To properly understand DNS and its function, we must investigate each of the DNS records, how they work, and why they exist. There are many, but there are a few that we must understand from the start. This is why we will begin by explaining the DNS SOA record.
What is DNS SOA record?
The DNS SOA record is the start of authority. It is the beginning of the chain of authority that the DNS has. It will point which server, from all the nameservers that you have, contains the original zone file. This server will be the authoritative DNS server, and it will have all the important information about the zone.
Inside the DNS SOA record, there you can find information about the zone transfer, the rate of refreshing, and the rate for retry if not refreshed properly. Also, inside it, you will see the DNS administrator’s contact information.
DNS SOA record is so important to the DNS because the DNS is a network of name servers. All of them need to work together and show up-to-date information.
When a query arrives at the recursive DNS server, if it cannot be resolved with the current DNS records, the recursive server will ask the authoritative DNS server for the records. Later it will keep the record, for the time the TTL value indicates.
When somebody changes DNS records in the authoritative name server, and there is a DNS notify list, this information must be updated down the chain. The list will have IP addresses of the recursive DNS servers that can access the data in the primary and perform a transfer without waiting for the refreshing interval to expire. The transfer could be incremental (IXFR) or full zone transfer (AXFR zone transfer).
Purpose of DNS SOA record
DNS SOA record exists to show the top authority about a zone, its beginning (the authoritative name server for the zone).
For a zone, only one DNS SOA record should exist, and a zone must have SOA obligatory. If you try to put more than one DNS SOA record, your zone will stop working.
The DNS SOA record also serves for zone transfer, as it contains the latest version of the DNS records for a zone and indicates if the secondary DNS servers must update or no.
What’s inside a DNS SOA record?
When you open a SOA record, this is what you will see inside it:
- Name – Name that the DNS admin has put.
- Type – The type of the DNS record, which will be SOA.
- Primary name server – The authoritative DNS server for that zone.
- Admin’s email – The email of the DNS administrator for that zone.
- Serial number – The serial number of the zone that we mentioned before. It will indicate if the secondary DNS servers must update their DNS records or no.
- Refresh rate – This number will show how often the secondary DNS server must re-visit the authoritative DNS server and check for changes.
- Retry rate – The number indicates for how long should the secondary DNS server continue to try to perform zone transfer if the previous failed.
- Default TTL – The number is a time interval that shows for how long the DNS records are valid. After the time runs out, the secondary DNS servers must discard them and perform zone transfer again.