[conspire] DNS zonefile SOA detals, and addressing the public

Rick Moen rick at linuxmafia.com
Tue Apr 2 12:35:29 PDT 2013


Quoting Ruben Safir (ruben at mrbrklyn.com):

> I think it is all fixed but maybe my soa line is messed up in bind.  I
> think I misunderstood what that line is supposed to be.
> 
> I hate that line.  Its syntax was determined by a bingo parlor caller.

I can help you with that.  Let me quote mine from
/etc/bind/linuxmafia.com.zone[1]

@       IN      SOA     ns1.linuxmafia.COM.  rick.deirdre.NET. (
                        2010062201              ; serial
                        7200                    ; refresh 2 hours
                        3600                    ; retry 1 hour
                        2419200                 ; expire 28 days
                        10800                   ; negative TTL 3 hours
                        )     


@ :  macro that expands to the value of $ORIGIN, in this case
  'linuxmafia.com.'.
IN :  class value = Internet
SOA :  reference record type Start of Authority
ns1.linuxmafia.COM. :  FQDN of the host where master DNS for the zone resides.
rick.deirdre.NET. :  e-mail address of the person responsible for
  administration of the zone's DNS contents, with the '@' transformed
  into a period to avoid software parsing problems.  Note that I am careful
  to specify an out-of-band means of contact.
2010062201 : zone serial number in conventional syntax YYYYMMDDnn.
  Although any positive integer is a valid S/N, and the only iron
  rule is S/Ns should[2] keep going up, this syntax is best practices.
SOA refresh = 7200:  RFC1912 2.2 recommends a value between 1200 and
  43200 seconds (20 minutes to 12 hours)). This value determines how often
  secondary/slave nameservers check with the master for updates.
SOA retry = 3600 : The retry value is the amount of time your
  secondary/slave nameservers will wait to contact the master nameserver
  again if the last attempt failed.
SOA expire = 2419200 : RFC1912 suggests 2-4 weeks.  This is how long a
  secondary/slave nameserver will wait before considering its DNS data
  stale if it can't reach the primary nameserver.
  SOA negative TTL = 10800 : RFC2308 suggests a value of 1-3 hours. This
  value used to determine the default (technically, minimum) TTL
  (time-to-live) for DNS entries, but now is used for negative caching.

More at:  http://www.zytrax.com/books/dns/ch8/soa.html
Which, mind you, is in the 'DNS Tutorial' I just got through suggesting
you read.


> I have to do the slave here as well.

I have no idea what you mean by that.

> I'll forward all the messages to conspire tonight.

Please stop and think before 'forwarding all the messages to Conspire'.
Let's back up and consider the surrounding context. 


I've worked in Unix technology since the 1980s, so solving technical
problems is what I get paid for.  I normally do not give away for free
what I do for a living, any more than you are willing to be a pharmacist
for free on nights and weekends when friends or strangers find it
convenient to ask you questions and get your help on matters that are
part of your day job.  (If you happen to be OK with being a
pharmacist-for-free for friends and random strangers at their
convenience, I have no objection, but you should not expect that
attitude from others.)

As an exception to the general rule, I _am_ glad to help people with
open-source Linnx/BSD problems because that helps build and perpetuate
the body of understanding and the community that has helped me,
particularly when I was just starting -- _provided_ it occurs at my
convenience, at my opinion, on reasonable occasions during my spare
time.

You telephoned me at 10:45 AM on Monday.  Do you remember what I said?
I said 'I cannot talk to you now.'  Can you figure out why?  That was
because 10:45 AM on a Monday is absolutely the busiest time of my entire
work-week.  Clue:  I am not a man of leisure, let alone one you've put
on retainer.  I work for a living.

Kindly don't telephone me again at 10:45 AM on a workday Monday unless
somebody is dying, on fire, or both.  And also:  Sending me technical
questions in private mail to benefit you alone is called 'consulting',
and it's polite to not chew up much of a professional's time without
offering to pay high hourly consulting rates.  

Also:  Honestly did you have no alternative to asking _me_ (in private
mail) what DNSSEC is?  What am I, friggin' Wikipedia?  For gosh sakes,
Ruben, at least do a friggin' Web search before lobbing off a lazy
question to a very busy person during his work hours.

Show a little respect for others' time, and at least bother to
Web-search things before you ask other people to explain them to you.
After Web-searching, you can and should then say (in your query) that
you tried to get the answer, and be specific about the parts that still
puzzle you.  (People like me are -much- happier about helping first the
people who attempt to help themselves.)

Getting back to forwarding to mailing lists:  The spirit of community
and perpetuating the understanding of Linux and open source is best
served by holding discussions _of public interest_ there in the first
place.  The next best thing, if you find yourself in private mail and
suddenly remember to be public minded and respectful of the other
person's time, might be to forward useful parts of the discussion that
are _of public intersest_.

So, before lobbing a bunch of private mail to Conspire, kindly ask
yourself:  Is this of public interest?  Am I snipping the parts that
aren't, and maybe annotating it so it's useful to others?

But, for the love of all that's holy, do not just 'forward all the
messages to Conspire'.  That would be obnoxious and clueless.

Thank you.



[1] A a reminder, I make a full set of example files available at 
http://linuxmafia.com/pub/linux/network/bind9-examples-linuxmafia.tar.gz

[2] Going down in S/N value is possible but difficult.




More information about the conspire mailing list