The Anatomy of a DNS Zone File: SOA Record

  • March 15, 2011·
  • by Natalie Goguen·

Part ONE What is a Start of Authority (SOA) Record and What Does it Do? The first resource record in any Domain Name System (DNS) zone file is the Start of Authority (SOA) resource record. The SOA resource record is an essential part of the DNS zone file, it indicates the basic properties of the domain name server and the zone that the domain is in. Each zone file can contain only one SOA record. The SOA record is broken down into the following fields. (Please refer to the example below: each section is color-coded to match it’s corresponding field definition) ;; QUESTION SECTION: ;no-ip.com. IN SOA ;; ANSWER SECTION: no-ip.com. 565 IN SOA ns2.no-ip.comhostmaster.no-ip.com2036909809 600 300 604800 600

  1. name- The root name of the zone.
  2. TTL- Time-to-Live, is the length of time for when a zone file is set to expire. This is usually expressed in a number of seconds.
  3. class- Defines the class of record. IN stands for the Internet.
  4. name-server: The Name of the primary name server for the zone
  5. email-addr: The E-mail Address of the individual who is in charge of the domain. This is the person that emails should be directed to in order to report errors or problems with the domain.
  6. sn = serial number: The Serial Number for the zone. This number helps keep track of changes that have been made to the DNS zone file. The number has to increment when changes are made. The standard convention is YYYYMMDDnn, where YYYYMMDD is the date of revision and nn is the revision number (in case there are multiple revisions for the day). So, today’s first revision would be 2011030200 and the second would be 2011030201.
  7. refresh: The time a secondary DNS server waits before checking to see if there are changes to the zone.
  8. retry: The time the secondary DNS server should wait before retrying to check if there have been changes to the zone (if the first refresh fails).
  9. expiry: The time in seconds before the secondary DNS server should stop responding to queries for the zone.
  10. min=minimum: The minimum time-to-live (TTL). This value is supplied in query responses by servers for the zone to inform others how long they should cache a resource record provided in an answer.

A properly optimized and updated SOA record can reduce bandwidth between name servers, increase the speed of website access and ensure the site is live, even when the primary DNS server is down. Please leave any questions or comments below… Check out Part 2 and Part 3 of this series:

Part Two: What are NS Records and Why Are They Important to DNS

Anatomy of a DNS Zone File Part Three: MX Records

 

LinkedIn0
6 Comments.
  1. mhdbzd
    March 22, 2011·

    toujour

  2. Uli
    March 22, 2011·

    There is confusion about the serial number. There are none RFC fixing or suggestion that SN MUST or SHOULD be a date. Serial Number is a number, as a version number of RRs. This is a integer number. So it MUST be lower than 2147483647. I know that 2147 is so far, but following “the common suggestion” the limited date is 2147123199. Another problem is that if the dnsadmin inserts one more number by error then the “common suggested serial number” MUST be reset to 0, wait for propagation and incremented again. The behavior brings another consequence. Some RR MAY have TTL greater than several days. It means that the explained operation MUST wait that expiration time what is, sometimes, unacceptable and undesired.
    So I would suggest that serial number MUST be a pure number, not related to date, but a simple version number.
    This concept was discussed at bind-forum several years ago, and again it is up.

  3. David Dohm
    March 23, 2011·

    Excellent explaination. Thanks for publishing this

  4. P Reinie
    March 24, 2011·

    Good SN input from Uli as the example showing 2036909809 is certainly not a valid edit date as of 20110324.

    Any date would only allow 99 changes unless hexadecimal is used – or am I missing something?

  5. ngoguen
    March 24, 2011·

    SOA value is many times a date. Works good for zones that change a few times a week. You can also start at 1, or you can use epoch time which is unix time, the # of seconds since 1970. SN is a 32-bit field
    http://www.zytrax.com/books/dns/ch9/serial.html, but the maximum increment to such a number is ((2**31) – 1) or 2147483647
    Unix time, or POSIX time, is a system for describing points in time, defined as the number of seconds elapsed since midnight Coordinated Universal Time (UTC) of January 1, 1970, not counting leap seconds.

  6. Faust
    March 1, 2012·

    @Uli – Actually, serial number can be practically any length. If the serial number exceeds 32 bits, it will be modulo’d, so as long as you don’t make massive leaps in your serial number, you shouldn’t have a problem as bind will still recognize that the serial number has increased after it takes the modulo.

Comments have been disabled.