Duplicate Name Server Records

Submitted by xtremeservices on Tue, 07/31/2012 - 02:09

Hi guys,

Gosh I have been a real bother these past 2 weeks, my apologies.

I have my Cluster Name servers setup as NS1 and NS2 (with more to come).

I want my SOA to be the NS1 host but the only way to do this is by changing the Server Templates->Master DNS server hostname setting. However changing this to be the NS1 hostname causes a duplicate Name Server to be input since the Slave Server hostnames are input automatically as well.

I have tested things at dnscheck.pingdom.com and they check out OK with duplicate NS records. I am just Curious if there is a way around it.

The whole reason I have set things up this way is to keep the physical hosts more secure through obscurity as well as limit delays with DNS updates by keeping the same SOA/Primary Name Server "NS1" during Domain Transfers between Hosts. Is there a benefit to keeping each Virtualmin host as the SOA that I have possibly overlooked?

Thx,

~Jeremy

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Tue, 07/31/2012 - 15:04

Does the hostname in the SOA really matter? I was under the impression that DNS servers don't actually use it for anything ..

Submitted by xtremeservices on Tue, 07/31/2012 - 17:11

Hi Jamie,

It is my understanding "currently" that the SOA record should contain the Primary Master DNS server for the domain and it is optional for a NS record to match the SOA host.

http://www.ietf.org/rfc/rfc2136.txt

Primary Master  master server at the root of the AXFR/IXFR
                      dependency graph.  The primary master is named in
                      the zone's SOA MNAME field and optionally by an NS
                      RR.  There is by definition only one primary master
                      server per zone.

The default setup of Virtualmin follows this except for making the NS record generation of the SOA hostname OPTIONAL.

I believe in my situation where the Public Name Servers are separate from the Virtualmin Host, that this Primary Master Name Server is getting the DNS traffic since it is listed as the first NS record by default, causing an extra Hop when looking up the Website plus fielding public responses to DNS queries.

After re-reading the ietf document, I think my dilemma would be resolved if there were an option to NOT generate a Name server for the "Master DNS Server Hostname". (I think that description in "Server Templates->Bind DNS Domain" should be renamed "Primary Master DNS Server Hostname".) Then I could go back to using the Default setting of the "system's hostname". I believe that the SOA was never my issue to begin with but the NS record for it was. : )

I appreciate your input,

~Jeremy

Submitted by xtremeservices on Wed, 08/01/2012 - 02:28

Hi Jaimie,

After spending much of today thinking more on this, I am in agreement, it really doesn't matter. dig+trace is showing all of the name servers available on my Actual Public NS1 and NS2 server's records and I doubt there is an extra hop to the first NS it finds on the child name server.

I am pretty sure that once the browser gets a response from the "Parent Name Server" ip addresses that it is authoritative, the browser then looks for the proper A record on whichever host it pulled up, instead of continuing to the next NS listed.

I will just keep the Virtualmin defaults for writing the hostname into the SOA and adding a NS record.

~Jeremy