Adding Start of Authority records - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

Start of Authority (SOA) records define administrative information for a DNS zone. Every zone you create uses default values for the SOA resource record initially. You must modify these default values.

SOA records aren't configured in the same way as other resource records. The SOA record is configured as a deployment option which can be set at any level where DNS deployment options can be set. If you set the SOA deployment option at configuration, view, or server level, it's inherited by all child levels unless it is overridden at a child level.

Until you create a Start of Authority deployment option, Address Manager uses default parameters based on best practices. When creating a Start of Authority deployment option, you can set the following parameters:
  • primary server
  • administrative contact
  • refresh value
  • expire value
  • minimum value

To add a Start of Authority record at the zone level:

  1. Select the DNS tab in the sidebar, then select Views.
  2. Select the name of a DNS view in the Views table or DNS tree.
  3. Select the name of the zone for which you want to set the SOA record.
  4. Select the Deployment options tab for the zone.
  5. Select New > Start of authority.
    Note: The following section describes how to use the fields on the Create start of authority window to set the SOA serial number. For information on how SOA serial numbers are generated, refer to Reference: Changing the SOA primary server.
    Note: Modifying the Start of Authority serial number may adversely affect the ability to perform zone transfers. If serial numbers on primary and secondary servers aren't set properly, secondary servers may not update their zones. If you are unfamiliar with the requirements of Start of Authority serial numbers, contact BlueCat Customer Care before proceeding.
  6. Under General, set the following parameters:
    • Serial Number Format—select one of the following options:
      • Auto—the serial number is generated and maintained automatically.
      • Date—the serial number is based on the DNS server’s system date with a two-digit suffix added to the date.
      • Manual—the serial number can be typed manually in the Serial number field that is displayed when you select this option.
        Note: Date and Manual aren't recommended for use when the Allow Dynamic Updates DNS deployment option is set for the zone. If the Allow Dynamic Updates DNS deployment option is set for the zone, a warning message appears when you click Create to create the SOA record. To acknowledge the warning and use the Date or Manual setting, select Continue to create the SOA record.
    • Primary server—determines which DNS server should appear as the primary server within the SOA record. Select Auto to use the server with the assigned Primary or AD Integrated Primary deployment role. Select Manual and enter a fully qualified domain name in the field to use a different server.
      Note: DDNS may not work properly if a different server is used.
    • Administrative contact e-mail—enter the e-mail address of the zone administrator.
    • Refresh value—the amount of time that a secondary server waits before attempting to refresh zone files from the primary server. Enter a value in the field and select a unit of time from the drop-down list. RFC 1912 provides the following examples for short and long refresh times:
      • Short refresh time: 20 minutes to 2 hours (1200 to 7200 seconds)
      • Long refresh time: 2 to 12 hours (7200 to 43200 seconds)
    • Retry value—the amount of time that the secondary server should wait before re-attempting a zone transfer from the primary server after the refresh value has expired. Enter a value in the field and select a unit of time from the drop-down list.
    • Expire value—the length of time that a secondary server uses a non-updated set of zone data before it stops sending queries. RFC 1912 suggests a value of 2 to 4 weeks. Enter a value in the field and select a unit of time from the drop-down list.
    • Minimum value—the amount of time that a negative cache response is held in cache. A negative cache response is a response to a DNS query that doesn't return an IP address, or simply, a failed request. Until this value expires, queries for this DNS record return an error. The maximum value for this field is 10800 seconds, or 3 hours. Enter a value in the field and select a unit of time from the drop-down list.
    • TTL—select the time-to-live value for SOA records.
      • Auto (zone default)—if selected, the inherited zone default TTL value will be used. Upgraded roles will use this option by default.
      • Manual—select to change the TTL value for the record. Select this option and enter a value in the field. Select a unit of time from the drop-down menu (Seconds, Minutes, Hours or Days).
  7. Under Servers, select the servers to which the option will apply:
    • All Servers—applies the deployment option to all servers in the configuration.
    • Server Group—applies the deployment option to a specific server group in the configuration. Select a server group from the drop-down menu.
      Attention: You cannot deploy SOA records to multi-primary server groups, as each server within a multi-primary server group has a unique hostname. If you would like to deploy SOA records to servers within a multi-primary server group, you must deploy the SOA record to each server within the multi-primary server group.
    • Specific Server—applies the deployment option to a specific server in the configuration. Select a server from the drop-down menu.
    Note: You can't override deployment options set at the configuration level from the server group level if the deployment option is applied to a specific server within a server group.
  8. In the Change control section, add comments if required.
  9. Select Create or Create and add another.