Greetings This is one of the actionspoints from RIPE-28, to present easy and short recommendations for setting up a DNS. I presented this for the DNS WG on RIPE-29. Any suggestions or remarks will still be very welcomed. Especially the times for the SOA records. Otherwise I recommend that we move forward to make this a RIPE-document. DNS recommendations. By: Hans Niklasson <hasse@swip.net> Amar Andersson <amar@telia.net> Scope: This documents act as a recommendation for configuring your DNS. This is NOT a requirement, only a recommendation of things to think about when setting up your DNS. Purpose: To decrease lame delegations and limit unecessary traffic due to resolving problems, among other things. Records: ----------------------------------------------------------------------------- SOA The address in this field must be a valid e-mail address to the administrator for the DNS. *** It's also good practise to have role address instead of personal, ie root.. admin.. hostmaster.. (when domain-administrator is leaving your company, you only change the alias for role address). Ex: domain.xx. 3600 SOA dns.domain.xx admin.domain.xx. SERIAL Serial number should follow this format: YYYYMMDDXX ( year.year.year.year.month.month.day.day.nr.nr ), where XX is the number of the latest update of the zone in the same day. (Year 2000 is near.) Ex: 1998010101 ; serial TTL A good balance of this will reduce unecessary traffic between nameservers. Ex: 28800 ; refresh (8 hours) 7200 ; retry (2 hour) 604800 ; expire (7 days) 86400 ) ; minimum (1 day) MX When pointing a domain to a mailserver/hostname, don´t forget to add a glue record ( A ) for this. Ex: domain.xx. 86400 MX 10 mail.domain.xx. mail.domain.xx 86400 A 192.168.0.1 CNAME Use this with percausion. It is *not* recommended to use a CNAME for a mailservers hostname, as this can cause resolving problems and mailloops. A A gluerecord can only point to an IP address. PTR This is used for reverse lookup of the IP address to a hostname within the zone. Make sure that your PTR records and A records match. For each A record there has to be a PTR record, and vice versa. More tips: Unecessary glue data: Don´t add unecessary glue data about hosts that is not within the zone. This can cause resolving problems if the host changes IP address. Ex: domain.xx. 86400 MX 10 mail.server.xx. mail.server.xx 86400 A 192.168.0.1 Trailing dots: Don´t forget to add a "." at the end of the domain/ hostname. If this is forgotten, this will make the DNS to add the domain name to the domain/hostname again. This will cause resolving problems. Ex: domain.xx. 86400 MX 10 mail.domain.xx.domain.xx. Illegal characters: Only a-z , 0-9 and - is valid to use. All other characters is illegal and can cause the resolving to fail. General Points: Use the latest version of the DNS software for your platform. Check for updates regulary, as new versions has the latest solutions and information. Additional reading and references: RFC1537 ( RFC1912 ) ( Common DNS Operational and Configuration Errors ) "DNS & BIND 2nd Edition" by Paul Albitz & Cricket Liu from O´Reilly & Associates Inc. ftp://ftp.ripe.net/internet-drafts/draft-ietf-dnsind-classless- inaddr-04.txt ( For reverse delegation methods for blocks smaller than /24, 256 addresses ) http://www.dns.net/dnsrd/ ( DNS Resources Directory ) /Hans Niklasson ----------------------------------------------------------------- SWipNet - The Swedish IP Network