Start of Authority Record (SOA)
Defines administrative information about a DNS zone — required for every zone.
Standards: RFC 1035 · RFC 2308
What is a DNS SOA record?
The SOA (Start of Authority) record is the first record in every DNS zone. It identifies the primary name server, the responsible party's email (encoded as a domain name), and five timing parameters that control zone replication and negative caching. Secondary name servers use the serial number to detect zone changes. When the serial increments, secondaries perform zone transfers (AXFR/IXFR). The serial is conventionally formatted as YYYYMMDDNN (date + sequence), though it is technically any unsigned 32-bit integer. The SOA MINIMUM field (now called "negative TTL") controls how long negative responses (NXDOMAIN) are cached by resolvers.
Record Structure
| Field | Description |
|---|---|
| MNAME | Primary name server FQDN |
| RNAME | Responsible party email encoded as FQDN (first dot → @), e.g. admin.example.com = admin@example.com |
| Serial | Zone version number. Must increment on every change. Format: YYYYMMDDNN |
| Refresh | Seconds between secondary zone transfer checks (e.g. 3600) |
| Retry | Seconds to wait before retrying a failed zone transfer (e.g. 900) |
| Expire | Seconds after which secondaries stop serving the zone if refresh fails (e.g. 1209600 = 14 days) |
| Minimum TTL | Default TTL and negative caching TTL (e.g. 300) |
Examples
example.com. 3600 IN SOA ns1.example.com. admin.example.com. ( 2024010101 ; serial 3600 ; refresh 900 ; retry 1209600 ; expire 300 ) ; minimum TTL
Common Issues & Fixes
SOA serial not incrementing — secondary DNS stale
If the serial number does not increase after a zone change, secondary servers will not pull the update.
✓ Fix: Always increment the SOA serial when making DNS changes. Use the date+sequence format: YYYYMMDDNN.