Jump to content

SOA record

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 192.133.78.211 (talk) at 22:38, 5 October 2017 (Errant newline between hostmaster. and example.com.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

SOA means Start of Authority and is a significant part of a zone file in the domain name system (DNS). A SOA-Record contains important management information about the zone, especially regarding the zone transfer. The SOA-Record is specified in RFC 1035.

Background

Normally DNS name servers are set up in clusters. The database within this clusters is synchronized through zone transfers. The SOA-Record in the zone file contains data to control the zone transfer. This is the serial number and different timespans.

It also contains the e-mail-address of the responsible person for this zone as well as the name of the primary master server. Usually the SOA-Record is located at the top of the zone. A zone without a SOA-Record does not meet the standard and is therefore not transferable.

Structure

name
name of the zone
IN
zone class (usually IN for internet)
SOA
abbreviation for Start of Authority
Primary
primary master for this zone, practically not very meaningful
* it is defining to which server dynamic updates should be sent
* it defines to which server no notifies should be sent
Mail-Address
mail address of the responsible of this zone. (The @ is replaced with a .. Dots before the @ are replaced with \.; e.g. john\.doe.example.com for the mail address john.doe@example.com)
Serial Number
is increased at every change (common naming scheme: YYYYMMDDVV; is a hint when the zone was updated the last time)
Refresh
number of seconds after which secondary name servers should request the serial number from the primary name server, to detect zone changes. Recommendation of RIPE  for small and stable zones: 86400 ≙ 24 hours[1]
Retry
number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than Refresh. Recommendation of RIPE NCC for small and stable zones: 7200 ≙ 2 hours[1]
Expire
number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger then the sum of Refresh and Retry. Recommendation of RIPE NCC for small and stable zones: 3600000 ≙ 1000 hours[1]
TTL
Time to Live for negative caching (Recommendation of RIPE NCC for small and stable zones: 172800 ≙ 2 days[1]). Originally this field had the meaning of a minimum TTL value for all resource records of this zone and was used in the field if no TTL was specified. This was obsoleted by RFC 2308.[2]

Sample SOA Record in BIND

@   IN SOA master.example.com. hostmaster.example.com. (
    2017030300 ; serial
    3600       ; refresh
    1800       ; retry
    604800     ; expire
    600 )      ; ttl

Serial number changes

As method for serial number changes two methods have been established

  • The initial serial number is 1 and is increased at every change
  • The serial number contains the year, month and day of the last change followed by a two digit counter (e.g. 2017030301 = 3. March 2017, 1st change at this day) or sometimes the current time. This method is recommended in RFC 1912 2.2[3]

References

  1. ^ a b c d "Recommendations for DNS SOA Values". These recommendations are aimed at small and stable DNS zones.
  2. ^ RFC 2308 – Negative Caching of DNS Queries (DNS NCACHE)
  3. ^ "RFC 1912 - Common DNS Operational and Configuration Errors". February 1996. Retrieved 2017-03-03.
Retrieved from "https://en.wikipedia.org/w/index.php?title=SOA_record&oldid=803983743"