Common DNS Operational and Configuration Errors (RFC1912)
Original Publication Date: 1996-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
This memo describes errors often found in both the operation of Domain Name System (DNS) servers, and in the data that these DNS servers contain. This memo tries to summarize current Internet requirements as well as common practice in the operation and configuration of the DNS. This memo also tries to summarize or expand upon issues raised in [RFC 1537].
Network Working Group D. Barr
Request for Comments: 1912 The Pennsylvania State University
Obsoletes: 1537 February 1996
Common DNS Operational and Configuration Errors
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This memo describes errors often found in both the operation of
Domain Name System (DNS) servers, and in the data that these DNS
servers contain. This memo tries to summarize current Internet
requirements as well as common practice in the operation and
configuration of the DNS. This memo also tries to summarize or
expand upon issues raised in [RFC 1537].
Running a nameserver is not a trivial task. There are many things
that can go wrong, and many decisions have to be made about what data
to put in the DNS and how to set up servers. This memo attempts to
address many of the common mistakes and pitfalls that are made in DNS
data as well as in the operation of nameservers. Discussions are
also made regarding some other relevant issues such as server or
resolver bugs, and a few political issues with respect to the
operation of DNS on the Internet.
2. DNS Data
This section discusses problems people typically have with the DNS
data in their nameserver, as found in the zone data files that the
nameserver loads into memory.
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences
of this are becoming more and more obvious. Many services available
on the Internet will not talk to you if you aren't correctly
registered in the DNS.
Make sure your PTR and A records match. For every IP address, there
should be a matching PTR record in the in-addr.arpa domain. If a
host is multi-homed, (more than one IP address) make sure that all IP
addresses have a corresponding PTR record (not just the first one).
Failure to have matching PTR and A records can cause loss of Internet
services similar to not being registered in the DNS at all. Also,
PTR records must point back to a valid A record, not a alias defined
by a CNAME. It is highly recommended that you use some software
which automates this checking, or generate your DNS data from a
database which automatically creates consistent data.
DNS domain names consist of "labels" separated by single dots. The
DNS is very liberal in its rules for the allowable characters in a
domain name. However, if a domain name is used to name a host, it
should follow rules restricting host names. Further if a name is
used for mail, it must follow the naming rules for names in mail
Allowable characters in a label for a host name are only ASCII
letters, digits, and the `-' character. Labels m...