When you create a new DNS zone in Windows Server 2008, it always automatically configures itself with an SOA record. SOA stands for "start of authority," and as the name implies, it denotes the starting point of authority for a particular zone in the namespace. As shown in Figure 2-3, this record contains information critical to zone operation. Most importantly, the SOA indicates which server is the primary name server for the zone in question. This information is then used in zone replication— the primary name server is the source of the most accurate and up-to-date zone information.
FIGURE 2-3
SOA record properties
The serial number value of the zone is used in deciding whether it is necessary to synchronize the information between the primary and secondary name servers for the zone. When a change is committed to the zone file, the serial number value is incremented, signaling to replication partners that the primary server copy is more recent than what they received during the last replication cycle. (Replication is discussed in more detail later on.) This in turn means that if serial numbers on the primary server match serial numbers in the zone copies stored on the secondary servers, there is no need to replicate the zone, and hence no additional network bandwidth is used to achieve this unnecessary replication. (Note that it is possible to increment the serial number manually.)
The Expires After interval sets a time-out value for secondary zone servers, indicating how long they should store a copy of the zone and respond to client queries after connectivity to the primary zone server becomes unavailable and zone transfer fails. If the primary server cannot be contacted (and hence, zone information cannot be refreshed) for the duration of this interval, then the secondary servers are no longer considered authoritative for the zone, and local copies of the zone are no longer considered reliable; therefore, secondary servers stop servicing requests for the zone. By default, the expire interval value allows 24 hours and is set in days to 1 day (or in seconds to 86,400).
The Refresh Interval sets a value for how often secondary servers should attempt to contact the primary server to verify their zone serial numbers, and transfer the zone if the serial numbers do not match. The less frequently you change information in the primary zone, the more sense it makes to increase this value. Less frequent attempts to refresh zone information will ultimately consume less network bandwidth, although given the bandwidth available to an average company today, this may turn out to be quite a trivial gain. This value is also set in seconds and is assigned 15 minutes by default.
The Retry Interval of the SOA record sets a value indicating how long secondary servers should wait before retrying a failed zone transfer attempt. This interval is generally shorter than the refresh interval, is set in minutes, and is assigned 10 minutes by default.
The Responsible Person field indicates the e-mail address of the DNS administrator, who should be contacted if there is a problem with DNS setup that might be visible from external networks. If you wish to send an e-mail to the DNS administrator, keep in mind that the usual @ sign is not featured in his or her email address due to the standardized format of the zone file. (The @ signs are used to indicate the beginning of a section in the zone file.) Instead of the @ sign, the responsible person's e-mail address is listed with a "." character.
The last field of interest in SOA records is the minimum (default) time to live (TTL). The default TTL is used by the DNS server to automatically assign TTL values to individual records as you create them in the zone. TTL tells other DNS servers on the Internet, which can potentially cache any response to a query, how long they are allowed to service the same query from cache. As soon as TTL expires, caching DNS servers are no longer responding from cache and they would have to contact the authoritative server. Here is an example showing a typical SOA record from a Windows Server 2008 zone file, configured with default values:
IN SOA tordc01.flexecom.com. hostmaster.flexecom.com. ( 33 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL
NS resource records indicate which servers have been delegated authority for the domain in question. Delegation is a process of designating authoritative servers, which in plain terms means assigning servers to host a zone and authoritatively respond to name resolution requests for that zone. Authoritative servers "own" records in the zone that has been delegated to them; they are the most trusted source of addresses for the zone that they host.
In addition to domain delegation, NS records are used to delegate authority for subdomains. When you delegate authority for a subdomain, you essentially transfer the burden of maintaining a portion of the namespace to another DNS server. For instance, the flexecom.com domain can have APAC and NOAM subdomains; DNS servers that are authoritative for flexecom.com can refer all queries for noam. flexecom.com to the North America DNS servers, and apac.flexecom.com to Asia / Pacific regional DNS servers.
To summarize, SOA and NS records collectively form the backbone of DNS, serving as pointers and demarcations between numerous independent DNS subsystems, uniting them into a single distributed database. They allow navigating the DNS tree structure from the top down to lower levels of this structure, although that is about all they do—they do not represent any leaf objects in this structure, which is certainly not the point of having a directory. Leaf objects in DNS are various types of host records, which map hostnames to IP addresses within the structure (see Figure 2-4).
Continue reading here: Resource Records
Was this article helpful?