Hello
I quite often stumble over DNS entries without SOA.
$ dig hamedicshopere.ru
; <<>> DiG 9.5.1-P3 <<>> hamedicshopere.ru ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58271 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;hamedicshopere.ru. IN A
;; ANSWER SECTION: hamedicshopere.ru. 300 IN A 109.196.142.11
;; AUTHORITY SECTION: hamedicshopere.ru. 343295 IN NS ns2.dnssubmit.com. hamedicshopere.ru. 343295 IN NS ns1.dnsonic.com.
;; ADDITIONAL SECTION: ns2.dnssubmit.com. 108 IN A 109.196.142.11 ns1.dnsonic.com. 108 IN A 109.196.142.12
Let's try to find the hostmaster or serial or whatever of that zone:
$ dig SOA hamedicshopere.ru
; <<>> DiG 9.5.1-P3 <<>> SOA hamedicshopere.ru ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64992 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;hamedicshopere.ru. IN SOA
;; AUTHORITY SECTION: ru. 300 IN SOA ns1.ru. root.ru. 2010092811 3600 900 604800 1200
Hmm, no soa returned...
$ host -t soa hamedicshopere.ru ;; connection timed out; no servers could be reached
$ host kjhsdf.hamedicshopere.ru ns1.dnsonic.com. Using domain server: Name: ns1.dnsonic.com. Address: 109.196.142.12#53 Aliases:
kjhsdf.hamedicshopere.ru has address 109.196.142.11
Well, one server is reachable and apparently has a wildcard entry for the hosts of that zone. But I also don't get the SOA information:
$ host -t soa hamedicshopere.ru ns2.dnssubmit.com. ;; connection timed out; no servers could be reached
a dig +trace also ends at the ru. SOA and entries pointing to the two NS.
So what is broken with that zone (and many many more ru. and cn. zones). Or is it OK for a DNS Server not to return any SOA information? Isn't that mandatory?
Mit freundlichen GrĂ¼ssen
Benoit Panizzon
On 04.10.10 15:04, Benoit Panizzon wrote:
Hello
I quite often stumble over DNS entries without SOA.
Indeed, this also new for me. at least BIND won't serve zones without SOA-Record..
Found something about it here: REDUCIBLE COMPLEXITY IN DNS http://www.iadis.net/dl/final_uploads/200817L019.pdf
Just a quote here:
"Zones without SOA or wrong SOA We were surprised to see that there are zones without SOA RRs, e.g., 888melody.info. This strengthens our claim that one could use DNS without any SOA records. SOA RRs are useless since email address can be found in RP (responsible person RR) and timings are not longer needed since the notification mechanism is used by default. The start of zone can be determined through delegation from a parent zone. As seen in the previous section, the name server is also actually considered optional."
Beat
On Mon, 04 Oct 2010 19:02:04 +0200, Beat Siegenthaler beat.siegenthaler@beatsnet.com said:
On 04.10.10 15:04, Benoit Panizzon wrote:
Hello
I quite often stumble over DNS entries without SOA.
Indeed, this also new for me. at least BIND won't serve zones without SOA-Record..
Found something about it here: REDUCIBLE COMPLEXITY IN DNS http://www.iadis.net/dl/final_uploads/200817L019.pdf
Just a quote here:
"Zones without SOA or wrong SOA We were surprised to see that there are zones without SOA RRs, e.g., 888melody.info. This strengthens our claim that one could use DNS without any SOA records. SOA RRs are useless since email address can be found in RP (responsible person RR) and timings are not longer needed since the notification mechanism is used by default. The start of zone can be determined through delegation from a parent zone. As seen in the previous section, the name server is also actually considered optional."
Sigh. People who don't really understand DNS should not write documents like this.
For one thing, SOA records are used in the authority section of negative answers to allow caching of such responses.
(And NS records in the child zone are certainly not optional, because the child is authoritative for them, not the parent.)
Just because many people make these mistakes doesn't mean that it's correct.
I quite often stumble over DNS entries without SOA.
In one of their more recent podcasts http://www.ask-mrdns.com/ the hosts Cricket Liu and Matt Larson have discussed the similar question what is the necessary minimum for a zone (file) to be valid. I believe it was around Episode 12 or so. If I remember correctly, they say a zone definition requires at least a SOA and one NS record, at least for BIND, in order to be valid.
May I suggest that you also send your question in to Ask Mr. DNS, as these two seasoned DNS experts are always keen on answering DNS-related questions in their podcasts.
Rolf