dog, the command-line DNS client

The SOA record

The SOA (start of authority) record contains information about the DNS zone, which is a part of the hierarchy of domains that makes up the Domain Name System.

It contains the following fields, in order:

  1. The name of the primary nameserver for this zone.
  2. The e-mail address of the party responsible for the zone.
    (This is encoded where the first . becomes an @.)
  3. The internal serial number for this domain.
  4. The duration after which the zone should be refreshed.
  5. The duration before a failed refresh operation should be retried.
  6. The duration after which this zone should no longer be considered authoritative.
  7. The TTL for how long to cache the non-existence of domains inside this zone.

Example

Here, we specifically query for CNAME records for example.com. The result is a nameserver administered by ICANN, along with the six other values.

$ dog SOA example.com
SOA example.com. 1h00m00s   "ns.icann.org." "noc.dns.icann.org." 2019121373 2h00m00s 1h00m00s 14d0h00m00s 1h00m00s

SOA records in the Authoritative section

SOA records are commonly seen when querying a domain that does not exist — even when the query is not asking for SOA records specifically.

Here, we search for the nonsense domain name aotenhisou.osteouaou.moeuisn. Because there is no moeuisn TLD, the DNS server responds with the names of the DNS root servers instead.

$ dog aotenhisou.osteouaou.moeuisn
Status: NXDomain
SOA example.org. 1h00m00s A "a.root-servers.net." "nstld.verisign-grs.com." 2020041702 30m00s 15m00s 7d0h00m00s 1d0h00m00s

To prevent these records being mistaken for a correct answer, they are placed in the Authoritative section of the response, specified in dog’s output by the A character.