An SOA record means Start of Authority. The record holds specific authoritative information about the global parameters of a DNS zone.
This includes information on the primary name server, the domain’s serial number, the domain administrator’s email, and several timers for refreshing the zone.
Therefore, an SOA resource record shows what DNS server hosts the most accurate information for a specified domain. It also changes anytime the DNS settings change.
How do SOA Records Work?
The SOA records are the basis of the DNS zone files. The DNS structure is a decentralized, hierarchical system, with the SOA resource records at the top and the slave or secondary servers at the bottom.
While there are many name servers, they do not supply information to random servers but name servers in an allocated zone.
For this reason, DNS servers handle zone files which are text files that contain a zone’s DNS records. Each zone file must have an SOA record to determine the various authoritative servers for that domain.
This process makes it the Start of Authority by providing information on whether or not a server is authoritative enough to handle a query.
The SOA’s mode of operation makes it essential to the DNS system. Rather than one server bearing the brunt of all queries, they’re spread among many servers. A zone transfer must be done regularly to keep the zone files updated on all servers.
To do this, the servers at the lowest hierarchy sync their data with the primary servers at the top of the DNS system. The SOA record governs how the zone transition takes place.
The SOA Record Structure
The SOA record has several fields containing relevant information that helps it function.
We’ll take a look at them shortly.
This is the domain name of the primary (master) name server for a specific zone.
This field contains the email address of the domain administrator. When formatting the email address, you must exclude the @ symbol and replace it with a period (.). The period separates the username from the domain.
In cases where you have a period before the @ symbol in the main address, you must replace it with a backslash (\).
In essence, the email address is written in DNS format, not email format.
This is the serial number to a specific zone. It is a timestamp that changes each time you update your zone files.
When a secondary name server observes an increase in the number, it initiates zone transfers using that value to update its copy of the zone.
Anytime you change the zone files, you must overwrite the serial number using any of the following methods.
Increment it by one integer – If your current SOA serial number is 105, change it to 106 when you make a change to the file data.
If you don’t alter the values, the domain’s secondary name servers won’t update their copy of the database, causing both primary (master) and secondary (slave) servers to be out of sync.
Use the date format – The acceptable date format is YYYYMMDDVV.
Where each of them means :
- Y = Year
- M = Month
- D = Date
- V = Version number
This format is easy to manage, and you can identify the date you made the change on the serial number. When you make changes on the same day, you increase the version number by one integer. On a new day, the version number resets to 00.
The refresh rate specifies the time lag (in seconds) when a secondary server queries for an updated copy of the zone file. A typical value is 86400.
If the query goes unanswered, the Retry field regulates the next refresh attempt.
This signifies how long the secondary server should wait before requesting a zone transfer again. This rate is significantly lower than the last refresh rate value. A typical value is 7200
The expire time specifies the upper time limit (in seconds) of how long a secondary server should hold on to a zone file data before discarding.
This happens when the secondary server doesn’t receive any feedback from the primary servers. The Expire value determines how long to use that zone file before the server considers it as non-authoritative.
Minimum (default) TTL
This field specifies the minimum time to live (TTL) value for all resource records in the zone file. The TTL informs other servers on the duration to keep data in the cache before discarding it.
The default value is 3600 seconds.
How to Check an SOA Record
You can check your website’s SOA record in multiple ways. The most popular method is through a web service like Google Public DNS.
With the web service lookup tools, the process is straightforward. You’ll simply enter the website name on the tool page to receive a result.
Usually, you’ll get results only on A Records, but if you edit the appropriate field and select SOA, you should get the correct information.