• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution
    Highlighted
    Resolver I

    Dedicated Server: DNS SOA Contact Email in root DNS record

    WHM Home >> DNS Functions >> Edit DNS Zone

     

    In the root DNS zone for a dedicated server, I noticed that the default SOA record shows a contact email address of 'info.s123-12-123.secureserver.net.' Should I keep that email address there or updated it to my preferred email address? The service plan says managed but I'm not sure what if any info goes to or gets read at that secureserver.net email address. Security issue if server info goes there?

     

    At least if someone in the community could take a look at their own dedicated SOA record and confirm that this is a default pattern I'd be interested to know that. Thanks.

    .....................................................................................
    Domainer, Web Developer, JohnNapoletano.com
    1 ACCEPTED SOLUTION

    Accepted Solutions
    Highlighted
    Resolver I
    Solution

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    Ok so I used intoDNS.com which tipped me off to the correct settings. Initially I was inquiring about the Hostmaster E-mail address info.s123-12-12-123.secureserver.net, but also was concerned about the MNAME as it's called. IntoDNS.com gave me the following two warnings:

     

    (1) SOA MNAME entry WARNING: SOA MNAME (ns1.secureserver.net) is not listed as a primary nameserver at your parent nameserver!


    (2) Your SOA EXPIRE number is: 3600000. That is NOT OK

     

    I replaced ns1.secureserver.net with ns1.mydomainname.tld for example. I changed the hostmaster e-mail address to something.mydomainname.tld. The expire time I changed to 1209600 seconds or 2 weeks from the 3600000 5 weeks. I still can't find any reference to this in the Godaddy Dedicated server setup instructions.

    .....................................................................................
    Domainer, Web Developer, JohnNapoletano.com

    View solution in original post

    6 REPLIES 6
    Highlighted
    Helper V

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    Since this is not a developer question you will probably get better help in the domains forum.

     

    I don't know what a root DNS is, but if it is what I think it is then you can't change it. If you don't get better help here then post a question in the domains forum and explain where it is that you are looking when see that.

    Highlighted
    Helper V
    Helper V

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    The DNS SOA (Start of Authority) record does not include an email address 

     

    https://support.dnsimple.com/articles/soa-record/ this link has some information on what an SOA Record is. SOA is primarily for the root Domain, IE yourdomain.com and not sub.yourdomain.com

    The SOA provides information on the Authoritative DNS servers for your domain.

     

    Here is an example of the content from an SOA record:

    ns1.dnsimple.com admin.dnsimple.com 2013022001 86400 7200 604800 300

    The SOA record includes the following details:

    • The primary name server for the domain, which is ns1.dnsimple.com or the first name server in the vanity name server list for vanity name servers.
    • The responsible party for the domain, which is admin.dnsimple.com.
    • A timestamp that changes whenever you update your domain.
    • The number of seconds before the zone should be refreshed.
    • The number of seconds before a failed refresh should be retried.
    • The upper limit in seconds before a zone is considered no longer authoritative.
    • The negative result TTL (for example, how long a resolver should consider a negative result for a subdomain to be valid before retrying).

    I would recommend not changing the SOA Record as that can cause issues with DNS for your domain.

    Highlighted
    Resolver I

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    But it does as you mentioned in your bullets:

     

    • The responsible party for the domain, which is admin.dnsimple.com.

    The @ sign is not used in the syntax. So the question is then who is the responsible party, me on a dedicated server or Godaddy, any ideas? If you have a Dedicated or VPS what does yours say?

    .....................................................................................
    Domainer, Web Developer, JohnNapoletano.com
    Highlighted
    Resolver I

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    Developer & Cloud Portal

    Discuss all things web development: Cloud, front-end coding, API integration, DevOps, etc. Also the place to get help with advanced hosting, like VPS and dedicated servers.
     
    ...The category says 'the place to get help with advanced hosting, like VPS and Dedicated Servers. By root DNS i mean the DNS zone file for the domain name used to host the dedicated server.
    .....................................................................................
    Domainer, Web Developer, JohnNapoletano.com
    Highlighted
    Resolver I
    Solution

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    Ok so I used intoDNS.com which tipped me off to the correct settings. Initially I was inquiring about the Hostmaster E-mail address info.s123-12-12-123.secureserver.net, but also was concerned about the MNAME as it's called. IntoDNS.com gave me the following two warnings:

     

    (1) SOA MNAME entry WARNING: SOA MNAME (ns1.secureserver.net) is not listed as a primary nameserver at your parent nameserver!


    (2) Your SOA EXPIRE number is: 3600000. That is NOT OK

     

    I replaced ns1.secureserver.net with ns1.mydomainname.tld for example. I changed the hostmaster e-mail address to something.mydomainname.tld. The expire time I changed to 1209600 seconds or 2 weeks from the 3600000 5 weeks. I still can't find any reference to this in the Godaddy Dedicated server setup instructions.

    .....................................................................................
    Domainer, Web Developer, JohnNapoletano.com

    View solution in original post

    Highlighted
    New

    Re: Dedicated Server: DNS SOA Contact Email in root DNS record

    I receive the following warning for both my domains:


    dns     example1.com     SOA Expire Value out of recommended range

    dns     example2.com.au   SOA Expire Value out of recommended range
     

    The DNS SOA values need to be adjusted as stated below:

    A name server will no longer consider itself Authoritative if it hasn't been able to refresh the zone data in the time limit declared in this value.

    MxToolBox will issue a warning if your value is less than 2 weeks or more than 4 weeks, which are suggested values.

    Why you need authoritative servers

    Additional Information

    Each DNS host has their own interface, but you are looking for either a setting labeled Expire Value or you might have to enter your SOA details manually. If you have to enter your SOA then the Expire value will be second to last number in the SOA.

    Your DNS records are hosted on two or more DNS servers that are supposed to be in regular contact with each other so that they have up to date copies of your DNSrecords. The Expire Value setting tells each slave server how long it is allowed to continue giving out authoritative replies after it has no longer heard from the master server.

    RFC 1912 recommends 1209600 - 2419200 seconds (14-28 days).

    How long a secondary will still treat its copy of the zone
    data as valid if it can't contact the primary.This value
    should be greater than how long a major outage would typically
    last, and must be greater than the minimum and retry
    intervals, to avoid having a secondary expire the data before
    it gets a chance to get a new copy.After a zone is expired a
    secondary will still continue to try to contact the primary,
    but it will no longer provide nameservice for the zone.2-4
    weeks are suggested values. [RFC1912]
     

    Example SOA

    @ INSOA nameserver.example.com.postmaster.example.com. (
    1; serial number
    3600 ; refresh [1h]
    600; retry [10m]
    1209600 ; expire[14d]
    3600 ) ; min TTL [1h]
     
    Anyone know where/how to adjust this on the GoDaddy DNS settings ?