What Is an SOA Record
Learn what an SOA (Start of Authority) record is, what each field means, and how it controls zone transfers, caching, and DNS authority for your domain.
An SOA (Start of Authority) record is a mandatory DNS record that exists at the top of every DNS zone. It defines key information about the zone, including which name server is the primary authority, the contact email of the zone administrator, and timing parameters that control how secondary DNS servers synchronize with the primary.
SOA Record Format
Every SOA record contains seven fields:
example.com. 86400 IN SOA ns1.dnscale.eu. admin.example.com. (
2026030901 ; Serial number
3600 ; Refresh (1 hour)
900 ; Retry (15 minutes)
1209600 ; Expire (2 weeks)
300 ; Minimum TTL (5 minutes)
)Field Breakdown
| Field | Example | Description |
|---|---|---|
| MNAME | ns1.dnscale.eu. | Primary (master) name server for the zone |
| RNAME | admin.example.com. | Admin email β the first . replaces @ (i.e., admin@example.com) |
| Serial | 2026030901 | Version number β incremented on every change |
| Refresh | 3600 | How often (seconds) secondary servers check for updates |
| Retry | 900 | How long secondaries wait before retrying a failed refresh |
| Expire | 1209600 | How long secondaries serve stale data if the primary is unreachable |
| Minimum TTL | 300 | Default TTL for negative responses (NXDOMAIN caching) |
How the SOA Record Works
Zone Authority
The SOA record declares which name server is the primary authority for a zone. When DNS resolvers need to find the authoritative answer for a domain, the SOA tells them where to look.
Zone Transfers
Secondary DNS servers use SOA fields to decide when to synchronize:
- Secondary checks the primary at the refresh interval
- It compares the serial number β if it's higher, the zone has changed
- The secondary initiates a zone transfer (AXFR or IXFR) to get the latest data
- If the primary is unreachable, the secondary retries at the retry interval
- If the primary stays unreachable past the expire time, the secondary stops serving the zone
Negative Caching
The minimum TTL field controls how long resolvers cache negative responses. When someone queries a name that doesn't exist, the NXDOMAIN answer is cached for this duration, reducing unnecessary queries to your authoritative servers.
Serial Number Conventions
The serial number must increase with every zone change. Two common formats:
Date-Based (Recommended)
YYYYMMDDNN
2026030901 β 2026-03-09, change #01
2026030902 β 2026-03-09, change #02This format is human-readable and supports up to 99 changes per day.
Simple Incrementing
1, 2, 3, 4, ...Simpler but gives no indication of when changes were made. DNScale automatically manages serial numbers for you when you create or update records.
Recommended SOA Values
| Field | Recommended | Use Case |
|---|---|---|
| Refresh | 3600 (1h) | Standard zones |
| Refresh | 300 (5min) | Frequently changing zones |
| Retry | 900 (15min) | Standard β gives time for transient issues |
| Expire | 1209600 (2w) | Standard β secondaries serve data for up to 2 weeks |
| Minimum TTL | 300 (5min) | Good balance of caching vs. responsiveness |
| Minimum TTL | 60 (1min) | Dynamic environments where names change often |
Querying SOA Records
Check a domain's SOA record using dig:
dig SOA example.com
# Output:
# example.com. 86400 IN SOA ns1.dnscale.eu. admin.example.com. (
# 2026030901 3600 900 1209600 300 )Query a specific nameserver:
dig SOA example.com @ns1.dnscale.euCompare serial numbers across nameservers to verify synchronization:
dig +short SOA example.com @ns1.dnscale.eu
dig +short SOA example.com @ns2.dnscale.euIf the serial numbers match, your secondary is in sync.
SOA and DNScale
DNScale automatically manages the SOA record for every zone you create:
- Serial numbers are incremented automatically when you add, update, or delete records
- MNAME is set to the DNScale primary nameserver
- Timing parameters use sensible defaults optimized for reliability
- Zone transfers to edge nodes are handled automatically via PostgreSQL replication, ensuring faster propagation than traditional AXFR-based transfers
Common Issues
Serial Number Not Incrementing
If secondaries aren't picking up changes, the serial number may not have been updated. DNScale handles this automatically, but if you manage zones manually, always increment the serial.
Expire Too Short
If your expire value is too low and the primary goes down, secondaries will stop serving your zone quickly. Use at least 1 week (604800 seconds).
Negative TTL Too High
A high minimum TTL means that if you create a new record, users who previously got an NXDOMAIN response will continue to see "not found" until the negative cache expires. Keep this at 300 seconds or lower for active zones.
Related Record Types
- NS Records β define which nameservers are authoritative for a zone
- What Is a DNS Zone β understand zones and their structure
- DNS Record Types β overview of all DNS record types
- System Records β why SOA and apex NS records are protected from modification
Conclusion
The SOA record is the control center of every DNS zone. Its fields govern zone transfers, caching behavior, and authority delegation. While DNScale manages SOA records automatically, understanding the SOA helps you troubleshoot synchronization issues and optimize your DNS infrastructure.