=>> SOA The address in this field must be a valid e-mail address to the =>> administrator for the DNS. =>> It's also good practise to have role address instead of =>> personal, ie root.. admin.. hostmaster.. =>> (when domain-administrator is leaving your company, you =>> only change the alias for role address). = =I would add: "The 'at' ('@') sign of the email address should be =replaced by a dot, e.g. instead of <hostmaster@foo.bar.com>, the =address should be specified as hostmaster.foo.bar.com, as given =in the following example." With regard to the '@' sign hack, I'd rather use 'must' than 'should' :-) On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at ! Wilfried. -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at Computer Center - ACOnet : Tel: +43 1 4277 - 140 33 Vienna University : Fax: +43 1 4277 - 9 140 Universitaetsstrasse 7 : RIPE-DB (&NIC) Handle: WW144 A-1010 Vienna, Austria, Europe : PGP public key ID 0xF0ACB369 --------------------------------------------------------------------------
On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at !
Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at
While this particular hack works, it is a clear violation of the spec. --bill
Like in wilfried\.woeber.univie.ac.at !
While this particular hack works, it is a clear violation of the spec.
Which spec? This is exactly what RFC 1035, sections 5.1 and 5.3, say. However, it will not work properly with older versions of BIND, because between the AXFR and parsing of the zone the secondaries tend to 'forget' the quote. And older versions of dig & friends won't be able to tell whether a particular '.' is the label separator or part of a label. -Peter
Bill Manning <bmanning@ISI.EDU> wrote:
On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at !
Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at
While this particular hack works, it is a clear violation of the spec.
--bill
Which specs? At least this recommendation is part of RFC 1912: 2.2 SOA records In the SOA record of every zone, remember to fill in the e-mail address that will get to the person who maintains the DNS at your site (commonly referred to as "hostmaster"). The `@' in the e-mail must be replaced by a `.' first. Do not try to put an `@' sign in this address. If the local part of the address already contains a `.' (e.g., John.Smith@widget.xx), then you need to quote the `.' by preceding it with `\' character. (e.g., to become John\.Smith.widget.xx) Alternately (and preferred), you can just use the generic name `hostmaster', and use a mail alias to redirect it to the appropriate persons. There exists software which uses this field to automatically generate the e-mail address for the zone contact. This software will break if this field is improperly formatted. It is imperative that this address get to one or more real persons, because it is often used for everything from reporting bad DNS data to reporting security incidents. Andreas ________________________________________________________________________ Andreas Papst | E-Mail: andreas.papst@univie.ac.at | Phone: Vienna University Computer Center | +43 1 4277 / 140 36 Universitaetsstrasse 7 | Fax.: A-1010 Vienna, Austria, Europe | +43 1 4277 / 9 140
Bill Manning <bmanning@ISI.EDU> wrote:
On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at !
Wilfried Woeber : e-mail: Woeber@CC.UniVie.ac.at
While this particular hack works, it is a clear violation of the spec.
--bill
Which specs? At least this recommendation is part of RFC 1912:
2.2 SOA records
In the SOA record of every zone, remember to fill in the e-mail address that will get to the person who maintains the DNS at your site (commonly referred to as "hostmaster"). The `@' in the e-mail must be replaced by a `.' first. Do not try to put an `@' sign in this address. If the local part of the address already contains a `.' (e.g., John.Smith@widget.xx), then you need to quote the `.' by preceding it with `\' character. (e.g., to become John\.Smith.widget.xx) Alternately (and preferred), you can just use the generic name `hostmaster', and use a mail alias to redirect it to the appropriate persons. There exists software which uses this field to automatically generate the e-mail address for the zone contact. This software will break if this field is improperly formatted. It is imperative that this address get to one or more real persons, because it is often used for everything from reporting bad DNS data to reporting security incidents.
Andreas
Ok, I was overly zelous in my reading of RFC1035. I like what Dave has published in RFC1912. --bill
On top of that, I suggest to clearly describe the requirement to quote any "leading" dot(s) that are *not* supposed to be converted to an '@' character. Like in wilfried\.woeber.univie.ac.at !
and add a warning that, at least with versions of BIND before 4.9.3 and perhaps some of the usual tools, this does not always work as expected, so you better avoid having a dot in the username part if possible. Berthold Paffrath
participants (6)
-
andreas.papst@univie.ac.at -
Berthold Paffrath -
Bill Manning -
bmanning@ISI.EDU
-
Peter Koch -
Wilfried Woeber, UniVie/ACOnet