SOA resource record

SOA means Start of Authority (dt. The beginning of the jurisdiction ) and is an important component of a zone file in Domain Name System (DNS). A SOA record contains important information about the administration of the zone , especially about the zone transfer . The SOA type is specified in RFC 1035 .

background

DNS name servers are usually set up in clusters. The data stock within a cluster is synchronized by means of zone transfers. The SOA entry in the zone file (i.e. in the file for the complete configuration and description of the zone) contains data with which the zone transfer is controlled. These are the serial number and various timers.

The e-mail address of the person responsible for this zone and the name of the primary master server are also listed. Usually there is an SOA record at the beginning of the file. A zone without this entry does not meet the DNS standard and cannot be transferred.

construction

Surname

the zone

TTL

specifies in seconds how long this resource record may be valid in a cache

IN

Zone class (mostly IN for Internet)

SOA

Abbreviation for Start Of Authority

Primary

Primary Master for this zone:

it defines to whom dynamic updates should be sent (see: dynamic update )
it indicates to whom no notifications are sent (see: zone transfer )

Mail address: of the person responsible for this zone. (This @is replaced by .. Dots in front of the @are replaced by \.; for example max\.mustermann.wikipedia.orgfor the e-mail address max.mustermann@wikipedia.org)
serial number: is incremented with each change (preferably YYYYMMDTVV; serves as an indication of when the zone was last updated)
Refresh: Second interval at which secondary name servers should request the serial number from the primary master in order to determine changes to the zone. Recommendation from the RIPE NCC for small and stable zones: 86400 ≙ 24 hours.
Retry: Seconds interval at which, if the master does not respond, the secondary name server should query its serial number again. This value must be smaller than that for the refresh . Recommendation from RIPE NCC for small and stable zones: 7200 ≙ 2 hours.
Expire: Seconds after which, if the master does not respond, secondary name servers should no longer respond to the zone. This value must be greater than the sum of those for refresh and retry . Recommendation from RIPE NCC for small and stable zones: 3600000 ≙ 1000 hours.
minimum: Time to Live for negative caching (recommendation from RIPE NCC for small and stable zones: 3600 ≙ 1 hour). Originally, this field meant a minimum TTL value for all resource records in the zone and was used in practice as the default value if no TTL value was specified for a resource record; this meaning was abolished with RFC 2308 .

Example of a SOA record in BIND

@   3600 IN SOA master.example.com. hostmaster.example.com. (
    2014031700 ; serial
    3600       ; refresh
    1800       ; retry
    604800     ; expire
    600 )      ; negatives caching, ehem. minimum

In this example it is specified that a slave synchronizes with its master via zone transfer every 3600 seconds. If its master cannot be reached, a new attempt is started every 1800 seconds. If the master cannot be contacted within 604800 seconds (one week), the slave declares the example.com zone as inactive and no longer answers any relevant DNS requests. DNS also caches failed requests. The TTL for this is 600 seconds.

Furthermore, it is defined that the primary master of this zone is master.example.com and that the administrator can be reached via the e-mail address hostmaster@example.com . That @has to be replaced by one .. Comes a .before @, z. B. firstname.lastname@example.com, this is \masked with a - e.g. B. vorname\.nachname.example.com.

The serial number is currently 2014031700. The next time you change it, it must be increased (manually) to at least 2014031701. The convention has become established to use the date in the form of year-month-day and a subsequent two-digit version counter as the serial number.

Change of serial number

When changing the serial numbers, two procedures have been established:

You start at 1 and increase with every change.
You enter the current date with a two-digit counter (for example 2004052101 = May 21, 2004, first change on this day), and more rarely also the time. This procedure is recommended in RFC 1912 2.2.

Individual evidence

↑ ^a ^b ^c ^d ^e Peter Koch: Recommendations for DNS SOA Values. RIPE Network Coordination Center, June 7, 1999, accessed March 4, 2016 : "These recommendations are aimed at small and stable DNS zones."
↑ RFC 1912 - Common DNS Operational and Configuration Errors (February 1996).
↑ RFC 1035 - Domain Names - Implementation and Specification
↑ RFC 2308 - Negative Caching of DNS Queries (DNS NCACHE )

[ripe-203-1] Peter Koch: Recommendations for DNS SOA Values. RIPE Network Coordination Center, June 7, 1999, accessed March 4, 2016 : "These recommendations are aimed at small and stable DNS zones."

[RFC_1912-2] RFC 1912 - Common DNS Operational and Configuration Errors (February 1996).

[rfc-1035-3] RFC 1035 - Domain Names - Implementation and Specification

[rfc-2308-4] RFC 2308 - Negative Caching of DNS Queries (DNS NCACHE )