[Pdns-users] SOA and trailing/terminating dots (.)

Jan-Piet Mens jpmens.dns at gmail.com
Mon Mar 9 19:59:23 UTC 2015 

> Here I'm particularly concerned with the part about SOA records. The
> instructions to never terminate the names in the SOA with a trailing
> dot (.) are counter to the instructions for every other DNS software
> and platform I can find, and counter to every "about" page/tutorial I
> can find for SOA records.

If it's any consolation, that irritates the heck out of me as well. ;-)

> Since the SOA doesn't appear to be processed in any way—but rather
> returned to the client unaltered 

No, that's not quite right, they are then dot-terminated.

Actually, I was going to show you an elaborate copy/paste example, but I'm
a bit astonished to find the following example (with trailing dots!) in my
back-end database 

mysql> select type, content from records where domain_id = 2 and type = 'SOA';
+------+--------------------------------------------------------------------------+
| type | content                                                                  |
+------+--------------------------------------------------------------------------+
| SOA  | ns.example.net. hostmaster.example.com. 2015012907 1800 900 604800 86400 |
+------+--------------------------------------------------------------------------+


$ dig +short @192.168.1.114  example.net soa
ns.example.net. hostmaster.example.com. 2015012907 1800 900 604800 86400

Here's one without trailing dots:

mysql> select type, content from records where domain_id = 19 and type = 'SOA';
+------+-----------------------------------+
| type | content                           |
+------+-----------------------------------+
| SOA  | pdns.aa jp.aa 2 1800 900 3600 300 |
+------+-----------------------------------+

$ dig +short @192.168.1.114  po2.aa soa
pdns.aa. jp.aa. 1 1800 900 3600 300

Hmm. When was that changed, I wonder....

(and here comes a ticket, I think ....)

$ pdnssec check-zone po1.aa
Checked 3 records of 'po1.aa', 0 errors, 0 warnings.
$ pdnssec check-zone example.net
Checked 5 records of 'example.net', 0 errors, 0 warnings.

        -JP

More information about the Pdns-users mailing list