In the past two posts we talked about the SOA record.  In this post, we’ll finish it.  The last parts of the SOA record are refresh, retry, and expire.  These are all numbers that note the number of seconds.  Each one does a different thing, but they all work together.

Refresh is the number of seconds the secondary name servers wait before asking the primary name server ‘do you have any updates for me?’.  You don’t want the primary to be drowned in requests of ‘got anything got anything got anything?’.  It’s like the two year old younger brother asking you constantly.  That’s annoying.  So we set the refresh of a domain.

The next number is the Retry.  Now suppose I ask my Mom ‘Can I have a new Xbox?’ and I don’t get a response.  How long should I wait so I don’t annoy her?  For a domain, that’s the ‘I didn’t get an answer from my primary name server, how long do I wait before asking again?’  Asking Mom repeatedly for an Xbox (especially if she doesn’t respond) is just going to make her mad.  Overloading a name server with repeated requests can do the same thing.

The Retry time must be less than the Refresh time.  Otherwise, I’m waiting longer than I should to re-ask than when I’d actually be doing my asking to begin with.

Now if my Mom doesn’t respond to me about the Xbox, how long should I wait until I give up on her ever responding?  (With my Mom, that’s infinity.  She’ll just ignore what she calls silly questions.) With domains, that’s Expire.  That tells the secondary server when to give up.  It’s usually a long time and the number has to be bigger than refresh or retry.  If it’s less than retry, then the secondary server is going to go ‘eh, why bother retrying, he’s dead Jim’.  Same with Refresh.  If it’s less than Refresh, then the secondary server is never going to bother trying.

Now for the last number, the TTL.  TTL stands for Time To Live.  This doesn’t actually anything to do with zone transferring.  Surprise!

It has to do with people querying the domain.  When I query a domain and get an IP address, the TTL tells me how long do I believe that response.  If it’s set to 300, then I believe that response for 5 minutes, at which time I have to query again.

It took us three posts, but we covered the SOA record!  In the next post, we’ll talk about other records used in DNS.

In the last post we started talking about the SOA record in DNS and the serial number used in a zone file.  I promised that in this post we’d talk about why we use serial numbers.

Hint:  It’s to cut down on traffic.

Chaos in the Traffic

These days it seems you can stream anything, play games, play music, and there’s always enough bandwidth to go around.  What’s bandwidth?  That’s the size of your connection to the Internet and connections within the Internet.  In the old days, the amount of bandwidth was really small.  You could sit at a terminal and type things on a connection far away and hit a key, wait for it to appear, hit the next key, wait for it to appear.

Slow typing

In other words, there wasn’t much bandwidth available.

People came up with tricks to reduce bandwidth usage and one of those tricks was a serial number.

An operation name servers use to share zone files amongst themselves is called a zone transfer.  You can imagine that some of these files get really big.  If there isn’t a lot of bandwidth, then constantly passing those files back and forth is a bad thing.

Instead, you have the serial number and you ask the other side ‘excuse me, has your serial number increased from the value I have here?’ and if the answer is ‘yes’, then the zone transfer occurs.  Otherwise, the zone file stays where it is.

This means that when the administrator makes any change to the zone file, he has to update the serial number in order for the transfer to happen.

Now for the obvious question:  Can everyone do zone transfers?

Well, the answer is no.  It’s a security problem if we do let everyone transfer.

Who can do transfers?  Like we said before, there’s a master name server listed in the SOA record.  We also know that most domains have more than one name server. For example, Google has four:

• google.com name server ns3.google.com.
• google.com name server ns1.google.com.
• google.com name server ns2.google.com.
• google.com name server ns4.google.com.

Imagine having to update the zone file on each one of those.  No thank you!  That’s what the master name server is for, you update that name server and then the other three can zone transfer your zone file from it, assuming the serial number has increased.  Those other three name servers are called slaves to the master name server or secondaries to the primary name server.  We’ll call them secondary or secondaries.  It’s an older term, but I like it.

We talked about DNS before and we talked about MX records and mail and DNS but now we’re going to talk about what else DNS can do.  Email uses the MX record type but there are a lot more record types for DNS out there than just mail.  In this post, we’re going to talk about one particular record, the SOA record.

Every domain has an SOA record, also known as a Start of Authority record.  Isn’t that a spiffy name?  Sounds like the delegation of authority in a business.  I shall start your authority here and here only!

I am your Start of Authority!

Every domain has a zone file that’s created by the administrator.  The top of that zone file has the SOA record and the rest of the zone file has all the records for the domain.

The SOA record that defines information about the domain itself.  It includes the name for the master name server, that’s the names server that is the be-all and end-all of information for the domain. Think of it as the server that is always going to have the real and true information of the domain.

It also includes an email address for the administrator.  This looks like a domain.  Like:  hostmaster.example.com.  That doesn’t look like an email address, where’s the @ sign?  Well, the first information before the dot is the email address, everything after it is the domain where the email is sent to.  That means that hostmaster.example.com is the email address hostmaster@example.com.

It also has a serial number for the domain.  Every time you make a change in the zone file, you change the serial number.  In the next post, we’ll talk about why the creators of DNS used this.