What Is an SOA Record (Start of Authority)?

Q: What fields are in an SOA record?

An SOA record contains seven fields: MNAME (primary nameserver), RNAME (admin email address), Serial (zone version number), Refresh (how often secondaries check for updates), Retry (how long to wait after a failed refresh), Expire (when secondaries stop answering if they can't reach the primary), and Minimum TTL (negative caching duration).

Q: How does the SOA serial number work?

The serial number is a version counter for the zone. Every time you make a change to any DNS record in the zone, the serial number should be incremented. Secondary nameservers compare the serial number to determine if they need to perform a zone transfer. A common convention is to use the date format YYYYMMDDNN (e.g., 2026032001).

An SOA record is a mandatory DNS record that defines the authoritative properties of a DNS zone, including the primary nameserver, the zone administrator, and timing parameters that control how the zone is replicated and cached.

How SOA Records Work

Every DNS zone has exactly one SOA record at the zone apex (root of the domain). It is the first record in a zone file and contains critical metadata about the zone. When secondary nameservers need to synchronize with the primary, they check the SOA record's serial number to determine if the zone has been updated.

The SOA record contains seven fields: MNAME (primary nameserver), RNAME (admin email, with the @ replaced by a dot), Serial (zone version number), Refresh (seconds between secondary checks), Retry (seconds to wait after a failed refresh), Expire (when secondaries stop serving stale data), and Minimum TTL (negative caching duration).

Why SOA Records Matter

The SOA record controls how quickly DNS changes propagate across the internet. A well-configured SOA ensures that secondary nameservers stay in sync with the primary, that stale records expire appropriately, and that negative responses (NXDOMAIN) are cached for a reasonable duration. Misconfigured SOA timers can cause DNS propagation delays or unnecessary load on nameservers.

For email infrastructure, the SOA record is relevant because it governs how fast changes to MX records, SPF, DKIM, and DMARC records propagate. When troubleshooting email delivery issues caused by recent DNS changes, the SOA timing parameters tell you how long to wait for propagation.

Frequently Asked Questions

What fields are in an SOA record?

An SOA record has seven fields: MNAME (primary nameserver), RNAME (admin email), Serial (zone version), Refresh (check interval), Retry (retry interval after failure), Expire (when secondaries stop serving the zone), and Minimum TTL (negative caching duration).

Can a domain have multiple SOA records?

No. Every DNS zone has exactly one SOA record at the zone apex. It is mandatory and defines the authoritative properties of the entire zone.

How does the SOA serial number work?

The serial number is a version counter. Every time a DNS record in the zone changes, the serial should be incremented. Secondary nameservers compare serial numbers to decide if a zone transfer is needed. A common format is YYYYMMDDNN (e.g., 2026032001).

How SOA Records Work

Why SOA Records Matter

Frequently Asked Questions

What fields are in an SOA record?

Can a domain have multiple SOA records?

No. Every DNS zone has exactly one SOA record at the zone apex. It is mandatory and defines the authoritative properties of the entire zone.

How does the SOA serial number work?