HOME

TheInfoList



Click Here for Items Related To - SOA record
OR:
SOA record on:   [Wikipedia]   [Google]   [Amazon]

A start of authority record (abbreviated as SOA record) is a type of
resource record The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
in the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
(DNS) containing administrative information about the zone, especially regarding zone transfers. The SOA record format is specified in RFC 1035.


Background

Normally DNS name servers are set up in clusters. The database within each cluster is synchronized through zone transfers. The SOA record for a zone contains data to control the zone transfer. This is the serial number and different timespans. It also contains the
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
of the responsible person for this zone, as well as the name of the primary master name server. Usually the SOA record is located at the top of the zone. A zone without a SOA record does not conform to the standard required by RFC1035.


Structure

; NAME: Name of the zone ; TYPE: SOA, abbreviation for ''start of authority'' ; CLASS: Zone class (all but universally IN for internet) ; TTL: Time-to-live ; MNAME: Primary master name server for this zone ; RNAME: Email address of the administrator responsible for this zone. (As usual, the email address is encoded as a name. The part of the email address before the @ becomes the first label of the name; the domain name after the @ becomes the rest of the name. In zone-file format, dots in labels are escaped with backslashes; thus the email address john.doe@example.com would be represented in a zone file as john\.doe.example.com.) ; SERIAL: Serial number for this zone. If a secondary name server slaved to this one observes an increase in this number, the slave will assume that the zone has been updated and initiate a zone transfer. ; REFRESH: Number of seconds after which secondary name servers should query the master for the SOA record, to detect zone changes. Recommendation for small and stable zones: seconds (24 hours). ; RETRY: Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than ''Refresh''. Recommendation for small and stable zones: seconds (2 hours). ; EXPIRE: Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of ''Refresh'' and ''Retry''. Recommendation for small and stable zones: seconds ( hours). ; MINIMUM: Used in calculating the
time to live Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or times ...
for purposes of
negative caching In computer programming, negative cache is a cache that also stores "negative" responses, i.e. failures. This means that a program remembers the result indicating a failure even after the cause has been corrected. Usually negative cache is a desig ...
. Authoritative name servers take the smaller of the SOA TTL and the SOA MINIMUM to send as the SOA TTL in negative responses. Resolvers use the resulting SOA TTL to understand for how long they are allowed to cache a negative response. Recommendation for small and stable zones: seconds (2 days). Originally this field had the meaning of a ''minimum'' TTL value for resource records in this zone; it was changed to its current meaning by RFC 2308.


Sample SOA record in

BIND BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name daemon''), performs both of the main DNS server roles, acting as an authoritative ...
syntax

Sample SOA record for example.org 
$TTL 86400
@   IN  SOA     ns.icann.org. noc.dns.icann.org. (
        2020080302  ;Serial
        7200        ;Refresh
        3600        ;Retry
        1209600     ;Expire
        3600        ;Negative response caching TTL
)


Serial number changes

Several methods have been established for updates to the SERIAL field of a zone's SOA record: * The serial number begins at 1, and is simply incremented at every change. * The serial number contains the date of the last change (in
ISO 8601 ISO 8601 is an international standard covering the worldwide exchange and communication of date and time-related data. It is maintained by the Geneva-based International Organization for Standardization (ISO) and was first published in 1988, wi ...
basic format) followed by a two-digit counter (e.g. is the fifth change dated 14 March 2017). This method is recommended in RFC 1912. * The serial number is the time of last modification to the zone's data file expressed as the number of seconds since the
UNIX epoch Current Unix time () Unix time is a date and time representation widely used in computing. It measures time by the number of seconds that have elapsed since 00:00:00 UTC on 1 January 1970, the beginning of the Unix epoch, less adjustments m ...
. This method is used by default in the
djbdns The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for th ...
suite.How to run a DNS server in place of an existing BIND server
/ref> Although it uses a 32-bit counter, it is not susceptible to the
year 2038 problem The year 2038 problem (also known as Y2038, Y2K38, or the Epochalypse) is a time formatting bug in computer systems with representing times after 03:14:07 UTC on 19 January 2038. The problem exists in systems which measure Unix time â ...
due to the effect of serial number arithmetic.


References

{{cite web , url=https://www.ripe.net/publications/docs/ripe-203 , title=RIPE 203 — Recommendations for DNS SOA Values , date=1999-06-07 , access-date=2017-12-28 , quote=These recommendations are aimed at small and stable DNS zones. DNS record types