DNS Zone File Serial

Today, I came across this error while checking a DNS Zone file for error (I was trying to script the syntax check of a zone file before deploying it onto our production servers):

named-checkzone example.com example.com.zone
dns_rdata_fromtext: example.com.zone:3: near ‘201005051010’: out of range
zone example.com/IN: loading from master file example.com.zone failed: out of range

And, it immediately occurred to me that it was an integer overflow. The system that I was running named-checkzone had a 32bit OS on it and the serial number ‘201005051010’ is bigger than the biggest unsigned 32 bit integer.As our production servers run on a 64bit OS, named-checkzone returned no error for the same zone file there. I was curious and had a look into the RFC here and it turns out there is no real restriction on the integer size for a serial number (contrary to a few articles on the web).

The immediate solution was to do what the RFC recommends: use a 10 digit number for serial of this format YYYYMMDD + a 2 digit revision number instead of the format that we were using(this YYYYMMDDHHMM). That made a lot of sense to me and since we had access to all the slave Name Servers, we could have easily changed the serials to the 10 digit format but, since it was not really up to me and I was too tired to argue about it, I gave up and decided to wait until we get a 64-bit OS before I continued with the script writing.

Leave a Reply

Your email address will not be published. Required fields are marked *