Hello Frank,
Sun, 17 Aug 2008 19:20:45 +0200 Frank Behrens wrote: >> Assuming that all of your 3 secondaries have a good Internet >> connectivity, I suggest you to establish a so-called "an unpublished >> primary" scheme. The necessary steps are: >> 1. Remove your master server from the NS records in your zone file; >> 2. Choose one of your slave servers and put its host name in the SOA >> record replacing the master server name; > > Why should this be done (step 2)? This is just a safety measure. Some registrars and even ccTLD registries require that a name server listed in SOA must be also listed in the NS record set. The same behavior is demonstrated by some DNS validation software including several online tools. Sounds like that this requirement isn't based on any RFC except RFC 883, page 33, para 3, sentence 3. The second reason for the step 2 is to maintain a truly "unpublished (stealth) primary" configuration. However, the step 2 can interfere with the dynamic DNS updates and sometimes with the NOTIFY mechanism. Mr. Cricket Liu, the author of "DNS and BIND", has commented this problem at http://www.menandmice.com/knowledgehub/dnsqa/20 . So it's up to an administrator whether to completely hide the real primary or not. -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/
