Check-Host.cc

Info Ping HTTP TCP UDP MTR DNS

Start of Authority (SOA) Checker

The SOA (Start of Authority) record acts as the administrative heart of any DNS zone. It is a mandatory record; without a valid SOA, the domain ceases to exist across the global routing table. The SOA payload dictates the core operational parameters for the domain, establishing which server is the definitive source of truth, who manages it, and the strict timing mechanisms that dictate how secondary, redundant nameservers replicate the zone data.

The Zone Serial Number and State Replication

The most critical integer within the SOA payload is the Serial Number. By industry convention, this is often formatted as a date-stamp (e.g., 2023102401 for the first change on Oct 24, 2023). Every single time an administrator modifies an A, MX, or TXT record, this serial number must be incremented. Secondary (slave) nameservers routinely query the primary server's SOA record. If they detect a serial number higher than the one stored in their local cache, it triggers an immediate AXFR or IXFR zone transfer to pull the updated routing tables. If the serial is not incremented during an edit, the secondary servers will never sync, leading to fractured, inconsistent DNS responses.

Administrative Timing: Refresh, Retry, and Expire

The SOA record defines three specific timers that govern the resilience of the zone:

  • Refresh: The interval (in seconds) that secondary servers wait before polling the primary server for serial changes.
  • Retry: If the primary server is offline during a poll, this defines how long the secondary server waits before trying again.
  • Expire: The absolute maximum time a secondary server will continue to serve cached records if the primary server goes permanently offline. Once this timer is reached, the secondary server stops answering queries, effectively downing the domain to prevent serving severely outdated data.

Negative Caching and the Minimum TTL

A frequently misunderstood parameter of the SOA record is the Minimum TTL value. Historically used to set a baseline caching time, RFC 2308 repurposed this integer exclusively for Negative Caching. If a user queries a subdomain that does not exist (e.g., fake.example.com), the authoritative server responds with an NXDOMAIN error. The resolver uses the SOA Minimum TTL to determine exactly how long to cache that failure. A low value prevents prolonged outages if an administrator quickly fixes a typo, while a high value protects the authoritative server from DDoS floods querying random, non-existent subdomains.