Glossary Guides

What Is an SOA Record

Learn what an SOA record is, what Start of Authority means, zone serial numbers, refresh timers and SOA best practices.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 5 min read Beginner

Introduction

Every authoritative DNS zone has exactly one SOA record. It marks the beginning of the zone and carries metadata used by secondary nameservers.

Beginners rarely need to change SOA directly, but understanding it helps when troubleshooting zone transfers, TTL behavior or nameserver issues.

Quick answer

Quick answer

An SOA record is the Start of Authority for a DNS zone. It stores administrative details such as the primary nameserver, responsible contact, serial number and default timing values. Most users never edit SOA manually — the DNS provider manages it.

What it means

SOA stands for Start of Authority. It identifies the primary source of zone data and includes timers that affect how secondary servers refresh zone information.

  • Primary nameserver — main source of zone data
  • Responsible email — often hostmaster.domain (with . instead of @)
  • Serial — increases when zone changes (for zone transfers)
  • Refresh — how often secondaries check for updates
  • Retry — wait time if refresh fails
  • Expire — when secondaries stop serving if primary is unreachable
  • Minimum TTL — default for records without explicit TTL

Where you see this:

  • Inside every authoritative DNS zone
  • Secondary nameserver synchronization
  • DNS provider automated zone management
  • Advanced multi-server DNS setups
Example
example.com.  SOA  ns1.provider.com. hostmaster.provider.com. (
  2024062801  ; serial
  7200        ; refresh
  3600        ; retry
  1209600     ; expire
  300         ; minimum TTL
)

Why this matters

Why this matters

SOA mistakes can cause secondary nameservers to serve stale data or stop answering. Confusing SOA minimum TTL with individual record TTL leads to wrong expectations about propagation speed.

How to check it

  1. Run DNS Lookup and look for the SOA record in zone details.
  2. Note the primary nameserver and serial number.
  3. Compare SOA primary NS with your expected DNS provider.
  4. Use dig example.com SOA for command-line output.
  5. Leave SOA editing to your DNS provider unless you have a specific reason.

Look up SOA record

Use DNS Lookup to view the SOA record and zone timing values for a domain.

Run DNS Lookup →

Common mistakes

Editing SOA without understanding impact

Medium

Manual SOA changes can break secondary DNS synchronization.

Next step: Let your DNS provider manage SOA unless you run custom secondary DNS.

Stale serial on secondary DNS

Low

Secondaries may not pick up zone updates if serial does not increment.

Next step: Contact DNS provider support if zone updates are not propagating between NS.

Confusing SOA TTL with every record TTL

Low

Minimum TTL in SOA is not the TTL on every individual record.

Next step: Check each record’s own TTL value for propagation planning.

Example

SOA record fields (simplified)
Primary NS:   ns1.dnsprovider.com
Contact:      dns.dnsprovider.com
Serial:       2024062801
Refresh:      7200 seconds
Retry:        3600 seconds
Expire:       1209600 seconds
Minimum TTL:  300 seconds

Frequently asked questions

Do I need to create an SOA record manually?

Usually no. Your DNS provider creates and maintains SOA when the zone is created.

What is the SOA serial number?

A version counter that increases when zone data changes. Secondary nameservers use it to detect updates.

Does SOA affect email or SSL?

Not directly. SOA is zone metadata. Mail and SSL depend on MX, TXT, A and certificate configuration.

Can I change SOA minimum TTL to speed propagation?

Individual record TTL values matter more for day-to-day changes. SOA minimum TTL is a zone default, not a global override for every record.

Use these free tools to verify your configuration after applying changes.

Browse all Glossary guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.