0

I am aware that the primary server listed in SOA record has to be valid for DDNS to work.

Is anyone aware of any other application that uses the SOA listed primary DNS server in one way or the other?

By a fake primary server I mean either:

  • Inaccessible by anything else other than secondary servers (this is called hidden primary correct? unsure).

  • A completely fake domain name like dig +short soa spamhaus.org

Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148

2 Answers2

1

It's pretty much the only thing that that field is used for. Some foolish superdomain owners or content DNS server checking tools try to cross-check the value of that field, but they are wrong to do so.

JdeBP
  • 3,990
  • 18
  • 17
0

What do you mean by fake? Non-existent server or a public secondary in front of a hidden master? I can't see any issues with having it as a public secondary. However if it's straight out non-existent, there's plenty of CCTLDs that check the SOA and NS records before letting you change the NS servers, and their systems probably will throw a hissy fit.

Niall Donegan
  • 3,869
  • 20
  • 17
  • I mean just a completely fake domain with a fake TLD. For example: `dig soa spamhaus.org` – Belmin Fernandez Jan 08 '11 at 14:39
  • PIR (.org registry) don't do SOA/NS checks when you change the name servers which is probably why it can be done. According to RFC 1035, if you look at the SOA RDATA format section, it should be "The of the name server that was the original or primary source of data for this zone.". Possibly in the case of Spamhaus, they just don't want their hidden master(s?) DDOSed so they simply don't announce it. – Niall Donegan Jan 08 '11 at 14:49