Understanding SOA Record: DNS

Hello friends

Hope this post find you in good health and spirit. I was quite busy these days in some of my onsite training projects and found one topic quite confusing for few of the participants i.e. SOA records. So, in this post we will discuss SOA records and try to understand it better. We will discuss it in reference of Microsoft DNS server.

What is SOA record ?

SOA record stands for Start for Authority. This records serve below mentioned functions:

  1. Control the replication frequency of secondary DNS servers from Primary DNS server.
  2. Control how long secondary servers keep the zone file active when the primary server cannot be contacted.
  3. Identify the authoritative DNS server.
  4. Control how long a negative response is cached by a DNS resolver.

Fields in SOA record

Serial Number

Serial number is incremented each time a change is made to the zone.  In event of zone transfer, the secondary name servers compare the serial number returned by the primary name server with the serial number in their copy of the zone file to determine if they should update their zone file.  If the serial number from the primary name server is greater than their serial number, they will do a zone update transfer. If serial number is same zone transfer won’t happen.

Primary server:

This field is used to identify primary DNS server.  There can be only one primary server but multiple secondary server in DNS structure. If zone type is AD-integrated then there can be multiple primary server and all of them point to themselves as primary server.

Responsible Person

It contains email address of the person responsible for the domain’s zone file.  By default hostmaster.example.com. is auto-populated in this field. It uses a special format where the “@” character is replaced with a “.” (period) character and the email address ends with a period.  For an example vinit@koenig.com would become vinit.koenig.com.

You can’t use email address with period in between since server will interpret as @ character. So, vinit.pandey@koenig.com will be interpreted as vinit.pandey.koenig.com. and for DNS it is vinit@pandey.koenig.com.

Refresh interval

It is the interval after which secondary server will poll primary server for zone update. Its default duration is 15 mins.

Retry interval

If secondary server couldn’t connect to primary server after refresh interval, it retries after period of time defined by retry interval. By default it is 10 mins.

Expires after

Its the time till which a secondary name server will treat its zone file as valid when the primary name server cannot be contacted. After this duration secondary server will not answer queries anymore.

Minimum (default) TTL

This record is used in case of negative response (when resource record is not found). This is the duration DNS will cache negative response before retrying it again. This explanation is applicable for DNS server which are RFC 2308 compliant and Microsoft DNS is one of it.

TTL of this record

This was added in RFC 2308 to define the default TTL to be used for any resource record that doesn’t have an explicit TTL.

There is no hard and fast rule like how much interval should be used in these fields. It all depends on requirement.

I hope this will help you to clear some of your doubts. I will see you again in another post. Till then take care and happy reading !!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s