DNS records generally consist of several fields. In these you’ll find all the relevant information. In comparison to other types, the SOA record has many fields:
- <name>: zone name
- <class>: network class
- <type>: record type
- <mname>: master name
- <rname>: email address for the responsible administrator
- <serial>: incremental serial number that specifies the zone file version
- <refresh>: time specification when a slave must request the current master version
- <retry>: time specification when a slave is supposed to again perform a failed request attempt
- <expire>: time specification from which a slave does not release further information in the absence of feedback from the master
- <minimum>: time specification for how long information may be retained in a cache
The first three fields are typical for DNS records. The zone name is a domain name in the form of a Fully Qualified Domain Name (FQDN). This means that the specification – different from what you may recognize from a URL – ends with a period. The reason for this is that an FQDN shows the domain’s complete hierarchical structure, which has a root directory at the end. This is of course empty, which is why only the separating period remains. You’ll find this notation in all DNS domain names as well as in the MNAME and RNAME fields.
The class field has only historical relevance and for this reason is simply omitted in many cases. When DNS was being developed, there was also the Hesiod (HS) and Chaos (CH) projects. Both are now obsolete, which is why only the internet with the IN abbreviation can be utilized in this field. The type refers to the kind of DNS record being used, so in this case, SOA.
MNAME is also known as primary master and specifies which server is located above the slave. This is so that the name server is defined through which the subordinate server must attempt a zone transfer. When formatting the email address in the RNAME field, there are some specific features to take into account. An @ symbol is not permitted in the notation. Instead, a period separates the local part (e.g. the user name) from the domain. Should there be a period before the @ symbol in the original email address, one must denote this with a backslash (\).
The serial number must be incrementally increased with each change made to the zone file. Two versions have become established. On the one hand, a simple process can begin at 1 and with each change to the serial number be increased by 1. With this option, the number of changes already made can be read from the serial number.
The other option is choosing a date format: YYYYMMDDVV. One begins with a four-digit year specification, followed by the month and day (each comprising two positions) and ends the specification in turn with a two-digit version number. In this format, one can thus identify the date the version was created. With each change that is made on the same day, the version number increases by one. On a new day, the serial number adjusts to the appropriate place and the version number is reset to 00.
The SOA record ends with three to four time specifications – each in seconds. The first field (“Refresh”) specifies the time lag until the slave again asks the master for a current version of the zone file. Should this request go unanswered, the “Retry” field regulates when a new attempt is to be carried out. It is important for this specification to be smaller than the previous one.
If the server that’s situated lower in the hierarchy receives no further replies, the third time specification (“Expire”) determines how long the zone file may still be used before the server refuses DNS information delivery. Should the server continue to send old zone file data to the clients submitting requests, it may no longer be valid. This may lead to connection issues and security risks.
The “Minimum” field completes the record. This corresponds to the time to live, as you may be familiar with from other DNS record types. It specifies how long a client may hold the requested information in the cache before a new request must be sent. Most of the time, however, the TTL is set for the entire zone with the $TTL directive. Once this is done, it doesn’t have to be performed separately for each entry. The zone name can also be determined as early as the beginning of the file, then assigned the $ORIGIN directive.
The entry always appears at the beginning of the zone file.