This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

Recommendations for DNS

Next message (by thread): Recommendations for DNS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hans Niklasson hasse at swip.net
Tue Sep 22 09:27:00 CEST 1998

Greetings

This is the action point from RIPE-28 thats in the final stage.
I will be presenting this at RIPE-31 this Thursday.
So any comments and suggestions will be looked at if they arrive before
Thursday.
Otherwise I´ll see you there. :)


                              DNS recommendations.
 
 
By:
 
Hans Niklasson <hasse at swip.net>
Amar Andersson <amar at telia.net>
 
 
 
Scope: 
 
This documents act as a recommendation for configuring your DNS. This is
NOT a requirement, only a recommendation of things to think about when
setting up your DNS.
 
Purpose:
 
To decrease lame delegations and limit unecessary traffic due to resolving
problems, among other things.
To have a document for LIR:s to use for their customers instead of a
number of RFC:s.
 
 
Records:
-----------------------------------------------------------------------------
 
SOA      The address in this field must be a valid e-mail address to the
         administrator for the DNS.
         It's also good practise to have role address instead of
         personal, ie root.. admin.. hostmaster.. 
         (when domain-administrator is leaving your company, you 
         only change the alias for role address).
 
Ex:
 
foo.bar.com.        IN      SOA     dns.foo.bar.com admin.foo.bar.com 
 
 
SERIAL   Serial number should follow this format: YYYYMMDDXX 
         ( year.year.year.year.month.month.day.day.nr.nr ),
         where XX is the number of the latest update of the zone in the 
         same day. (Year 2000 is near.)
 
Ex:
 
                  1998010101      ; serial
 
 
TTL      A good balance of this will reduce unecessary traffic between
         nameservers.
 
Ex:
 
                  28800   ; refresh (8 hours)
                  7200    ; retry (2 hour)
                  1209600 ; expire (14 days)
                  86400 ) ; minimum (1 day)
 
MX       When pointing a domain to a mailserver/hostname, do not forget
         to add a record ( A ) for this.
 
Ex:
 
foo.bar.com.        IN    MX      10 mail.foo.bar.com.
 
mail.foo.bar.com.   IN    A       192.168.0.1
 
 
CNAME    Use this with caution. It is *not* recommended to use a CNAME
         for a mailservers hostname, as this can cause resolving problems
         and mailloops. Also it is not a good thing to use CNAMES on
         nameservers as this will cause unnecessary traffic on the net.
 
A        A record can only point to an IP address.
 
 
PTR      This is used for reverse lookup of the IP address to a hostname
         within the zone. Make sure that your PTR records and A records
         match. For each A record there has to be a PTR record, and vice
         versa.
 
 
More tips:
 
Unecessary glue data:  
        
        Do not add unecessary glue data about hosts that is not within
        the zone. This can cause resolving problems if the host changes IP
        address.
 
Ex:
 
foo.bar.com.        IN    MX      10 mail.foo.bar.com.
 
mail.foo.bar.com.    IN    A       192.168.0.1
 
 
Trailing dots: 
        Do not forget to add a "." at the end of the domain/
        hostname. If this is forgotten, this will make the DNS to add the
        domain name to the domain/hostname again. This will cause
        resolving problems.
 
Ex:
 
11      PTR     foo.test
 
will produce   foo.test.7.42.666.in-addr.arpa.
 
 
Illegal characters: 
        
        Only a-z , 0-9 and - is valid to use. 
        The domain system allows a label to contain any 8-bit character.
        Although the domain system has no restrictions, other protocols
such
        as SMTP do have name restrictions.  Because of other protocol
        restrictions, only the above characters are recommended for use
        in a host name (besides the dot separator). 
 
 
General Points:
 
        Use the latest version of the DNS software for your platform.
        Check for updates regulary, as new versions has the latest
        solutions and information.
 
 
Example on a recommended DNS:
 
foo.bar.com  IN    SOA     ns.foo.bar.com. root.foo.bar.com. (
                        1998081900      ; serial
                        28800   ; refresh (8 hours)
                        7200    ; retry (2 hours)
                        1209600 ; expire (14 days)
                        86400 ) ; minimum (1 day)
foo.bar.com.  IN    NS    ns.foo.bar.com.
 
foo.bar.com.    IN  NS    ns2.foo.bar.com.
 
foo.bar.com.  IN    MX    10 mail.foo.bar.com.
 
www.foo.bar.com.  IN  CNAME www.webhotel.xx.
 
www2.foo.bar.com. IN    A       192.168.0.3
 
ns.foo.bar.com.   IN    A       192.168.0.1
 
ns2.foo.bar.com.  IN    A       192.168.0.4
 
mail.foo.bar.com. IN    A       192.168.0.2
 
localhost       IN    A       127.0.0.1
 
 
Additional reading and references:
 
        RFC1537 ( RFC1912 )
        ( Common DNS Operational and Configuration Errors )
        
        RFC1033-5
 
        RFC2181
 
        "DNS & BIND 3nd Edition" by Paul Albitz & Cricket Liu 
        from OReilly & Associates Inc.
        
        ftp://ftp.ripe.net/internet-drafts/draft-ietf-dnsind-classless-
        inaddr-04.txt
        ( For reverse delegation methods for blocks smaller than /24,
        256 addresses )
 
        http://www.dns.net/dnsrd/
        ( DNS Resources Directory )
 


/Hans Niklasson

-----------------------------------------------------------------
		SWipNet - The Swedish IP Network

Next message (by thread): Recommendations for DNS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]