a different IP universe, I advise you to drop the 664. network


Yes 

Expire should be much longer too.  Try 7D.


----------



## dpalme (Nov 8, 2009)

LOL Dutchman you are ok 

Aragon:
I plan on bumping the expire up once I have everything up and running smoothly.  Previous experience taught me to always drop the TTL's etc down to 1 hour while making config changes such as a new server, once I know that everything is up and running I bump it back up.


----------



## dpalme (Nov 8, 2009)

I appreciate everyone's assistance and help, it is greatly appreciated.  One final question:

In the named.conf file I have an old entry as follows:

```
zone "dougpalme.com" {
        type master;
        file "dougpalme.com";
        allow-transfer {
                66.226.76.185;
                66.226.72.77;
                common-allow-transfer;
        };
};
```
I understand what master is, the file, etc.  Allow transfer if I am not mistaken is specifying which name servers I will transfer the zone file to; what I am not sure about is the common-allow-transfer.  I do not recall seeing that before.  A short explanation would be greatly appreciated.

Thanks again everyone, you have been most helpful.

Douglas


----------



## aragon (Nov 8, 2009)

dpalme said:
			
		

> Allow transfer if I am not mistaken is specifying which name servers I will transfer the zone file to; what I am not sure about is the common-allow-transfer.


allow-transfer specifies which name servers are allowed to transfer the zone from you.

common-allow-transfer is probably an ACL.  Look further up in named.conf for an acl {} block called common-allow-transfer.


----------



## dpalme (Nov 9, 2009)

It does not appear that named is either started or working correctly, since a netsat -an does not show it listening on port 53.

I did add a named_enable="YES" to the /etc/rc.conf and then did a KILLALL -HUP inetd to restart inetd, however that did not seem to do anything.

I know I am probably missing something very simple, but a suggestion or two would be helpful.

I have the zone file(s) modified and ready, just need to figure out why named is not listening on port 53 yet.


----------



## dpalme (Nov 9, 2009)

I got it...... needed to add the entry to resolv.conf


----------



## DutchDaemon (Nov 9, 2009)

Right, named does not start from inetd (maybe in that 664. network/universe), so restarting that won't help. Modern systems usually don't run anything much from inetd anymore, so if you don't need that, don't run it ...

Named is started using [cmd=]/etc/rc.d/named start[/cmd].

And I'm going to nudge you in the direction of using 
	
	



```
tags[/url] around system output (like zone files, configuration file snippets, etc.) because I don't want to keep editing your posts forever ...
```


----------



## dpalme (Nov 9, 2009)

My apologies for my ignorance on the tags Dutch, I will certainly make an effort to remember that for the future 

Thanks again for all the help today.

Douglas


----------



## dpalme (Nov 9, 2009)

how do I mark this as solved, closed, etc.?


----------



## SirDice (Nov 9, 2009)

dpalme said:
			
		

> how do I mark this as solved, closed, etc.?



Edit your first post in this thread.


----------

