Well, it's not *obvious* how Dynamic Update works in the case of an SOA RR, but RFC 2136 does say:
3.4.2.2. Any Update RR whose CLASS is the same as ZCLASS is added to the zone. In case of duplicate RDATAs (which for SOA RRs is always the case, and for WKS RRs is the case if the ADDRESS and PROTOCOL fields both match), the Zone RR is replaced by Update RR. If the TYPE is SOA and there is no Zone SOA RR, or the new SOA.SERIAL is lower (according to [RFC1982]) than or equal to the current Zone SOA RR's SOA.SERIAL, the Update RR is ignored. So, the server ignores the update if the serial number of the new one is equal or lower. If the serial number is higher, the new SOA replaces the old one. Bottom line: you can explicitly bump the serial number of an SOA RR, via Dynamic Update, by replacing the SOA RR with one that has a higher serial number. In nsupdate terms, this is an "update add" operation, even though the effect is intended to be a "replace". - Kevin [FCA_Pantone_email] ---------------------------------------------------------------------- Kevin Darcy Information Security Projects - North America FCA US LLC 1075 W Entrance Dr, Auburn Hills, MI 48326 USA Telephone: +1 (248) 838-6601 Mobile: +1 (810) 397-0103 Email: kevin.da...@fcagroup.com From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Alberto Colosi Sent: Wednesday, October 04, 2017 8:16 AM To: rams <brames...@gmail.com>; bind-users <bind-us...@isc.org> Subject: Re: SOA serial increment when we update SOA RR SOA is a special record. As already said to read ................ you update SOA (should be only for email address if not ONLY intranet NS). In all case if u make n update mean is needed n update. So the question is: wy to not reflect on slave NS if any Increasing SN , start a NOTIFY to NS defined as slave and ALSO NOTIFY. If n update is made and r slaves or a distribution recursive and secondary(slave) and so on, is correct to update and start a ZONE TRANSFER. If u hve only 1 DNS at all and is not internet faced, u can decide to not update SN Simply , the change start an incremental transer o a total transfer (depending on DNS engine on slaves NS and also notify) ________________________________ From: bind-users <bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org>> on behalf of rams <brames...@gmail.com<mailto:brames...@gmail.com>> Sent: Wednesday, October 4, 2017 11:39 AM To: bind-users Subject: SOA serial increment when we update SOA RR Greetings!! When we change any resource record like A or AAAA, then SOA serial number gets incremented. But If we update only SOA record ,Is serial number of SOA remain same as before or serial number of SOA will increment?. Do we have any RFC for this? Regards, Ramesh
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
