Adding Start of Authority records - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

Start of Authority (SOA) records define administrative information for a DNS zone. Every zone you create uses default values for the SOA resource record initially. You must modify these default values.

SOA records aren't configured in the same way as other resource records. The SOA record is configured as a deployment option which can be set at any level where DNS deployment options can be set. If you set the SOA deployment option at configuration, view, or server level, it's inherited by all child levels unless it is overridden at a child level.

Until you create a Start of Authority deployment option, Address Manager uses default parameters based on best practices. When creating a Start of Authority deployment option, you can set the following parameters:
  • primary server
  • administrative contact
  • refresh value
  • expire value
  • minimum value

To add a Start of Authority record at the zone level:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the DNS tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Under DNS Views, click a DNS view.
  4. Navigate to the zone for which you want to set the SOA record.
  5. Click the Deployment Options tab.
  6. Under Deployment Options, click New and select Start Of Authority.
  7. Under General, set the following parameters:
    • Serial Number—you can set the Start of Authority serial number to be generated automatically, to be based on the DNS server’s system date, or to be based on a specific value.
      Note: Modifying the Start of Authority serial number may adversely affect the ability to perform zone transfers. If serial numbers on primary and secondary servers aren't set properly, secondary servers may not update their zones. If you are unfamiliar with the requirements of Start of Authority serial numbers, contact Client Care before proceeding.
      Note: This section describes how to use the fields on the Add Start of Authority page to set the SOA serial number. For information on how SOA serial numbers are generated, refer to Reference: Changing the SOA primary server.
      • Retrieve button—click Retrieve to view the current Start of Authority serial number. If Address Manager can retrieve the current serial number, it appears beside the Retrieve button. To retrieve the serial number, the zone must have a Primary DNS deployment role set and the zone must be deployed to a managed server.
    • Serial Number Format—select one of the following options:
      • AUTO—the serial number is generated and maintained automatically.
      • DATE—the serial number is based on the DNS server’s system date with a two-digit suffix added to the date.
      • MANUAL—the serial number can be typed manually or calculated automatically by clicking the Compute S/N Reset Value button.
        Note: DATE and MANUAL aren't recommended for use when the Allow Dynamic Updates DNS deployment option is set for the zone. If the Allow Dynamic Updates DNS deployment option is set for the zone, a warning message appears when you click Add to create the SOA record. To acknowledge the warning and use the DATE or MANUAL setting, click Continue to create the SOA record
    • Primary Server—determines which DNS server should appear as the primary server within the SOA record. Select Auto to use the server with the assigned Primary or AD Integrated Primary deployment role. Select Specify and type a fully qualified domain name in the field to use a different server.
      Note: DDNS may not work properly if a different server is used.
    • Administrative Contact E-mail—type the e-mail address of the zone administrator.
    • Refresh Value—the amount of time that a secondary server waits before attempting to refresh zone files from the primary server. Type a value in the field and select a unit of time from the drop-down list. RFC 1912 provides the following examples for short and long refresh times:
      • Short refresh time: 20 minutes to 2 hours (1200 to 7200 seconds)
      • Long refresh time: 2 to 12 hours (7200 to 43200 seconds)
    • Retry Value—the amount of time that the secondary server should wait before re-attempting a zone transfer from the primary server after the refresh value has expired. Type a value in the field and select a unit of time from the drop-down list.
    • Expire Value—the length of time that a secondary server uses a non-updated set of zone data before it stops sending queries. RFC 1912 suggests a value of 2 to 4 weeks. Type a value in the field and select a unit of time from the drop-down list.
    • Minimum Value—the amount of time that a negative cache response is held in cache. A negative cache response is a response to a DNS query that doesn't return an IP address, or simply, a failed request. Until this value expires, queries for this DNS record return an error. The maximum value for this field is 10800 seconds, or 3 hours. Type a value in the field and select a unit of time from the drop-down list.
    • TTL—select the time-to-live value for SOA records.
      • AUTO (zone default)—if selected, the inherited zone default TTL value will be used. Upgraded roles will use this option by default.
      • MANUAL—select to change the TTL value for the record. Select this option and enter a value in the field. Select a unit of time from the drop-down menu (Seconds, Minutes, Hours or Days).
  8. Under Servers, select the servers to which the option will apply:
    • All Servers—applies the deployment option to all servers in the configuration.
    • Server Group—applies the deployment option to a specific server group in the configuration. Select a server group from the drop-down menu.
    • Specific Server—applies the deployment option to a specific server in the configuration. Select a server from the drop-down menu.
    Note: You can't override deployment options set at the configuration level from the server group level if the deployment option is applied to a specific server within a server group.
  9. Under Change Control, add comments, if required.
  10. Click Add or Update.