Hope this post find you in good health and spirit. I was quite busy these days in some of my onsite training projects and found one topic quite confusing for few of the participants i.e. SOA records. So, in this post we will discuss SOA records and try to understand it better. We will discuss it in reference of Microsoft DNS server.
What is SOA record ?
SOA record stands for Start for Authority. This records serve below mentioned functions:
- Control the replication frequency of secondary DNS servers from Primary DNS server.
- Control how long secondary servers keep the zone file active when the primary server cannot be contacted.
- Identify the authoritative DNS server.
- Control how long a negative response is cached by a DNS resolver.
Fields in SOA record
Serial number is incremented each time a change is made to the zone. In event of zone transfer, the secondary name servers compare the serial number returned by the primary name server with the serial number in their copy of the zone file to determine if they should update their zone file. If the serial number from the primary name server is greater than their serial number, they will do a zone update transfer. If serial number is same zone transfer won’t happen.
This field is used to identify primary DNS server. There can be only one primary server but multiple secondary server in DNS structure. If zone type is AD-integrated then there can be multiple primary server and all of them point to themselves as primary server.
It contains email address of the person responsible for the domain’s zone file. By default hostmaster.example.com. is auto-populated in this field. It uses a special format where the “@” character is replaced with a “.” (period) character and the email address ends with a period. For an example email@example.com would become vinit.koenig.com.
You can’t use email address with period in between since server will interpret as @ character. So, firstname.lastname@example.org will be interpreted as vinit.pandey.koenig.com. and for DNS it is email@example.com.
It is the interval after which secondary server will poll primary server for zone update. Its default duration is 15 mins.
If secondary server couldn’t connect to primary server after refresh interval, it retries after period of time defined by retry interval. By default it is 10 mins.
Its the time till which a secondary name server will treat its zone file as valid when the primary name server cannot be contacted. After this duration secondary server will not answer queries anymore.
Minimum (default) TTL
This record is used in case of negative response (when resource record is not found). This is the duration DNS will cache negative response before retrying it again. This explanation is applicable for DNS server which are RFC 2308 compliant and Microsoft DNS is one of it.
TTL of this record
This was added in RFC 2308 to define the default TTL to be used for any resource record that doesn’t have an explicit TTL.
There is no hard and fast rule like how much interval should be used in these fields. It all depends on requirement.
I hope this will help you to clear some of your doubts. I will see you again in another post. Till then take care and happy reading !!!