SOA Record

What is an SOA Record?

The SOA record (Start of Authority) is a mandatory DNS record that contains essential administrative information about a DNS zone. Every DNS zone must have exactly one SOA record at the zone's apex, defining the primary nameserver, responsible administrator contact, zone serial number, and timing parameters for zone transfers and caching. The SOA record establishes authority and provides critical metadata for DNS operations.

SOA Record Structure

Component Fields

example.com. IN SOA ns1.example.com. admin.example.com. (
                    2024010101 ; Serial number
                    3600       ; Refresh (1 hour)
                    900        ; Retry (15 minutes)
                    604800     ; Expire (1 week)
                    86400      ; Minimum TTL (1 day)
                    )

Field Breakdown

Field	Purpose	Typical Value
MNAME	Primary nameserver	ns1.example.com
RNAME	Admin email (@ replaced with .)	admin.example.com
Serial	Zone version number	YYYYMMDDnn
Refresh	Secondary check interval	3600-86400
Retry	Retry after failed refresh	900-3600
Expire	Secondary gives up	604800-2419200
Minimum	Negative caching TTL	300-86400

SOA Record Fields Explained

MNAME (Primary Nameserver)

The authoritative nameserver for the zone:

Should be a valid, resolvable hostname
Points to the primary DNS server
Used by secondary servers to identify source

RNAME (Responsible Person)

Administrator contact email:

admin.example.com = admin@example.com

hostmaster.example.com = hostmaster@example.com

Note: First dot replaces @ symbol

Serial Number

Version identifier for zone data:

Common format: YYYYMMDDnn Example: 2024010102 (Jan 1, 2024, revision 2) Must increment with every zone change

Secondaries compare to know if updates needed

Timing Parameters

Control zone transfer and caching behavior:

Refresh: How often secondaries check for updates

Recommended: 3600-86400 seconds (1-24 hours)

Retry: Wait time after failed refresh attempt

Recommended: 900-3600 seconds (15-60 minutes)

Expire: When secondaries stop serving zone

Recommended: 604800-2419200 seconds (1-4 weeks)

Minimum TTL: Negative caching duration

How long to cache "domain doesn't exist" responses

Recommended: 300-86400 seconds

Viewing SOA Records

Using dig

dig example.com SOA # Output:

example.com. 3600 IN SOA ns1.example.com. admin.example.com. 2024010101 3600 900 604800 86400

Using nslookup

nslookup -type=SOA example.com

SOA Record Best Practices

1. Increment serial on every change: Critical for zone transfers

2. Use meaningful serial format: YYYYMMDD## recommended

3. Set appropriate timers: Balance freshness vs server load

4. Use valid contact email: Reachable administrator

5. Ensure MNAME is resolvable: Must point to valid NS

Common SOA Issues

Problem	Cause	Solution
Zone transfer fails	Serial not incremented	Always update serial
Stale data on secondaries	Refresh too long	Reduce refresh interval
High DNS load	Refresh too short	Increase refresh interval
NXDOMAIN cached too long	High minimum TTL	Reduce minimum value

The SOA record is the foundational administrative record for any DNS zone, controlling synchronization between primary and secondary nameservers and defining caching behavior for the entire zone.