Recommendations for DNS
- Date: Thu, 14 May 1998 16:14:15 +0200 (MET DST)
Greetings
This is one of the actionspoints from RIPE-28, to present easy and short
recommendations for setting up a DNS.
I presented this for the DNS WG on RIPE-29.
Any suggestions or remarks will still be very welcomed.
Especially the times for the SOA records.
Otherwise I recommend that we move forward to make this a RIPE-document.
DNS recommendations.
By:
Hans Niklasson hasse@localhost
Amar Andersson amar@localhost
Scope:
This documents act as a recommendation for configuring your DNS. This is
NOT a requirement, only a recommendation of things to think about when
setting up your DNS.
Purpose:
To decrease lame delegations and limit unecessary traffic due to resolving
problems, among other things.
Records:
-----------------------------------------------------------------------------
SOA The address in this field must be a valid e-mail address to the
administrator for the DNS.
*** It's also good practise to have role address instead of
personal, ie root.. admin.. hostmaster..
(when domain-administrator is leaving your company, you
only change the alias for role address).
Ex:
domain.xx. 3600 SOA dns.domain.xx admin.domain.xx.
SERIAL Serial number should follow this format: YYYYMMDDXX
( year.year.year.year.month.month.day.day.nr.nr ),
where XX is the number of the latest update of the zone in the
same day. (Year 2000 is near.)
Ex:
1998010101 ; serial
TTL A good balance of this will reduce unecessary traffic between
nameservers.
Ex:
28800 ; refresh (8 hours)
7200 ; retry (2 hour)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
MX When pointing a domain to a mailserver/hostname, donīt forget to
add a glue record ( A ) for this.
Ex:
domain.xx. 86400 MX 10 mail.domain.xx.
mail.domain.xx 86400 A 192.168.0.1
CNAME Use this with percausion. It is *not* recommended to use a CNAME
for a mailservers hostname, as this can cause resolving problems
and mailloops.
A A gluerecord can only point to an IP address.
PTR This is used for reverse lookup of the IP address to a hostname
within the zone. Make sure that your PTR records and A records
match. For each A record there has to be a PTR record, and vice
versa.
More tips:
Unecessary glue data:
Donīt add unecessary glue data about hosts that is not within the
zone. This can cause resolving problems if the host changes IP
address.
Ex:
domain.xx. 86400 MX 10 mail.server.xx.
mail.server.xx 86400 A 192.168.0.1
Trailing dots:
Donīt forget to add a "." at the end of the domain/
hostname. If this is forgotten, this will make the DNS to add the
domain name to the domain/hostname again. This will cause
resolving problems.
Ex:
domain.xx. 86400 MX 10 mail.domain.xx.domain.xx.
Illegal characters:
Only a-z , 0-9 and - is valid to use. All other characters is
illegal and can cause the resolving to fail.
General Points:
Use the latest version of the DNS software for your platform.
Check for updates regulary, as new versions has the latest
solutions and information.
Additional reading and references:
RFC1537 ( RFC1912 )
( Common DNS Operational and Configuration Errors )
"DNS & BIND 2nd Edition" by Paul Albitz & Cricket Liu
from OīReilly & Associates Inc.
ftp://ftp.ripe.net/internet-drafts/draft-ietf-dnsind-classless-
inaddr-04.txt
( For reverse delegation methods for blocks smaller than /24,
256 addresses )
http://www.dns.net/dnsrd/
( DNS Resources Directory )
/Hans Niklasson
-----------------------------------------------------------------
SWipNet - The Swedish IP Network
|
you are here: RIPE -> RIPE Maillists > Archives
