Bind: what is the zonefile SOA RR grammar


It's been a few days that I am doing my best to properly understand the bind9 official documentation:

There are many bind9 tutorials out there. However, I do have many problems reconciling the proposed solutions to any official definition of a SOA RR that I can find.

Among others, I also checked:

And despite all that, I am still very confused about the proper format for a SOA RR.

Many tutorials seem to offer a syntax similar to this one: 43200 IN SOA (
 2011090302 ;Serial Number
 86400 ;refresh
 7200 ;retry
 1814400 ;expire
 86400 ;minimum

I don't quite explain the presence of the two domains before the opening of the parenthesise. However, without the second one, named-checkzone complained.

However, this site in particular:
offers a zonefile with a SOA RR like this:

@   SOA ns1 (   ; is the primary server for
      postmaster  ; contact email for is
      2004041700  ; Serial ID in reverse date format
      21600   ; Refresh interval for slave servers
      1800    ; Retry interval for slave servers
      604800    ; Expire limit for cached info on slave servers
      900 )   ; Minimum Cache TTL in zone records

Note the absence of the class IN. Also, only one domain (ns1) is present before the opening parenthesis.

So, the main question is: what is the precise, official, or most recommended grammar for an SOA RR? Where is this grammar most precisely defined?

Finally, when to use a SOA record? My understanding is that I need a SOA record for any domain that I want to host and for which I want to be an authoritative name server.

Best Answer

The first name after the word SOA is MNAME, the name server that is authoritative for the zone -- e.g., the name of your name server itself.

The second name, RNAME, looks like a domain name but isn't. It's the string you get if you replace the "@" character with "." in the email address of the person responsible for the zone. (Hopefully your email address doesn't have a "." before the "@".)

For both of these names (and others in zone files) the zone name itself is implicitly appended unless the name ends in a period: foo means, while foo. means foo. A common mistake is to write, which bind publishes to the world as, when you should have written

The parentheses allow you to write a resource record that spans multiple lines in your text file. One of the examples you supplied puts the opening parenthesis between the MNAME and the RNAME, while the other puts it after the RNAME, but there's no functional difference.

"IN" specifies the "internet" class, which is the default, so you can leave it out.

Recommended grammar: Follow the wikipedia example and use a tool like dig or dnsq to show what your name server is actually telling the world, instead of spending too much effort second-guessing how bind is parsing your zone file.

Precise grammar: BIND source code. (Only if you're really trying to be pedantic -- not necessary if you're just trying to make your zone file work.)

Official grammar (or at least the internet equivalent of official):

Every zone should have an SOA. If you serve that zone ("authoritative" or not) you should have SOA along with all the other records in the zone. Practically speaking, if you're writing a zone file, put an SOA in there -- and if you're copying the entire zone file from someone else, so you'll get the SOA that way, so you don't need to worry about it.