DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <dnsop@cafax.se>
From: Sam Trenholme <namedroppers@artemas.reachin.com>
Date: Sat, 21 Apr 2001 00:35:02 -0700 (PDT)
Sender: owner-dnsop@cafax.se
Subject: Tips for DNS zone administration


Hello there,

I am writing up a page on DNS zone administration.  The page can be found
here:

	http://www.maradns.org/dns_admin_tips.html

I was wondering what other tips people have, and what improvments can be
made to the tips here.

For people withour ready web access, here is the page:


Some DNS zone management tips

     * The TTL for a host entry should be the same size or larger than
       the SOA Minimum TTL for the zone.
     * Just because the offending data is no longer in your zone does not
       mean other people can contact the site in question: The old record
       will float around in other caches for a while.
     * Never have the same computer names used for NS records for your
       domain be used for anything else, such as MX records or CNAME
       records.
     * If possible, make the TTLs for the NS records for your domain as
       long as possible (604800 seconds--one week, is a good number).
       This will speed up accesses to your domain, since caches will not
       have to query the root servers as often before querying your name
       servers.
     * Never have a MX point to a CNAME records. Some MTAs refuse to send
       mail if the domain is so configured.
     * Never have a CNAME record and any other record use the same host
       name. This will confuse caching nameservers, which usually assume
       that a CNAME record applies to all record types for a given host
       name.
     * Avoid using CNAME records--they can increase the number of DNS
       queries needed to resolve a given host name.
     * MX, NS, and CNAME records should point to host names, not IPs.
       Something like "example.com IN MX 10 192.168.0.64." will not work
       with BIND. Note, however, that both DjbDNS and MaraDNS support
       this kind of construct.
     * Try to have one NS server for your domain be "in baliwick". If you
       have the domain "example.com", for example, then it is best if one
       of the NS servers is "ns.example.com", or, DJ Bernstein's favorite
       "a.ns.example.com". Today, this is only a real issue if, for
       example, you have "example.com" with the name servers
       "a.ns.example.com.ar" and "b.ns.example.com.ar". These NS entries
       slow down access to your domain--a resolver with an empty cache
       now requires 7 instead of 3 queries to resolve names in the
       domain--more if example.com.ar uses out-of-baliwick NS servers.

Follow-Ups:
- Re: Tips for DNS zone administration
  - From: Jaap Akkerhuis <jaap@sidn.nl>
- Re: Tips for DNS zone administration
  - From: "Cricket Liu" <Cricket@verisign.com>
- Re: Tips for DNS zone administration
  - From: Mats Dufberg <dufberg@nic-se.se>
- Re: Tips for DNS zone administration
  - From: Randy Bush <randy@psg.com>

Prev by Date: gTLD server losses
Next by Date: Re: Tips for DNS zone administration
Prev by thread: gTLD server losses
Next by thread: Re: Tips for DNS zone administration
Index(es):
- Date
- Thread

Home | Date list | Subject list