Tuesday, September 17, 2013

DNS - SOA Record

An SOA (State of Authority) Record is probably the most essential part of a Zone file. SOA record specifies the DNS server providing authoritative info about an Internet domain, the email of the domain administrator, the domain serial number and several timers to refresh the zone. It is okay that a Zone file only contains one SOA record.

A properly optimized and updated SOA record can reduce bandwidth between nameservers, increase the speed of website access and ensure the site is alive even when the primary DNS server is down.

Below is an example of SOA record "db.mydomain.com":

$TTL 86400
;name class rr Nameserver email-address
@      IN  SOA   crab.wrotethebook.com. alana.crab.wrotethebook.com. (
                 2013091600      ; serial number
                 860000          ; refresh every 100 hours
                 3600            ; retry after 1 hour
                 3600000         ; expire after 1000 hours
                 600             ; negative cache is 1 hour

The "@" can also be a domian name, for example, mydomain.com, it is just specify the main name in the zone file. If you see a "@", it means it references the current origin. Becuase in this example there is no $ORIGIN directive, the current origin is the domain "domain.mydomain.com".

TTL - 86400 - TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached. The range is defined to be between 0 to 2147483647 (close to 68 years !) .

Class - IN - The class shows the type of record. IN equates to Internet. Other options are all historic. So as long as your DNS is on the Internet or Intranet, you must use IN.

Nameserver - wrotethebook.com. - The nameserver is the server which holds the zone files. It can be either an external server in which case, the entire domain name must be specified followed by a dot. In case it is defined in this zone file, then it can be written as ``ns'' .

Email address - alana.crab.wrotethebook.com. This is the email of the domain name administrator. Now, this is really confusing, because people expect an @ to be in an email address. However in this case, email is sent to alana@crab.wrotethebook.com, but written as root.ns.nameserver.com . And yes, remember to put the dot behind the domain name.

Serial number -  2004123001 - This is a sort of a revision numbering system to show the changes made to the DNS Zone. This number has to increment , whenever any change is made to the Zone file. The standard convention is to use the date of update YYYYMMDDnn, where nn is a revision number in case more than one updates are done in a day. So if the first update done today would be 2013091600 and second update would be 2013091601.

Refresh - 860000 - This is time(in seconds) when the slave DNS server will refresh from the master. This value represents how often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone). It can be written as ``23h88M'' indicating 23 hours and 88 minutes. If you have a regular Internet server, you can keep it between 6 to 24 hours.

Retry - 3600 - Now assume that a slave tried to contact the master server and failed to contact it because it was down. The Retry value (time in seconds) will tell it when to get back. This value is not very important and can be a fraction of the refresh value.

Expiry - 3600000 - This is the time (in seconds) that a slave server will keep a cached zone file as valid, if it can't contact the primary server. If this value were set to say 2 weeks ( in seconds), what it means is that a slave would still be able to give out domain information from its cached zone file for 2 weeks, without anyone knowing the difference. The recommended value is between 2 to 4 weeks.

Minimum - 600 - This is the default time(in seconds) that the slave servers should cache the Zone file. This is the most important time field in the SOA Record. If your DNS information keeps changing, keep it down to a day or less. Otherwise if your DNS record doesn't change regularly, step it up between 1 to 5 days. The benefit of keeping this value high, is that your website speeds increase drastically as a result of reduced lookups. Caching servers around the globe would cache your records and this improves site performance.

No comments: