Home/ Glossary/ SOA Record (Start of Authority)

SOA Record (Start of Authority) (SOA Record)

Security Glossary - DNS

Definition: The SOA record identifies the primary nameserver for a DNS zone, the email of the zone administrator, and parameters that control how secondary nameservers synchronize with the primary. Every DNS zone must have exactly one SOA record. It includes the serial number (incremented on changes), refresh interval, retry interval, expire time, and minimum TTL.

Why SOA Record Is Important

The SOA record controls the operational behavior of your DNS zone. The serial number tells secondary nameservers when the zone has been updated - if the serial does not increment when you make changes, secondaries will not pick up the updates. This is a common source of DNS inconsistency where some nameservers return outdated records.

The timing parameters in the SOA record affect how quickly changes propagate and how resilient your DNS is to primary server outages. The refresh interval determines how often secondaries check for updates. The expire time determines how long secondaries continue serving records if they cannot reach the primary. Setting the expire time too low means secondaries stop responding quickly during an outage.

Most managed DNS providers handle SOA configuration automatically, so you rarely need to modify it directly. However, understanding the SOA is important when debugging propagation issues or migrating between DNS providers.

Checking Your Setup

A DNS health checker shows your SOA record and validates its parameters. Check that the serial number increases with each change, the refresh and retry intervals are reasonable (3600 and 900 seconds are common defaults), and the expire time is long enough to survive a primary server outage.

Check DNS Health

Common Questions About SOA Record

What should my SOA serial number format be?
The most common format is YYYYMMDDnn (date plus a two-digit counter), like 2026021501. This is easy to read and naturally increments. Some systems use a simple incrementing integer. The only requirement is that it increases with each zone change.
Do I need to manage my SOA record manually?
If you use a managed DNS provider (Cloudflare, Route 53, etc.), the SOA is managed automatically. You only need to worry about SOA configuration if you run your own authoritative nameservers or use BIND/PowerDNS directly.

See Also

Domain Name System NS Record (Nameserver Record) DNS Zone Nameserver Time to Live
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.