0

I've read RFC 1034 and RFC 1035 to learn about DNS protocol standards. I'm searching to find a limit occurring of SOA resource records. I'm aware that A, AAAA, CNAME, NS, MX, TXT RRs have no limit. How about SOA?

Community
  • 1
Hoseyn Heydari
  • 103
  • 5

1 Answers1

5

Each zone can only have one SOA record. It would not make sense for it to have multiple SOA records which may contradict each other.

RFC 1034 states on p. 20 (emphasis my own):

Though logically part of the authoritative data, the RRs that describe the top node of the zone are especially important to the zone's management. These RRs are of two types: name server RRs that list, one per RR, all of the servers for the zone, and a single SOA RR that describes zone management parameters.

RFC 1035 is even more explicit (p. 35):

Exactly one SOA RR should be present at the top of the zone.

Edit: As pointed out in the comments, the question was about DNS packets, not zone files. And RFC 5936 states (p. 11):

An AXFR response that is transferring the zone's contents will consist of a series (which could be a series of length 1) of DNS messages. In such a series, the first message MUST begin with the SOA resource record of the zone, and the last message MUST conclude with the same SOA resource record. Intermediate messages MUST NOT contain the SOA resource record.

An AXFR transfer will thus include two SOA records per packet.

Community
  • 1
Tommiie
  • 5,627
  • 2
  • 12
  • 46
  • I read these section parts several times, but unable conclude what you did. It's lack of knowledge about or even worst understanding English. – Hoseyn Heydari Jan 08 '19 at 12:30
  • 1
    If you read an entire RFC, it's easy to miss some details. Plus the RFCs aren't always written in an easy-to-read language. I quickly found the answer to your question by searching for "SOA" and skimming through the document that way. If you're sattisfied with the answer, you can mark it as "accepted". – Tommiie Jan 08 '19 at 12:32
  • 3
    Note, however, that this does not necessarily mean that you will never receive a DNS packet containing more than one SOA record. If you do, it indicates that something is wrong with the DNS server, and you could legitimately refuse to process the packet - just don't let it result in a buffer overflow or anything. :-) – Harry Johnston Jan 09 '19 at 22:40
  • @HarryJohnston Do you aware of DNS types like AFXR (252) which has exactly two SOA record in one packet [RFC 5936](https://tools.ietf.org/html/rfc5936)? I means are you sure about SOA record numbers in the packet. – Hoseyn Heydari Jan 12 '19 at 20:53
  • 1
    @HoseynHeydari, I was just pointing out that your code needs to cope with malformed packets regardless of what the standard says. Apart from that, I was assuming this answer to be correct. Looks to me like you've found an exception, though it is kind of a special case - you shouldn't receive an AFXR response unless you've explicitly asked for it, in which case you should know what to expect. – Harry Johnston Jan 12 '19 at 21:34
  • @HarryJohnston I realized your last comment mean better now. I was searching for this, also seems I couldn't ask accurate enough. :-). – Hoseyn Heydari Jan 12 '19 at 21:58
  • Seems like my answer is incorrect then, also because I read to wuestion as to be about zone files, not about DNS packets. I’ll correct my answer when I’m at my pc later. – Tommiie Jan 13 '19 at 05:03