Jump to content

SOA record: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Structure: Corrected order, explained '@' meaning.
Structure: Clarified '@' source.
Line 9: Line 9:
== Structure ==
== Structure ==


; NAME: Name of the zone. '@' is a shortcut to match previous record.
; NAME: Name of the zone. '@' is a shortcut to match previous record in [[BIND]] syntax.
; CLASS: Zone class (all but universally IN for internet)
; CLASS: Zone class (all but universally IN for internet)
; TYPE: SOA, abbreviation for ''start of authority''
; TYPE: SOA, abbreviation for ''start of authority''

Revision as of 16:42, 24 July 2023

A start of authority record (abbreviated as SOA record) is a type of resource record in the Domain Name System (DNS) containing administrative information about the zone, especially regarding zone transfers. The SOA record format is specified in RFC 1035.[1]

Background

Normally DNS name servers are set up in clusters. The database within each cluster is synchronized through zone transfers. The SOA record for a zone contains data to control the zone transfer. This is the serial number and different timespans.

It also contains the email address of the responsible person for this zone, as well as the name of the primary master name server. Usually the SOA record is located at the top of the zone. A zone without a SOA record does not conform to the standard required by RFC 1035.

Structure

NAME
Name of the zone. '@' is a shortcut to match previous record in BIND syntax.
CLASS
Zone class (all but universally IN for internet)
TYPE
SOA, abbreviation for start of authority
TTL
Time-to-live
MNAME
Primary master name server for this zone
RNAME
Email address of the administrator responsible for this zone. (As usual, the email address is encoded as a name. The part of the email address before the @ becomes the first label of the name; the domain name after the @ becomes the rest of the name. In zone-file format, dots in labels are escaped with backslashes; thus the email address john.doe@example.com would be represented in a zone file as john\.doe.example.com.)
SERIAL
Serial number for this zone. If a secondary name server slaved to this one observes an increase in this number, the slave will assume that the zone has been updated and initiate a zone transfer.
REFRESH
Number of seconds after which secondary name servers should query the master for the SOA record, to detect zone changes. Recommendation for small and stable zones:[4] 86400 seconds (24 hours).
RETRY
Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than Refresh. Recommendation for small and stable zones:[4] 7200 seconds (2 hours).
EXPIRE
Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of Refresh and Retry. Recommendation for small and stable zones:[4] 3600000 seconds (1000 hours).
MINIMUM
Used in calculating the time to live for purposes of negative caching. Authoritative name servers take the smaller of the SOA TTL and the SOA MINIMUM to send as the SOA TTL in negative responses. Resolvers use the resulting SOA TTL to understand for how long they are allowed to cache a negative response. Recommendation for small and stable zones:[4] 172800 seconds (2 days). Originally this field had the meaning of a minimum TTL value for resource records in this zone; it was changed to its current meaning by RFC 2308.[5]

Sample SOA record

Sample SOA record for example.org, in BIND syntax.

$TTL 86400
@   IN  SOA     ns.icann.org. noc.dns.icann.org. (
        2020080302  ;Serial
        7200        ;Refresh
        3600        ;Retry
        1209600     ;Expire
        3600        ;Negative response caching TTL
)

Serial number changes

Several methods have been established for updates to the SERIAL field of a zone's SOA record:

  • The serial number begins at 1, and is simply incremented at every change.
  • The serial number contains the date of the last change (in ISO 8601 basic format) followed by a two-digit counter (e.g. 2017031405 is the fifth change dated 14 March 2017). This method is recommended in RFC 1912.[6]
  • The serial number is the time of last modification to the zone's data file expressed as the number of seconds since the UNIX epoch. This method is used by default in the djbdns suite.[7] Although it uses a 32-bit counter, it is not susceptible to the year 2038 problem due to the effect of serial number arithmetic.

References

  1. ^ Mockapetris, P.V. (November 1987). "RFC 1035 — Domain names - implementation and specification". doi:10.17487/RFC1035. Retrieved 2017-12-28. {{cite journal}}: Cite journal requires |journal= (help)
  2. ^ Thomson, S.; Rekhter, Y.; Bound, J.; Bound, J. (April 1997). Vixie, P (ed.). "RFC 2136 — Dynamic Updates in the Domain Name System (DNS UPDATE)". doi:10.17487/RFC2136. Retrieved 2017-12-28. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ Vixie, P. (August 1996). "RFC 1996 — A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)". doi:10.17487/RFC1996. Retrieved 2017-12-28. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ a b c d "RIPE 203 — Recommendations for DNS SOA Values". 1999-06-07. Retrieved 2017-12-28. These recommendations are aimed at small and stable DNS zones.
  5. ^ Andrews, M. (March 1998). "RFC 2308 — Negative Caching of DNS Queries (DNS NCACHE)". doi:10.17487/RFC2308. Retrieved 2017-12-28. {{cite journal}}: Cite journal requires |journal= (help)
  6. ^ Barr, D. (February 1996). "RFC 1912 — Common DNS Operational and Configuration Errors". doi:10.17487/RFC1912. Retrieved 2017-12-28. {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ Bernstein, D.J. "How to run a DNS server in place of an existing BIND server". Retrieved 2023-03-13.