It's been a few days that I am doing my best to properly understand the bind9 official documentation:

There are many bind9 tutorials out there. However, I do have many problems reconciling the proposed solutions to any official definition of a SOA RR that I can find.

Among others, I also checked:

And despite all that, I am still very confused about the proper format for a SOA RR.

Many tutorials seem to offer a syntax similar to this one:

example.com. 43200 IN SOA ns1.example.com. other.example.com. (
 2011090302 ;Serial Number
 86400 ;refresh
 7200 ;retry
 1814400 ;expire
 86400 ;minimum

I don't quite explain the presence of the two domains before the opening of the parenthesise. However, without the second one, named-checkzone complained.

However, this site in particular:
offers a zonefile with a SOA RR like this:

@   SOA ns1 (   ; ns1.basiczone.com is the primary server for basiczone.com
      postmaster  ; contact email for basiczone.com is postmaster@basiczone.com
      2004041700  ; Serial ID in reverse date format
      21600   ; Refresh interval for slave servers
      1800    ; Retry interval for slave servers
      604800    ; Expire limit for cached info on slave servers
      900 )   ; Minimum Cache TTL in zone records

Note the absence of the class IN. Also, only one domain (ns1) is present before the opening parenthesis.

So, the main question is: what is the precise, official, or most recommended grammar for an SOA RR? Where is this grammar most precisely defined?

Finally, when to use a SOA record? My understanding is that I need a SOA record for any domain that I want to host and for which I want to be an authoritative name server.

    I don't think you looked hard enough for information. Many online references (e.g. http://www.zytrax.com/books/dns/ch8/soa.html ) explain it, that second domain is actually an email address, but @ in a zone file has a very specific meaning so you can't spell out the address. – Ward - Reinstate Monica Jan 22 '12 at 03:57
  @Ward: please define "(not) looked hard enough". It's been 4~5 days I'm trying to learn how to set up a name server & configure bind9 manually. I have literally dozens of web browser windows each with around a dozen tabs opened. And this is the first time I am asking for help. You can call me newbie, dim-witted, slow-learner, (all true) but "not trying hard enough" certainly does not apply to me. In all my browsing in the last few days, I have not come across a page like the one you point to, which indeed explains things much better than what I have read so far. So thanks for the link.
  • And besides, I didn't post: "Please, set up my name server for me". I posted a very specific, non-argumentative question on an on-topic technical definition that had been puzzling me for a while. I searched, searched a lot, but I am only guilty of not finding. Please explain the down vote. – augustin Jan 22 '12 at 05:30
  The first three results I get for "soa record" give good explanations. I really don't think you're looking hard enough if you don't know how to find the correct RFC (or if you don't know that RFC's are the authoritative sources). I think the best answer to your question is get a good book on DNS, many people think highly of the O'Reilly book DNS and BIND: http://shop.oreilly.com/product/9780596001582.do#
    @Ward: I did find the RFC. It's in the list of links in my question. I read it but didn't understand it. I couldn't make the parallel between what I read there and some of the sample zone file out there. It's easy to use google when you know exactly what you're looking for. I have used google extensively, but obviously, didn't know enough to query with the right key words. And that's why I came here. I thought this was a Q&A web site.

The first name after the word SOA is MNAME, the name server that is authoritative for the zone -- e.g., the name of your name server itself.

The second name, RNAME, looks like a domain name but isn't. It's the string you get if you replace the "@" character with "." in the email address of the person responsible for the zone. (Hopefully your email address doesn't have a "." before the "@".)

For both of these names (and others in zone files) the zone name itself is implicitly appended unless the name ends in a period: foo means foo.example.com, while foo. means foo. A common mistake is to write foo.example.com, which bind publishes to the world as foo.example.com.example.com, when you should have written foo.example.com..

The parentheses allow you to write a resource record that spans multiple lines in your text file. One of the examples you supplied puts the opening parenthesis between the MNAME and the RNAME, while the other puts it after the RNAME, but there's no functional difference.

"IN" specifies the "internet" class, which is the default, so you can leave it out.

Recommended grammar: Follow the wikipedia example and use a tool like dig or dnsq to show what your name server is actually telling the world, instead of spending too much effort second-guessing how bind is parsing your zone file.

Precise grammar: BIND source code. (Only if you're really trying to be pedantic -- not necessary if you're just trying to make your zone file work.)

Official grammar (or at least the internet equivalent of official):

Every zone should have an SOA. If you serve that zone ("authoritative" or not) you should have SOA along with all the other records in the zone. Practically speaking, if you're writing a zone file, put an SOA in there -- and if you're copying the entire zone file from someone else, so you'll get the SOA that way, so you don't need to worry about it.

  • My zone file seems to be working now. At last! One thing that still bothers me a little is that, comparing the two examples I posted above, in the first one, the email address is placed before the parenthesis, and in the other one, after the opening parenthesis. Thanks again for the answer. +1. – augustin Jan 22 '12 at 08:19
    Glad I could help. As for the parentheses, their sole purpose is to denote a multi-line record. If you take either example, remove the comments, remove the newlines between parentheses so the SOA is all on one line, and then remove the parentheses themselves, the result will be correct. Sure, moving the parentheses around would change the meaning in nearly every other grammar out there... but not this one. – tomclegg Jan 22 '12 at 09:09
  • Oh, yes! I had read about the use of () for multi-line editing. Simply, I hadn't properly connected the dots (too brain tired after many days of searching and reading). Their strange use completely confused me. Thanks for clarifying that last point. Blessings. :) – augustin Jan 22 '12 at 10:24