APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Understanding SOA records

© January 2006 Sangeetha Naik

by Sangeetha Naik

I've learned that there is nothing more peaceful than a sleeping child - Anonymous, Age 30

To an Internet Administrator, there is nothing more peaceful than a stable and optimized DNS server. The moment there is a wrong configuration, the server wakes up and starts crying, sites and email goes down. An important part of keeping DNS that way is properly setting up the SOA records.

What are DNS Records. DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the WebServers that serve the website or to Email servers that handle the incoming email.

This is how a typical Zone file (containing many common DNS records) looks like.

; Zone file for mydomain.com
mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com.(
                600 )

mydomain.com. 14400 IN NS ns.mynameserver.com.
mydomain.com. 14400 IN NS ns2.mynameserver.com.
mydomain.com. 14400 IN NS ns3.mynameserver.com.

mydomain.com. 14400 IN A

localhost.mydomain.com. 14400 IN A

mydomain.com. 14400 IN MX 0 mydomain.com.
mail 14400 IN CNAME mydomain.com.
www 14400 IN CNAME mydomain.com.
ftp 14400 IN CNAME mydomain.com.

In the rest of this article, we'll analyze the various parts of this DNS record, starting from the top.

SOA Records

An SOA(State of Authority) Record is the most essential part of a Zone file. The SOA record is a way for the Domain Administrator to give out simple information about the domain like, how often it is updated, when it was last updated, when to check back for more info, what is the admins email address and so on. A Zone file can contain only one SOA Record.

A properly optimized and updated SOA record can reduce bandwidth between nameservers, increase the speed of website access and ensure the site is alive even when the primary DNS server is down.

Here is the SOA record. Notice the starting bracket ``(``. This has to be on the same line, otherwise the record gets broken.

; name          TTL      class  rr       Nameserver              email-address
mydomain.com. 14400      IN     SOA      ns.mynameserver.com. root.ns.mynameserver.com. (
                2004123001 ; Serial number
                86000 ; Refresh rate in seconds
                7200 ; Update Retry in seconds
                3600000 ; Expiry in seconds
                600 ; minimum in seconds )

mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com.(

can also be written as

@ 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (


14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (

Reducing DNS bandwidth

There is constant bandwidth usage between primary and secondary(backup DNS) servers. This depends a lot on the Refresh value. If the refresh value is say 3 hours, your secondary server is polling your primary server every 3 hours and updating the cache. Lets assume you have a 1000 zone files, each with 3 hours refresh rate. You can imagine the bandwidth that must be getting used. This is especially true if the servers are on 2 separate physical servers.

An increase in the Refresh rate can effectively reduce bandwidth usage between the primary and secondary server.

Increasing site speed

The time it takes to access a website on a browser includes the time it takes to look it up on the domain name server. By increasing the ``Minimum'' value, we're telling the contacting clients to keep their copies of the zone file for a longer time. In effect, reducing the lookups to the nameserver. By reducing the number of times a client has to lookup, we're increasing the site speed.

However, this also means that if you make changes to the DNS record, it will take longer to propagate. If you require to make frequent updates to your DNS records, make sure your Minimum value is lesser than 1 day. That means longer lookup times, but accurate information for the clients

If you are planning a major update on the DNS zone file(say moving to another server or hosting service), reduce the Minimum value a couple of days prior to the change. Then make the change and then jack up the minimum value again. This way the caching clients all over the world will pick up the changes quicker and yet you do not need to sacrifice on site speed thereafter.

How to improve backup

Always keep a secondary DNS server and keep a higher Expiry value. This will mean that even if the Primary server goes down, the secondary will have the cached copy(for as long as the Expiry value stands) and it will keep serving lookups. Keeping a secondary server but a low expiry value defeats the purpose of a Backup.

How to test SOA records

You have set the new SOA values, and you want to know whether the update has taken place. ``Dig'' is a good tool to troubleshoot and check for DNS information.

For example to check out the SOA records of yahoo.com from all the nameservers, primary and secondary, all you need to do is

# dig yahoo.com +nssearch
SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2005122907 3600 300 604800 600 from server ns2.yahoo.com in 0 ms.
SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2005122907 3600 300 604800 600 from server ns3.yahoo.com in 0 ms.
SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2005122907 3600 300 604800 600 from server ns1.yahoo.com in 239 ms.
SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2005122907 3600 300 604800 600 from server ns4.yahoo.com in 280 ms.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Understanding DNS SOA records

1 comment

Inexpensive and informative Apple related e-books:

Take Control of the Mac Command Line with Terminal, Second Edition

Take Control of Parallels Desktop 12

Take control of Apple TV, Second Edition

Take Control of IOS 11

Sierra: A Take Control Crash Course

More Articles by © Sangeetha Naik

Mon Jan 2 15:45:19 2006: 1468   BigDumbDinosaur

TTL - 14400 - TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached.

If your master name server configuration seldom changes a good value for this is 604800 (one week). It can also be defined mnemonically (e.g., 7D for one week). If you are planning changes to your master you should set this to a low value at least one day before you actually make your changes so as to force clients to invalidate cached information in a timely fashion. Once the changes have been made and tested this value can revert to a longer one. I recommend that the maximum not exceed one week, even though, as the author points out, you can set it to many years.

Serial number - 2004123001 - This is a sort of a revision numbering system to show the changes made to the DNS Zone.

Something that needs to be clarified about the serial number is its role in triggering slave server updates. Any time the master name server is restarted the slaves will be notified of the restart and will compare the master's current serial number to what it was before the restart. If the serial number has incremented the slaves will request a complete refresh of all resource records, and their notion of the DNS configuration will change to reflect whatever changes have occurred on the master. If the sysadmin has forgotten to increment the serial number (or accidentally reverses it) the slaves will wrongfully assume that nothing has changed on the master and will not request an update. The result would be that the slaves would continue to reflect the outdated DNS information until the next scheduled refresh occurs (which could be a day or more away, depending on the refresh value). Bottom line is that it is absolutely essential that the serial number be incremented no matter how trivial the change made to the master's data.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Your computer needn't be the first thing your see in the morning and the last thing you see at night. (Simon Mainwaring)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode