KHOI | Blog
Open-sourcing knowledge

What is a DNS SOA (Start of Authority)
Sun, Oct 08, 2023 · 7 min read
tech
Blog post image
Table of contents

Content

Intro

I was trying to set up 4 VMs to configure a DNS as a class assignment, and boy, are they confusing!

There are so many things I’ve taken for granted like how easy it is to buy a domain, then you just have to configure the A and CNAME record all on the domain registrar’s dashboard.

As a result, I spent more time to learn a few things about DNS, and that’s how SOA (Start of Authority) became the subject of this blog post. Here is a brief intro to SOA!

What is an SOA

The DNS SOA record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, how long the server should wait between refreshes, etc.

All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also important for zone transfers.

In DNS, zone is an area of control over namespace. A zone can include a single domain name, one domain and many subdomains, or many domain names. In some cases, zone is essentially equivalent with domain, but this is not always true.

What makes an SOA

Given this SOA record:

name example.com
record type SOA
MNAME ns.primaryserver.com
RNAME admin.example.com
SERIAL 1111111111
REFRESH 86400
RETRY 7200
EXPIRE 4000000
TTL 11200
  • Serial number: is a version number for the SOA record. In the example above, the serial number is listed next to SERIAL. When the serial number changes in a zone file, this alerts secondary nameservers that they should update their copies of the zone file via a zone transfer.
  • MNAME: is the name of the primary nameserver for the zone. Secondary servers that maintain duplicates of the zone’s DNS records receive updates to the zone from this primary server.
  • REFRESH: The length of time (in seconds) secondary servers should wait before asking primary servers for the SOA record to see if it has been updated.
  • RETRY: The length of time a server should wait for asking an unresponsive primary nameserver for an update again.
  • EXPIRE: If a secondary server does not get a response from the primary server for this amount of time, it should stop responding to queries for the zone.

Below is what SOA looks like on a Debian VM (that’s what I used for the assignment):

$TTL    604800
@       IN      SOA     ns1.computingforgeeks.local. root.ns1.computingforgeeks.local. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
;@      IN      NS      localhost.
;@      IN      A       127.0.0.1
;@      IN      AAAA    ::1

;Name Server Information

@        IN      NS      ns1.computingforgeeks.local.

;IP address of Name Server

ns1     IN      A       192.168.1.12

;Mail Exchanger

computingforgeeks.local.   IN     MX   10   mail.computingforgeeks.local.

;A – Record HostName To Ip Address

www     IN       A      192.168.1.13
mail    IN       A      192.168.1.14

;CNAME record

ftp     IN      CNAME   www.computingforgeeks.local.

Hope you learn something today!

Resources

ComputingforGeeks - Configure BIND Master DNS Server on Debian 11/10