What Is an SOA Record in DNS?

TL;DR
An SOA record (Start of Authority) is mandatory, every DNS zone must have exactly one.
It contains administrative metadata: primary name server, zone admin email, serial number (for change tracking), and timers that control how secondary servers refresh data and how long records are cached.
Most DNS providers manage SOA automatically, you rarely edit it directly.

Look up SOA records

Enter a domain name to lookup SOA records

View full DNS lookup tool with advanced options →

How SOA Records Work

The SOA is the first/primary record in any zone file. It defines:

Who is authoritative (primary NS)
Who to contact (admin email)
Zone version (serial number)
Replication behavior (refresh, retry, expire timers)
Default caching (minimum TTL)

Secondary name servers use the SOA to:

Check for updates (via REFRESH interval)
Compare serial numbers, trigger zone transfers (AXFR/IXFR) if changed
Stop serving data if unreachable too long (EXPIRE)

Key SOA Components

example.com. 3600 IN SOA ns1.example.com. admin.example.com. (
    2025012201   ; SERIAL
    3600         ; REFRESH
    1800         ; RETRY
    604800       ; EXPIRE
    86400 )      ; MINIMUM (negative caching TTL)

MNAME: Primary authoritative name server
RNAME: Admin email (. instead of @, trailing dot)
SERIAL: Version number, increment on every change (common format: YYYYMMDDnn)
REFRESH: Seconds secondary servers wait before checking for updates
RETRY: Seconds to wait after failed refresh before retrying
EXPIRE: Seconds after which zone data is invalid if no refresh
MINIMUM: Default TTL for records without explicit TTL (also negative caching time)

Common Use Cases

Zone authority & replication, defines primary NS and sync rules
Change tracking, serial ensures secondaries update only when needed
Caching control, MINIMUM affects how long negative responses (NXDOMAIN) are cached
Admin contact, email for zone issues (rarely used today)
Provider-managed DNS, Cloudflare, Route 53, etc. auto-generate SOA

How to Lookup SOA Records

dig example.com SOA

nslookup -type=SOA example.com

Real-World Examples

Standard self-hosted

example.com. SOA ns1.example.com. admin.example.com. 2025012201 3600 1800 604800 86400

Cloudflare-managed

example.com. SOA lara.ns.cloudflare.com. dns.cloudflare.com. 2025012201 10000 2400 604800 3600

AWS Route 53

example.com. SOA ns-1234.awsdns-12.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

SOA vs Other Record Types

Feature	SOA	NS	A / AAAA
Required per zone	Yes (exactly one)	Yes (multiple)	No
Purpose	Zone metadata & control	Authoritative servers	IP mapping
Multiple allowed	No	Yes	Yes
Controls replication	Yes (serial, timers)	Partial (delegation)	No
Managed by	Provider / zone file	Registrar / provider	Domain owner

→ See also: NS Record, A Record

Frequently Asked Questions

Do I ever need to edit the SOA record?

Rarely. Modern DNS providers manage it automatically. Only edit if running your own authoritative servers (BIND, PowerDNS, etc.).

What happens if serial isn't incremented?

Secondary servers won't detect changes, zone data stays outdated until manual intervention or expire time.

Why is email in RNAME formatted with dots?

It's an old DNS convention, @ is replaced by . because @ isn't allowed in domain names.

What's a good serial number format?

YYYYMMDDnn (date + two-digit sequence), easy to read and avoids overflow.

References

RFC 1035

Domain Names - Implementation and Specification

Related: NS Record · A Record · DNS Basics