Andrew Hudson - Fedora™ Unleashed, 2008 edition

| ;; MSG SIZE sent: 17 rcvd: 436

----------

The zone 0.0.127.in-addr.arpasection in named.confsays that we are a master nameserver for that zone and that the zone data is in the file 127.0.0. Before examining the first real zone file in detail, look at the general format of a RR specification:

name TTL class type data

Here, name is the DNS name with which this record is associated. In a zone file, names ending with a . are fully qualified, whereas others are relative to the name of the zone. In the zone example.com, foo refers to the fully qualified name foo.example.com. The special name @ is a short form for the name of the zone itself. If the name is omitted, the last specified name is used again.

The TTL (Time To Live) field is a number that specifies the time for which the record can be cached. This is explained in greater detail in the discussion of the SOArecord in the next section. If this field is omitted, the default TTLfor the zone is assumed. TTLvalues are usually in seconds, but you can append an mfor minutes, hfor hours, or dfor days.

BIND supports different record classes, but for all practical purposes, the only important class is IN, for Internet. If no class is explicitly specified, a default value of INis assumed; to save a little typing, we do not mention the class in any of the zone files we write here.

The type field is mandatory and names the RR in use, such as A, NS, MX, or SOA. (We use only a few of the existing RRs here. Consult the DNS standards for a complete list.)

The data field (or fields) contains data specific to this type of record. The appropriate syntax will be introduced as we examine the use of each RR in turn.

Here is the zone file for the 0.0.127.in-addr.arpazone:

----------

| $TTL 2D

| @ SOA localhost. hostmaster.example.com. (

| 2001090101 ; Serial

| 24h ; Refresh

| 2h ; Retry

| 3600000 ; Expire (1000h)

| 1h) ; Minimum TTL

| NS localhost.

| PTR localhost.

----------

The $TTLdirective that should begin every zone file sets the default minimum time to live for the zone to two days. This is discussed further in the next section.

The second line in the zone file uses the special @ name that you saw earlier. Here, it stands for 0.0.127.in-addr.arpa, to which the SOA(Start of Authority) record belongs. The rest of the fields (continued until the closing parenthesis) contain SOA-specific data.

The first data field in the SOArecord is the fully qualified name of the master nameserver for the domain. The second field is the email address of the contact person for the zone. Replacing the @sign with a .writes it as a DNS name; foo@example.com would be written as foo.example.com(note the trailing .).

Do not use an address such as a.b@example.com because it is written as a.b.example.comand will later be misinterpreted as a@b.example.com.

It is important to ensure that mail to the contact email address specified in the SOAfield is frequently read because it is used to report DNS setup problems and other potentially useful information.

The next several numeric fields specify various characteristics of this zone. These values must be correctly configured, and to do so, you must understand each field. As shown in the comments (note that zone file comments are not the in the same syntax as named.confcomments), the fields are serial number, refresh interval, retry time, expire period, and minimum TTL.

Serial numbers are 32-bit quantities that can hold values between 0 and 4,294,967,295 (2³²-1). Every time the zone data is changed, the serial number must be incremented. This change serves as a signal to slaves that they need to transfer the contents of the zone again. It is conventional to assign serial numbers in the format YYYYMMDDnn; that is, the date of the change and a two-digit revision number (for example, 2007060101). For changes made on the same day, you increment only the revision. This reasonably assumes that you make no more than 99 changes to a zone in one day. For changes on the next day, the date is changed and the revision number starts from 01 again.

The refresh interval specifies how often a slave server should check whether the master data has been updated. It has been set to 24 hours here, but if the zone changes often, the value should be lower. Slaves can reload the zone much sooner if both they and the master support the DNS NOTIFYmechanism, and most DNS software does.

The retry time is relevant only when a slave fails to contact the master after the refresh time has elapsed. It specifies how long it should wait before trying again. (It is set to two hours here.) If the slave is consistently unable to contact the master for the length of the expire period (usually because of some catastrophic failure), it discards the zone data it already has and stops answering queries for the zone. Thus, the expire period should be long enough to allow for the recovery of the master nameserver. It has been repeatedly shown that a value of one or two weeks is too short. One thousand hours (about six weeks) is accepted as a good default.

As you read earlier, every RR has a TTLfield that specifies how long it can be cached before the origin of the data must be consulted again. If the RR definition does not explicitly specify a TTL value, the default TTL(set by the $TTLdirective) is used instead. This enables individual RRs to override the default TTLvalue as required.

The SOA TTL, the last numeric field in the SOA record, is used to determine how long negative responses ( NXDOMAIN) should be cached. (That is, if a query results in an NXDOMAINresponse, that fact is cached for as long as indicated by the SOA TTL.) Older versions of BIND used the SOAminimum TTLto set the default TTL, but BIND 9 no longer does so. The default TTLof 2(two days) and SOATTL of 1(one hour) are recommended for cache friendliness.

The values used previously are good defaults for zones that do not change often. You might have to adjust them a bit for zones with different requirements. In that case, the website at http://www.ripe.net/docs/ripe-203.html is recommended reading.

The next two lines in the zone file create NSand PTRrecords. The NS record has no explicit name specified, so it uses the last one, which is the @of the SOArecord. Thus, the nameserver for 0.0.127.in-addr.arpais defined to be localhost.

The PTRrecord has the name 1, which becomes 1.0.0.127.in-addr.arpa(which is how you write the address 127.0.0.1as a DNS name). When qualified, the PTRrecord name 1becomes localhost. (You will see some of the numerous other RR types later when we configure our nameserver to be authoritative for a real domain.)