[conspire] AWS & DNS SOA serial numbers

[Michael Paoli]

Ah, yes.  The way you describe it, and I've seen AWS's DNS
described elsewhere, definitely sounds very much like
some database backed system.  Whether they're using
PowerDNS Authoritative Server = pdns ... or more-or-less
"reinvented" something quite similar themselves, the
behavior sounds quite similar.  That certainly would
explain a fair bit of it.

Thanks for the information!

> Date: Tue, 11 Oct 2016 04:16:06 -0700
> From: Rick Moen <rick at linuxmafia.com>
> To: conspire at linuxmafia.com
> Subject: Re: [conspire] AWS & DNS SOA serial numbers
>
> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
>> Then, when DNS data in the zone is changed, ... uhm, yeah, AWS doesn't
>> update the SOA serial number.  I've noticed this for a while.  Finally
>> checked into it a bit further, and found:
>> https://forums.aws.amazon.com/message.jspa?messageID=221157
>>
>> So ... kind'a funky & different?  Definitely.
>> Technically (in)correct?  Not fully sure, I might have to recheck some
>> RFCs to definitively answer that.
>
> It's technically correct -- but irritating.
>
> Usually, this is a sign of the provider using PowerDNS Authoritative
> Server = pdns (or one of the proprietary packages of similar design), in
> which everything's in an SQL back-end database.  I've admined pdns for a
> living, and that's one of its main peculiarities.  Because all changes
> are implemented in atomic fashion via database row updates, and because
> records are shared around the pdns cluster via SQL replication rather
> than AXFR/IXFR, the SOA S/N is deemed superfluous and normally goes
> unchanged and disregarded.
>
> pdns has some sort of optional facility do do AXFR/IXFR to and from
> external non-pdns nameservers, in which case I assume and hope it then
> pays closer attention to SOA S/N, but I've never had occasion to look up
> details.
>
> (Greetings from the Gare de Lyon, Paris.)