Case Study - Defending against DDoS attacks, improving DNS management, and enhancing web redirects

What is SOA (Start of Authority) record?

The SOA means Start Of Authority. The SOA record defines the beginning of the authoritative DNS zone and specifies the global parameters for the zone. These parameters include the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

Every DNS zone registered in ClouDNS must have an SOA (Start of Authority) record. There is one SOA record per zone.

Example of SOA record can be seen below:

$ dig SOA cloudns.net +short

pns1.cloudns.net. support.cloudns.net. 2020080526 7200 3600 1209600 60

History

The SOA record, a key component of the DNS, was established in 1987 as part of the initial DNS architecture in RFC 1034 and RFC 1035. Key clarifications and updates were provided in RFC 2181 and RFC 2308, with RFC 8499 offering a detailed definition. This record type is also mentioned in various other RFCs, highlighting its significance in the DNS framework.

Why do you need a SOA record?

The SOA record contains core information about your zone. It is not possible for your zone to work without that information. Therefore, it is mandatory to have an SOA record for each of your zones. In addition, there are some other reasons why you need it. Here are some of them:

  • It helps ensure that the same server manages any changes made to a domain name and its associated records. 
  • We use it to identify the authoritative domain name server and define that server's parameters. 
  • It also introduces a default time-to-live (TTL) setting to the domain's resource records, meaning they remain cached by DNS servers for a certain amount of time.

The SOA record has the following structure:

  • Serial number - The revision number of this zone file. Increment this number each time the zone file is changed. It is important to increment this value each time when a change is made so that the changes will be distributed to any secondary DNS servers. In our system, the serial number is automatically incremented on each DNS zone change.
  • Primary name server (NS) - The host name for the primary DNS server for the zone. The Primary NS, set by default, is ns11.cloudns.net. If you enter an invalid primary name server, it will be changed back to ns11.cloudns.net
  • DNS admin e-mail - The e-mail address of the person, responsible for administering the domain's zone file. If you enter an invalid e-mail for DNS administrator, it will be changed back to support@cloudns.net.
  • Refresh Rate - The time in seconds that a secondary DNS server waits before querying the primary DNS server's SOA record to check for changes. The refresh rate varies from 1200 to 43200 seconds.
  • Retry Rate - The time in seconds that a secondary server waits before retrying a failed zone transfer. Usually, the retry rate is less than the refresh rate. The default value is 1800 seconds. The retry rate varies from 180 to 2419200 seconds.
  • Expire time - The time in seconds that a secondary server will keep trying to complete a zone transfer. If this time expires before a successful zone transfer, the secondary server will expire its zone file. The secondary will stop answering queries, as it considers its data too old to be reliable. The default value is 1209600 seconds.
  • Default TTL - The minimum time-to-live value applies to all resource records in the zone file. This value is supplied in query responses to inform other servers how long they should keep the data in the cache. The default value is 3600 seconds (1 Hour).

How to create a DNS SOA record?

The SOA is added automatically for every DNS zone hosted at ClouDNS. You could adjust the SOA values from within the “SOA Settings” button for each of your Zones.

Note: Managing SOA records is not available for Free users.

Default SOA parameters

If you are on one of our paid plans, you can set up default SOA parameters that will be used when you create a new zone or reset your current SOA details. This can be done from the profile settings of the account.

How to setup?

1. Log in with your ClouDNS account.

2. Enter into your profile settings by clicking on your e-mail link at the top of the page.

3. In the SOA settings panel you can set up default values for DNS admin e-mail, Primary NS, Refresh rate, Retry rate, Expire time, and Default TTL then click on the Save button.

Note: This feature is available for Premium, DDoS Protected, and GeoDNS subscriptions.

How to add a SOA Record - Step by Step video:

SOA record VS NS record

Despite the fact that both records are mandatory for the normal work of your zones, their roles are quite different.

SOA record is a kind of documentary record, automatically generated along with the initial creating of your DNS zone. It contains valuable and obligatory information such as the DNS admin email address, the primary name server, the DNS zone’s serial number, and few other values.

The NS records identify the name servers, responsible for your DNS zone. In other words, the NS records tell which servers can be contracted to obtain the records pertaining to the domain.

Serial Primary NS DNS admin email Refresh rate Retry rate Expire time TTL
2020111305 pns21.cloudns.net support@cloudns.net 7200 1800 1209600 1 Hour
Host: Type: Points to: TTL
hostname.com NS ns1.cloudns.net* 1 Hour

How to check SOA record

You can manually check the SOA record for a domain name by using one of the following commands:

If you are a Windows user, you can open the Command Prompt and check your SOA records via Nslookup. Here is an example:

$ nslookup -q=soa example.com

If you are a Linux/macOS user, you can open the Terminal and check your SOA record via DIG. Here is an illustration:

$ dig example.com soa

In addition, if you prefer to use an online tool, you can check your SOA record with ClouDNS Free DNS tool.

How to start managing SOA records with ClouDNS?

  1. Open free trial account from here - free for 30 days, regular price $2.95/month (Premium S)
  2. Verify your e-mail address
  3. Log into your control panel
  4. Create new Master DNS from the [add new] button - read more here
  5. Click on the SOA settings icon and configure it as you need

Support of SOA records

ClouDNS provides full support for SOA records. Each DNS zone has a SOA record, but the main settings - admin mail, primary name server and so on can be changed only by customers with active non-free subscription. All DNS hosting plans here includes SOA record management:

Editing SOA Record

When editing your SOA record, it's crucial to increment the serial number for each change to ensure DNS synchronization across servers. Properly setting refresh, retry, and expire intervals is vital for efficient DNS updates and minimizing network load. Additionally, configuring the minimum TTL is important for balancing the caching duration of DNS records, impacting how quickly changes propagate across the network. These elements are key to maintaining DNS stability and performance.

FAQ

Question: Do I need to have an SOA record for my domain?

Answer: Yes, every domain is required to have an SOA record. Without an SOA record, it would be impossible for DNS servers to view the records associated with a domain.

Question: How come I don't see the SOA record along with my other records at my DNS zone management page?

Answer: SOA record is not listed with the stack of your other records at your DNS zone management page. Its values can be modified from within the "SOA Settings" button for each of your zones.

Question: I am a Free user of yours and I want to manage my SOA details. What do I have to do?

Answer: SOA settings are available to premium accounts only. You must upgrade in order to manage your SOA settings.

Question: Online checkers alarm me with "Primary Name Server Not Listed At Parent". How to fix this warning.

Answer: We recommend you to check your SOA settings and make sure that one of your domain's name servers is specified as Primary NS in the SOA record. It is a common warning when customers use custom name servers, but the Primary NS in the SOA record has been left to the default.

Question: Can I edit an existing SOA record?

Answer: Yes, you can edit an existing SOA record. However, you should always be careful when editing an SOA record, as it can significantly impact how your domain works. Make sure to back up the existing SOA record before making any changes.

Question: What is a negative TTL?

Answer: A negative TTL is setting on an SOA record that instructs domain name servers to ignore the record and not cache the record for future use.



Last modified: 2024-01-24
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more