SOA and Zone File

Whats the relationship between the SOA resource record and the Zone File for a domain?

I have looked into SOA records and know what they contain but am just unsure how that fit into the scheme of things?

eg is an SOA record part of a zone file for a domain that sits on the primary nameserver? Is that right?

Where can I lookup the SOA resource record for my domain?

Thanks for any advice...

Andrew Duffy

There is exactly 1 SOA record for each zone. A zone isn't a zone without an SOA record, and a zone can't have more than one SOA record. When doing a zone transfer, the SOA record is listed as the first and last records in the transfer. Also the SOA record is used to describe certain things about the zone. The first data field indicates the primary server for a given zone. The next one is a contact email address responsible for the zone. The next field is the serial number for the current zone contents revision. The serial number is used by secondary servers (or slaves) to keep track of changes made to the zone. Generally, the higher the value of the serial number, the more recent the change. The next 3 fields refresh, retry, and expire are also used by slaves. The slave will check the master to see if the zone has changed every refresh seconds. If the attempt failed, it will try again every retry seconds. If after expire seconds the slave has not been able to get anything from the master, then it will stop considering itself as a verified host for the domain and will return "non-authoritative" results for it. The last data field, minimum, used to indicate the minimum time to cache records in that zone by resolvers. However, now, it is used to indicate how long to cache a negative result. Like if "bob.zonename.com" doesn't exist, the resolver will remember this fact for "minimum" seconds.

This is google's SOA record:
dig google.com soa

Thats all cool, thanks for that.. so I'm wondering...

for a zone do you have a separate SOA record and then a separate zone file? The two are separate entities and must be placed on the nameserver separately? (with mx records, nameserver details etc)

What makes an SOA record and a zone file authoritative for a zone on a nameserver? Why can't I put a zone file and SOA record for say google.com on my nameservers and really cause some havoc? Not that I want to, but just for my understanding of DNS!

Thanks again
Andrew

"for a zone do you have a separate SOA record and then a separate zone file?"

A "zone" is a domain and all of its subdomains. Each zone is confined to a single file. Each zone file includes a SOA record in addition to all the other records you want like MX and A and such.

"What makes ... a zone file authoritative for a zone on a nameserver?"

You've got the wrong angle. A zone file is assumed to ALWAYS be authoritative. A dns server is authoritative if it is a host for the queried domain. The dns server returns authoritative if it has a zone file for that domain, or if it is setup as a slave and therefor transferred a copy of the zone from the master.

"Why can't I put a zone file and SOA record for say google.com on my nameservers and really cause some havoc?"

You can, and some people do. You can host any zone you want on your dns server. The thing is, nobody outside of your network will query your server for that zone, so it's not like you're going to be making any trouble. Locally hosting other people's zones is a good way to override the public information with custom information for local queries only.

Thanks, that was such a good answer...