This article will explain how to perform a NSLOOKUP to read SOA records in Windows. In addition to this, I will explain what SOA records are and how they related to DNS.
Before we figure out how to look up a Start of Authority record, it’s best if we cover some of the basics like what a Start of Authority record is and how it fits into the Domain Name System. The Start of Authority or SOA record in Domain Name System (DNS) is a critical piece of the DNS system.
DNS allow you to assign a simple name to an IP address. For example, you can type in www.google.com in your web browser and your computer will use DNS to translate this friendly name into an IP address.
You can liken DNS to a language translator. Humans speak in one language while machines work in a different language. DNS translates human language to machine language. SOA records are present to let you know which translator can be trusted for a specific domain. It’s a way for a domain operator to ‘certify’ their translators.
What is contained in a SOA record? Just a few bits of important information:
- Primary name server – this is the meat of the SOA record. This lets others performing name lookup know that the server listed here is an authorized ‘translator’ for this domain.
Email address of responsible person – each SOA needs to have an email address for an administrator of the domain in question. Note that a ‘.’ is used in place of the ‘@’ symbol. Thus email@example.com would be joeb.domain.com in the SOA record.
- Serial Number – this is a number that tracks the revision of the SOA record. When this number changes, other name servers will know to update their records.
- Refresh time – the number of seconds a secondary DNS server waits to check for changes to the SOA record. By default this is set to one hour – 3600 seconds.
- Retry time – this is the number of seconds a secondary DNS server will wait before retrying after a zone transfer fails. The default here is 600 seconds.
- Expire time – if a secondary server is unable to complete a zone transfer, it will stop answering queries after this number of seconds is up. By default it is one day or 86,400 seconds.
- Minimum time to live (TTL) – Typically when a client does a name lookup, it will cache whatever results are returned. The TTL value lets the client know how long to cache the data it has stored. Default value for TTL is 3600 seconds or one hour.
Using NSLOOKUP To Find The SOA
Using a DNS lookup tool to read a SOA record in Windows is relatively easy. Although there are several tools out there that can do this, we’ll take advantage of a built in Windows tool called NSLOOKUP.
- Open up a command prompt (go to Start, Run and type ‘cmd’).
- At the command prompt type ‘nslookup’ and hit ENTER. Your default name server and its IP address will be shown.
- Type ‘set type=soa’ and hit ENTER. This will tell NSLOOKUP what type of record to retrieve in the following query.
Type the name of a domain you want to look up and hit ENTER. In figure 1 you can see I used google.com. Note that this is a ‘non-authoritative’ answer. This means that the name server I used to look up this record thinks this is correct, but isn’t authoritative on the matter.
- In order to get the authoritative answer, we’ll use one of Google’s name servers. While still at your NSLOOKUP prompt, type ‘server ns1.google.com’ and hit ENTER (note that ns1 is listed as Google’s primary name server).
- Next type ‘google.com’. We can now see a lot more information than the previous query (Figure 2). We also don’t get the warning about being a non-authoritative source. In addition to the previous information, we can now see several of Google’s other name servers.
Although SOA records aren’t terribly exciting, they are an integral part of the domain name system and without them browsing to your favorite site (Brighthub right?) would be much more time consuming and difficult.
Image Credits: Screenshots taken by R. Tetzlaff