SOA Record Monitoring
We just added SOA record monitoring to DNS Check.
SOA, or Start of Authority resource records are DNS records that define a number of global parameters for a DNS zone, or domain.
An SOA record’s Serial Number normally gets updated each time the zone file is updated. This makes monitoring the SOA record an idea that’s worth considering for infrequently modified zone files, since monitoring a single record normally has the effect of monitoring all records in the zone file for changes. We still recommend monitoring the remaining DNS records, since it’s not guaranteed that the Serial Number will be updated. Think of SOA record monitoring of one layer of a multi-layered DNS record monitoring system.
If a zone file is updated frequently, then you may decide to exclude its SOA record from monitoring. To do this, just delete the SOA record from the DNS Check DNS record group after importing the zone file.
Each zone file should contain a single SOA record.
SOA DNS records contain the following fields:
- Name Server - An authoritative name server for the domain. Only one name server should be listed, even if there are multiple NS records for the domain.
- Email - The email address of the domain’s administrator. The @ sign should be replaced with a dot (.). The address may be either relative or fully qualified. For example, if the $ORIGIN is “example.com.”, then “[email protected]” can be represented as either “dns.example.com.”, or “dns”.
- Serial Number - Unsigned 32-bit integer between 1 and 4,294,967,295. This value is incremented when a resource record (DNS record) in the zone file is added, removed or updated. Serial Numbers often include the date of the last edit. For example, a Serial Number of “2015091300” would indicate that the zone file was last updated on September 13, 2015. If the zone file were edited again on the same day, then the Serial Number would normally increment by one to “2015091301”.
- Refresh - Signed 32-bit integer representing the time, in seconds that a slave name server should wait before refreshing the zone from the master by checking its SOA record.
- Retry - Signed 32-bit integer representing the time, in seconds that the slave should wait before retrying to connect to the master name server if there is a communications failure.
- Expire - Signed 32-bit integer representing the time, in seconds that may elapse before zone file data is no longer considered authoritative. The SOA record’s Expire time should be set to a greater value than the Refresh time.
- Minimum - Signed 32-bit integer representing “negative caching time”, in seconds. Valid values are 1 to 10800 (3 hours). “Negative caching time” refers to the number of seconds that NXDOMAIN results should be cached in DNS.
Here are some example values:
| Field Name | Example Value | Meaning |
|---|---|---|
| Name Server | ns1.example.com. | The ns1.example.com name server is authoritative for this domain |
| dns.example.com. | This domain’s administrator can be contacted by sending an email to [email protected] | |
| Serial Number | 2015091300 | The serial number for this zone file is “2015091300” |
| Refresh | 3600 | Slave servers should check the master name server for updates every 3600 seconds (once an hour) |
| Retry | 60 | If there’s an error communicating with the master server for this zone, try again in 60 seconds |
| Expire | 1209600 | The zone file data will expire in 1209600 seconds (2 weeks) |
| Minimum | 60 | Negative (NXDOMAIN) DNS lookup results should be cached for 60 seconds. |
Here’s an example zone file entry for an SOA record which contains the above example values:
example.com SOA ns1.example.com. dns.example.com. 2015091400 3600 60 1209600 60
There are two ways to import an SOA record into DNS Check. Navigate to the desired DNS record group, then either:
- Click the “Import zone file” button, then paste in your SOA record.
- Click the “Add DNS record button”, then select “SOA record”, and specify the record’s parameters:
SOA records join a growing list of DNS record types that are supported by DNS Check. That list now includes:
- A records
- AAAA records
- CNAME records
- MX records
- NS records
- PTR records
- SOA records
- SRV records
- TXT records
We hope you find the ability to check SOA records to be helpful. Please feel free to contact us if you have any questions.
If you haven’t tried DNS Check yet, please sign up for a free account. Free accounts can check and monitor up to 10 DNS records at a time. If you’d like to check more than 10 DNS records, then you can upgrade to a paid account at any time. We’d love to earn your business.
