A newbie question: what is SOA for?

  • Thread starter Thread starter Lei Hu
  • Start date Start date
L

Lei Hu

Dear Experts,

I've just started learning DNS, and I'm sorry if this is a stupid question.

Can anyone out there please explain SOA to me? Can one zone have only one
SOA record or can have more? Books say that SOA should point to the primary
DNS server for the zone, and there should be an A record for the server
pointed to by SOA. In the win2k DNS server which I'm playing with, if I open
the properties page of SOA and change the name of the primary server (w2k
allows me to do this), what will this result in?

Thanks in advance!!

Lei
 
Lei Hu said:
Dear Experts,

I've just started learning DNS, and I'm sorry if this is a stupid question.

Can anyone out there please explain SOA to me?

SOA stands for "start of authority" but the simplest way to
understand the SOA record of a zone is to think of it as the
"header record".

As the header record, the SOA declares and defines some
information about the zone as a whole, including the name
of the zone, the responsible person (an email address with
the "@" sign replaced by a "."), and some time out values
like the Default TTL (time to live AKA time to cache)
records which don't have a specific override for the TTL.

Think of the SOA as the header record for the zone.
Can one zone have only one SOA record or can have more?

Only One.

But recognize that secondary servers copy the entire zone
file and so, each COPY has a copy of the SOA.
Books say that SOA should point to the primary
DNS server for the zone,

Yes, that is another item in the SOA.
and there should be an A record for the server
pointed to by SOA.

Yes. If you give a name but don't give the A (or address)
record it would be difficult to find (maybe.)
In the win2k DNS server which I'm playing with, if I open
the properties page of SOA and change the name of the primary server (w2k
allows me to do this), what will this result in?

Probably nothing (nothing bad anyway).

The SOA record was invented before the GUI and so
reflects the need to define everything in a text file.

It might cause trouble if you only had one Primary (were
not using AD-integrated DNS) and your clients needed to
find the ONLY truly dynamic DNS server for the zone.

BTW, don't do that. <grin> - Leave it set to the Primary
or to the main AD-integrated DNS server for the zone.
 
Thanks Herb!!

Herb Martin said:
SOA stands for "start of authority" but the simplest way to
understand the SOA record of a zone is to think of it as the
"header record".

As the header record, the SOA declares and defines some
information about the zone as a whole, including the name
of the zone, the responsible person (an email address with
the "@" sign replaced by a "."), and some time out values
like the Default TTL (time to live AKA time to cache)
records which don't have a specific override for the TTL.

Think of the SOA as the header record for the zone.


Only One.

But recognize that secondary servers copy the entire zone
file and so, each COPY has a copy of the SOA.


Yes, that is another item in the SOA.


Yes. If you give a name but don't give the A (or address)
record it would be difficult to find (maybe.)


Probably nothing (nothing bad anyway).

The SOA record was invented before the GUI and so
reflects the need to define everything in a text file.

It might cause trouble if you only had one Primary (were
not using AD-integrated DNS) and your clients needed to
find the ONLY truly dynamic DNS server for the zone.

BTW, don't do that. <grin> - Leave it set to the Primary
or to the main AD-integrated DNS server for the zone.
 
Hi there,

This is to follow up my preivous question about primary server name in a SOA
record.

Q1: Must the DNS server that holds the master copy of a .dns file be the
primary server for the zone? Or put it another way, is it possible for a
server to be the primary DNS server for a zone with the .dns file hosted in
another server?

Q2: A DNS server always knows that it is the primary server or a secondary
server. If it is the primary, it resolves names by looking up its dns file.
No client specifies its primary and secondary DNS servers by their names,
rather, by their IP addresses. Therefore, DNS server's name doesn't need to
be resolved. So, my question is, what is the primary server name in the SOA
recored for? Who uses this info?

Thanks a lot!!
 
Lei Hu said:
Hi there,

This is to follow up my preivous question about primary server name in a SOA
record.

Q1: Must the DNS server that holds the master copy of a .dns file be the
primary server for the zone?

Depends on what you mean by "master". While Primary
is a very specific technical term in DNS, the word "Master"
is a bit more flexible.

Sometimes we use the term "master" to mean the Primary or
any of the SET of Active Directory Integrated DNS servers
(AD-Int-DNS) -- here the word emphasizes which machine,
or set of machines, can CHANGE the zone.

A master in this sense should be listed in the SOA.

The more technical and traditional use of the word "master"
in DNS is on a Secondary DNS server which much pull the
zone from another DNS server of that same zone: The DNS
server chosen for the source of the file is termed the MASTER
(of that Seconary.)

Many people think this "master" must be the primary but
that is not true -- ANY DNS server of that same zone can
be the master of any other Secondary of that zone (as long
as the master allows the transfer.)

Or put it another way, is it possible for a
server to be the primary DNS server for a zone with the .dns file hosted in
another server?

Not really -- anything is "possible" (if you write you own
DNS server software for instance) but that doesn't make sense
nor would it likely even be useful.
Q2: A DNS server always knows that it is the primary server or a secondary
server.

Yes, because only the Primary (or AD-Int-DNS server SET) can
accept changes.

And Yes, because the Secondaries do not accept changes but
rather pull from another DNS server of that same zone (i.e.,
the Master.)
If it is the primary, it resolves names by looking up its dns file.

Seconardies do precisely this also. Remember that Secondaries
have a full copy of the zone.

Secondaries pull from the zone file from a Master in what is termed
a "Zone Transfer."

FYI: Secondaries and Primaries are ALL "authoritative". (You will
hear people misuse the word "authoritative" to mean Primary.)

Secondaries are authoritative because they have an Authoritative, i.e.,
CORRECT and FULL, copy of the zone with it's SOA record.
No client specifies its primary and secondary DNS servers by their names,
rather, by their IP addresses.

Actually, neither. Clients do not know nor generally care which
is the Primary or Secondary.

[This terminology mistake is VERY common on these lists and a
minor pet peeve of mine since it adds to the confusion of those
who read or hear it incorrectly.]

Clients specify a PREFFERED or an ALTERNATE DNS server.
These servers might be the Primary and the Secondary for the same
zone as the client, or they might be specified in the opposite order.

In fact, it is perfectly possible for the client to use a set of DNS
servers (Preferred and Alternate) that have NOTHING to do directly
with their "own zone". (Note this is not usual for internal clients but
perfectly normal for machines which are ON the Internet.)

So when discussing the client configuartion, use Preferred and
Altnernate or just say the "client configuration" or the NIC->IP
settings.
Therefore, DNS server's name doesn't need to
be resolved.

That part is correct. Whichever you specify you use the
IP, because it wouldn't work if they client had to contact
the DNS server to resovle the DNS server name to contact
the DNS server (ugh!)
So, my question is, what is the primary server name in the SOA
recored for?

Historically, it was more for documentation purposes probably.

But with the additional of DYNAMIC DNS it became one way
a client could discover which DNS server allows for updates.

This is the exception to the rule that "clients don't generally"
need to know the Primary explicitly -- if they will update their
own records dynamically they must find the DNS server which
can accept the changes.

....OR another DNS server much be willing to forward those
changes up the "secondary->master" chain to the Primary.
Who uses this info?

See above -- why are you worried about this?

You are likely clarify several DNS misconceptions but not
actually getting much useful on your precise questions so it
might be useful to understand the underlying motivation for
those questions.

Are you just "learning" (that's fine) or are you trying to solve
a real-world problem (which we might address directly)?

FYI 2:
Another minor oddness occurs with the Master entry in the
SOA: Historically AD-Int-DNS server sets did not exist and
so this was always PRECISELY ONE DNS server.

Today it would make more sense to allow a LIST of IP or DNS
server names for the "master".

Notice that the term Master here is probably use to mean "the
DNS server that can accept changes for the zone".
 
LH> Q2: A DNS server always knows that it is the primary server or a
LH> secondary server. If it is the primary, it resolves names by looking
LH> up its dns file.

This is also the case if it is a secondary.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-database-replication.html>

LH> No client specifies its primary and secondary DNS servers by their
LH> names, rather, by their IP addresses.

You are conflating "primary/secondary" with "preferred/alternate".
 
LH> Can anyone out there please explain SOA to me?

Yes.

LH> Can one zone have only one SOA record or can have more?

It varies. Some DNS server softwares will prohibit "SOA" resource
records being attached anywhere other than at the "zone" apex, and will
prohibit "SOA" resource record sets of size greater than one. With
other DNS server softwares, the existence of an "SOA" resource record
set is the _definition_ of a "zone" apex. (Microsoft's DNS server
defines "zones" by partitioning its back-end database, and so is not in
this latter category.)

LH> Books say that SOA should point to the primary DNS server for
LH> the zone, and there should be an A record for the server pointed
LH> to by SOA.

Books are wrong.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-soa-field-semantics.html#DynamicDNS>

LH> In the win2k DNS server which I'm playing with, if I open the
LH> properties page of SOA and change the name of the primary
LH> server (w2k allows me to do this), what will this result in?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-soa-field-semantics.html#DynamicDNS>
 
Herb, and Jonathan,

Thanks both of you for your kind replies and info. Yes, I'm learning; I just
want to clarify some concepts, and that's it.

Best regards,

Lei
 
Back
Top