SOA Record Core DNS

The SOA record (Start of Authority) is a mandatory DNS record that contains essential information about a DNS zone. Every DNS zone must have exactly one SOA record, which defines the zone's primary nameserver, administrator contact, and timing parameters for zone synchronization.

What Is an SOA Record?

The SOA record marks the beginning of a DNS zone and contains metadata about the zone. It specifies:

• Which nameserver is the primary (master) for the zone
• Contact information for the zone administrator
• A serial number used to track zone changes
• Timing values that control how secondary nameservers sync
• How long to cache negative responses (NXDOMAIN)

SOA Record Format

example.com.    3600    IN    SOA    ns1.example.com. admin.example.com. (
                                      2024011501  ; Serial
                                      7200        ; Refresh
                                      3600        ; Retry
                                      1209600     ; Expire
                                      3600        ; Minimum TTL
                                      )

SOA Record Components

Understanding Each Field

Primary Nameserver (MNAME)

The hostname of the primary (master) nameserver that holds the authoritative copy of the zone. Zone transfers originate from this server.

Administrator Email (RNAME)

The email address of the zone administrator, written with a dot instead of @. For example:

[email protected] → admin.example.com.

If the email contains a dot before the @, escape it with a backslash:

[email protected] → john\.doe.example.com.

Serial Number

A version number that must be incremented whenever the zone is updated. Secondary nameservers compare this value to determine if they need to refresh their copy.

Common serial number formats:

• Date-based (recommended) — YYYYMMDDnn (e.g., 2024011501)
• Unix timestamp — Seconds since 1970
• Sequential — Simple incrementing number

Refresh Interval

How often (in seconds) secondary nameservers should check with the primary for zone updates. Typical values: 3600-86400 seconds (1-24 hours).

Retry Interval

If a refresh attempt fails, how long to wait before trying again. Should be less than the refresh interval. Typical: 600-3600 seconds.

Expire Time

If a secondary can't reach the primary for this long, it stops answering queries for the zone. Should be much longer than refresh. Typical: 1-2 weeks (604800-1209600 seconds).

Minimum TTL (Negative Caching)

Originally the default TTL for all records, this field now specifies how long to cache negative responses (NXDOMAIN — domain doesn't exist). RFC 2308 clarified this behavior.

SOA Record Values by Use Case

SOA Record Best Practices

• Always increment serial — After any zone change, increment the serial number or secondaries won't update.
• Use date-based serials — Format like YYYYMMDD## makes it easy to see when the zone was last updated.
• Set reasonable timers — Balance between keeping secondaries current and not overwhelming the primary.
• Keep valid admin email — The RNAME should be a monitored email address for zone-related issues.
• Don't use short expire times — If your primary is down, you want secondaries to continue serving the zone.

Checking SOA Records

You can query SOA records using dig:

# Query SOA record
dig example.com SOA

# Get just the SOA values
dig example.com SOA +short

# Query from a specific nameserver
dig @ns1.example.com example.com SOA

SOA vs NS Records

Troubleshooting SOA Records

Common issues and solutions:

• Secondary not updating — Check that the serial number was incremented after zone changes.
• Zone transfer failing — Verify the MNAME server allows zone transfers and is reachable.
• Invalid RNAME format — Remember to replace @ with a dot in the email address.
• Serial number overflow — If using date format, ensure you haven't exceeded the maximum (about 4 billion).
• Stale secondaries — If expire is too short and primary is unreachable, secondaries stop serving the zone.