supdns

SOA Records

The mandatory technical header containing administrative information about a DNS zone.

What is an SOA Record?

An SOA record (Start of Authority record) is mandatory for every DNS zone. It defines the core parameters for how the zone is managed, including who the primary nameserver is, how to contact the administrator, and how secondary nameservers should sync with the primary.

Structure of an SOA Record

example.com. 3600 IN SOA ns1.provider.com. admin.example.com. (2026040801 7200 3600 1209600 3600)

Components of the SOA Record

  • Primary Nameserver (MNAME): The master server for the zone (e.g., ns1.provider.com).
  • Responsible Person (RNAME): The administrator's email address. Note: The first dot in the email is used instead of the @ symbol (e.g., admin.example.com means [email protected]).
  • Serial Number: A version number for the zone. When the serial increases, secondary servers know they need to update their records. Often formatted as YYYYMMDDNN.
  • Refresh: How often secondary servers should check for updates (in seconds).
  • Retry: How long to wait before retrying a failed update check.
  • Expire: How long a secondary server can continue to serve the zone if it can't reach the primary.
  • Minimum (Negative TTL): How long to cache "Not Found" (NXDOMAIN) responses.

Primary vs. Secondary DNS

The SOA record is primarily used for **Zone Transfers (AXFR/IXFR)** between a primary (master) and secondary (slave) DNS server. This architecture ensures that if the primary server goes offline, the secondary servers can still answer queries based on the data they synced previously.

Serial Number Best Practices

The serial number must always increase. If you decrease it, secondary servers will stop updating because they think their current version is newer. A common format is:

2026040801 (Year + Month + Day + Revision)