DNS records are a set of instructions that reside on DNS servers. They include information about a domain and tell servers how to perform DNS queries for it.
We discussed several DNS record typesincluding the A record, NS registration, MX DNS record, TXT recordand CNAME record. In this article, we will introduce you to SOA records in DNS. Let’s start with a question: What is SOA registration?
What is SOA registration and why do you need it?
SOA is an acronym for Start of Authority, and it is a type of DNS record that contains important information about a DNS zone, including administrator email address, server refresh timeout, and the last time a domain was updated.
You must properly configure an SOA record in your DNS to comply with Internet and Engineering Task Force (IETF) standards. These records are also required during zone transfers. When transferring zones, you must send DNS records from a primary server to a secondary server. During this process, the first record you need to send is the SOA record. Your domain will not work properly and a DNS Lookup can’t happen without DNS SOA Records.
What is a zone serial number?
The DNS zone is a particular segment of the DNS namespace. This can include a single domain, a single domain and multiple subdomains, or multiple domain names.
A zone serial number is a version number for your DNS domain. The serial number of the zone in the SERIAL segment is shown in the structure below. When the serial number changes, the secondary server will know there are changes and request a zone transfer.
The SOA record structure
A SOA DNS record contains vital information about a particular DNS zone or domain. This record is formatted in a structure that servers and browsers can understand. Below is an example SOA record.
|type of record||SOA|
Let’s explain the format in the SOA record structure above.
- Last name: This is the name of your domain. In the example above, this is mywebsite.com
- Record type: This section determines the type of DNS record; in this case, it is the SOA record.
- MNAME: The MNAME in the above format represents the main server name of the domain.
- RNAME: This contains the administrator’s email address without the @ sign. So admin.mywebsite corresponds to [email protected]
- SERIAL: This is the DNS zone number. Increase the serial value each time you make changes to your zone file to ensure that they are propagated to all secondary DNS servers.
- REFRESH: This is the time in seconds that a secondary server waits before sending a request to the primary server’s SOA record for any new changes.
- START AGAIN: This is the time a server must wait after a refresh failure before sending a new request.
- EXPIRE: The period in seconds that a secondary server will continue to poll the primary server for an update. When this time expires, the secondary server’s zone files expire and it stops responding to queries.
- Lifetime : It’s time to live, and that applies to all DNS zone records.
What is a zone transfer?
This is a process in which DNS zone files from a primary server are copied to a secondary server. The SOA record in DNS zone is always transferred first. Zone transfers provide fault tolerance by synchronizing a primary server’s zone files with the secondary server’s zone files.
A zone transfer is required in the following situations:
- If the primary DNS server is down, the secondary server will have an up-to-date copy of the DNS zone files and can successfully handle DNS resolution queries from DNS clients on the Internet.
- If many DNS clients on the Internet are sending queries simultaneously, you can balance queries between the primary and secondary DNS servers.
- If a primary name server is at the end of the WAN slot, a zone transfer allows secondary nameservers to handle resolution queries locally, reducing network traffic.
- The secondary server initiates the zone transfer by polling the primary server to see if there are any changes in the primary DNS server’s zone files.
If changes exist, it requests a zone transfer. When the refresh time on the server expires on the secondary DNS server, here’s what happens:
- The secondary DNS server obtains the Start of Authority (SOA) record from the primary server.
- The secondary DNS server compares the serial version number of the newly received SOA record with its current version. If there is a change, he requests a zone transfer.
- All DNS zone files are transferred from the primary server to the secondary servers during this process.
In this article, we explored what SOA records mean and why you should include them in your DNS domain. SOA or Start of Authority DNS records are vital information that keeps your domain running smoothly.
Without this registration, zone transfers are impossible. SOA registration determines the rate at which zone updates are transferred from master servers to slave servers.
Now that you understand what an SOA record means, be sure to set it up for all of your domains. Stay tuned for more blog posts on DNS record types and use our free Finding DNS Records tool to find your domain’s DNS records.
*** This is a syndicated blog from the Security Bloggers Network of EasyDMARC written by EasyDmarc. Read the original post at: https://easydmarc.com/blog/what-is-soa-record-in-dns/