Loading controls...
Benchmark: Start of Authority (SOA) Records
Overview
A Start of Authority (SOA) record is a type of resource record in the DNS containing administrative information about the zone, especially regarding zone transfers. An SOA resource record is created at the time of creating a managed zone.
Every domain must have an SOA record at the cutover point where the domain is delegated from its parent. A zone without an SOA record does not conform to the standard required by RFC 1035.
This benchmark contains best practices for SOA records.
Usage
Browse dashboards and select Start of Authority (SOA) Records:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check net_insights.benchmark.dns_soa_best_practicesSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.benchmark.dns_soa_best_practicesControls
- All name server records should have same SOA serial
- Primary name server should be listed at parent
- SOA serial number should be between 1 and 4294967295
- SOA refresh value should be between 1200 and 43200 seconds (12 minutes to 12 hours)
- SOA retry value should be between 120 and 7200 seconds (2 minutes to 2 hours)
- SOA expire value should be between 1209600 and 2419200 seconds (2 weeks to 4 weeks)
- SOA minimum TTL value should be between 600 and 86400 seconds (10 minutes to 24 hours)