Home / server / Questions / 750430
Accepted
Olaf
Asked: 2016-01-21 01:56:14 +0800 CST

"SOA Serial Number Format is Invalid" warning by mxtoolbox.com - why?

  • 772

When testing the SOA setting for example-domain.org on http://mxtoolbox.com/, it says that 

SOA Serial Number Format is Invalid

The entry is 

ns-885.awsdns-46.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

That, however, is exactly what Amazon suggest in their Route 53 documentation on http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/SOA-NSrecords.html

mxtoolbox issues a warning - why? They also consider the missing DMARC settings as an error.

Please bear with me - I am not a sysadmin. Any hint that uses a language that a developer can understand is greatly appreciated.

domain-name-system

4 Answers

  1. Best Answer

    There is a recommendation that the SOA serial number use a format that is four digits of year, two digits of month, two digits of day and two digits of count of changes in the same day. This format is common, but far from universal (look at .COM for a high-profile example of a zone that doesn't). The tool you got the error message from is oversensitive and should be adjusted.

    • 27

  2. The SOA SERIAL field is specified to be an an unsigned integer value that has special rules for how it wraps around, and consequently also for how serial numbers are compared, etc.

    RFC1035 defines this field as:

    SERIAL

    The unsigned 32 bit version number of the original copy of the zone. Zone transfers preserve this value. This value wraps and should be compared using sequence space arithmetic.

    The arithmetic of serial numbers is explained in detail in RFC1982.

    Anyway, the popular YYYYMMDDnn "format" is just a convention for picking integer values such that, when written out in decimal, convey some meaningful information to humans (may be helpful when troubleshooting). The use of such values have no special meaning in the system itself and using values that do not follow this convention is not an error.

    • 11

  3. mxtoolbox issues a warning when your serial does not match XXXXMMDDnn in their time zone. Assuming you are east of their time zone, your serial might be considered to be a day in the future and not meet their suggested format, thus yielding to a warning.

    Try again in some hours without touching the serial and the warning will be gone.

    • 3

  4. Just for anyone confused as to which part of the record we are talking about, it is the "1". So this...

    ns-885.awsdns-46.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

    could be changed to this (for 1st change of today, say)...

    ns-885.awsdns-46.net. awsdns-hostmaster.amazon.com. 2022080201 7200 900 1209600 86400

    That is, YYYYMMDDnn equals the combination of year, month, day, and number of changes made so far today starting from 01. Hope that helps clarify for non-technical people. :-)

    • 0