Benchmark: Start of Authority (SOA) Records
Overview
A Start of Authority (SOA) record is a type of resource record in the DNS containing administrative information about the zone, especially regarding zone transfers. An SOA resource record is created at the time of creating a managed zone.
Every domain must have an SOA record at the cutover point where the domain is delegated from its parent. A zone without an SOA record does not conform to the standard required by RFC 1035.
This benchmark contains best practices for SOA records.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-net-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Start of Authority (SOA) Records.
Run this benchmark in your terminal:
powerpipe benchmark run net_insights.benchmark.dns_soa_best_practicesSnapshot and share results via Turbot Pipes:
powerpipe benchmark run net_insights.benchmark.dns_soa_best_practices --shareControls
- All name server records should have same SOA serial
- Primary name server should be listed at parent
- SOA serial number should be between 1 and 4294967295
- SOA refresh value should be between 1200 and 43200 seconds (12 minutes to 12 hours)
- SOA retry value should be between 120 and 7200 seconds (2 minutes to 2 hours)
- SOA expire value should be between 1209600 and 2419200 seconds (2 weeks to 4 weeks)
- SOA minimum TTL value should be between 600 and 86400 seconds (10 minutes to 24 hours)