Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Русский 
Română 
Deutsch 
Français 
Türkçe 
Español 
Português 
Українська 
български 
Polski 
Indonesia 
中文 (中国) 
Administration 
DNS 
LinuxWhat Is an SOA Record and How to Check It: A Complete Guide
Managing DNS zones effectively is a foundational skill for any system administrator or website owner. At the heart of every DNS zone lies a critical record that defines how the entire zone operates — the SOA record. Whether you're troubleshooting DNS propagation issues, configuring a new domain, or auditing your infrastructure, understanding SOA records is essential.
This guide explains exactly what an SOA record is, breaks down each of its components, and shows you how to check and verify SOA records using both command-line tools and online utilities.
What Is an SOA Record?
SOA stands for Start of Authority. An SOA record is a type of DNS (Domain Name System) resource record that contains authoritative administrative information about a DNS zone. Every DNS zone must have exactly one SOA record — it is mandatory per the DNS specification (RFC 1035).
Think of the SOA record as the "identity card" of your DNS zone. It tells other DNS servers who is responsible for the zone, what version the zone data is at, and how secondary name servers should handle zone transfers and caching.
Without a properly configured SOA record, your domain's DNS zone cannot function correctly, which can lead to resolution failures, email delivery problems, and degraded website availability.
SOA Record Structure: Breaking Down Each Field
An SOA record contains several distinct fields, each serving a specific purpose. Here is a typical SOA record as it appears in a zone file:
example.com. 86400 IN SOA ns1.example.com. admin.example.com. (
2024010101 ; Serial Number
3600 ; Refresh
900 ; Retry
604800 ; Expire
300 ; Minimum TTL
)Let's examine each component in detail:
1. Primary Name Server (MNAME)
This field identifies the primary (master) DNS server for the zone — the authoritative source of truth for all DNS records within that zone. Secondary (slave) DNS servers pull zone data from this server during zone transfers.
Example: ns1.example.com.
2. Responsible Party Email (RNAME)
This field stores the email address of the DNS zone administrator, but formatted in a specific way: the @ symbol is replaced with a dot (.).
Example: admin.example.com. translates to admin@example.com
> Important: If the local part of the email address contains a dot (e.g., john.doe@example.com), it must be escaped as john.doe.example.com. in the SOA record.
3. Serial Number
The serial number is a version identifier for the DNS zone. Every time you modify any record within the zone, you must increment this number. Secondary DNS servers compare their local serial number against the primary server's serial number during refresh intervals — if the primary has a higher number, the secondary initiates a zone transfer to synchronize.
Common format: YYYYMMDDNN (year, month, day, revision number)
Example: 2024010101 = January 1, 2024, first revision of the day
> Critical note: Forgetting to increment the serial number after making DNS changes is one of the most common DNS administration mistakes. Secondary servers will not pull updated records if the serial number hasn't changed.
4. Refresh Interval
Defines how frequently secondary DNS servers should check the primary server for zone updates (in seconds).
Example: 3600 = secondary servers check for updates every 1 hour
5. Retry Interval
If a secondary server fails to contact the primary server during a scheduled refresh, the retry value defines how long it waits before trying again.
Example: 900 = retry every 15 minutes after a failed refresh attempt
6. Expire Value
This defines how long a secondary server will continue to serve zone data if it cannot reach the primary server. Once this period expires, the secondary server stops answering queries for the zone, treating its data as unreliable.
Example: 604800 = zone data expires after 7 days of no contact with primary
7. Minimum TTL (Negative Caching TTL)
This value has two functions in modern DNS:
- It sets the default TTL for records in the zone that don't have an explicit TTL.
- Per RFC 2308, it defines the negative caching TTL — how long resolvers cache NXDOMAIN (non-existent domain) responses.
Example: 300 = negative responses are cached for 5 minutes
Why SOA Records Matter for Your Infrastructure
Properly configured SOA records directly impact:
- DNS propagation speed — Appropriate refresh and TTL values ensure changes propagate quickly without overloading name servers.
- Zone transfer reliability — Correct serial number management keeps primary and secondary servers in sync.
- Fault tolerance — A well-tuned expire value ensures your DNS continues to resolve even during primary server outages.
- Email deliverability — Many mail servers perform DNS lookups that depend on accurate zone data rooted in the SOA record.
If you're running your own DNS infrastructure, hosting it on a reliable platform is non-negotiable. VPS Hosting from AlexHost provides NVMe storage, full root access, and enterprise-grade DDoS protection — everything you need to run BIND, PowerDNS, or any other DNS server software with confidence.
How to Check an SOA Record
There are two primary methods for looking up SOA records: using command-line tools or using online DNS lookup services.
Method 1: Using the dig Command (Linux / macOS)
The dig (Domain Information Groper) command is the most powerful and widely used DNS lookup utility available on Linux and macOS systems. It queries DNS servers directly and returns detailed, raw DNS responses.
Basic SOA lookup:
dig SOA example.comSample output:
; <<>> DiG 9.18.1 <<>> SOA example.com
;; ANSWER SECTION:
example.com. 3600 IN SOA ns1.example.com. admin.example.com. 2024010101 3600 900 604800 300Query a specific DNS server:
dig SOA example.com @8.8.8.8Get a short, clean output:
dig SOA example.com +shortOutput:
ns1.example.com. admin.example.com. 2024010101 3600 900 604800 300> Tip: The dig command is available by default on most Linux distributions and macOS. On Windows, you can use it via WSL (Windows Subsystem for Linux) or install BIND tools separately.
Method 2: Using nslookup (Windows / Cross-Platform)
For Windows users, nslookup is the built-in alternative:
nslookup -type=SOA example.comSample output:
Server: dns.google
Address: 8.8.8.8
example.com
primary name server = ns1.example.com
responsible mail addr = admin.example.com
serial = 2024010101
refresh = 3600 (1 hour)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 300 (5 mins)Method 3: Using Online DNS Lookup Tools
If you prefer a graphical interface or need to quickly check SOA records without terminal access, several reliable online tools are available:
| Tool | URL | Key Features |
|---|---|---|
| MXToolbox | mxtoolbox.com | Comprehensive DNS record lookup, blacklist checking, email diagnostics |
| DNSChecker | dnschecker.org | Global DNS propagation checking across multiple servers |
| IntoDNS | intodns.com | Full DNS zone health report including SOA validation |
| WhatsMyDNS | whatsmydns.net | Real-time propagation status across worldwide DNS servers |
| Google Admin Toolbox | toolbox.googleapps.com | Dig-style lookups with clean visual output |
These tools are particularly useful when verifying DNS propagation after making changes, or when you need to check SOA records from multiple geographic locations simultaneously.
How to Modify an SOA Record
If you manage your own DNS server (e.g., running BIND on a Linux VPS), you can edit the SOA record directly in the zone file:
sudo nano /etc/bind/zones/db.example.comAfter making changes, always:
- Increment the serial number (e.g., change
2024010101to2024010102) - Reload the DNS service:
sudo systemctl reload bind9
# or
sudo rndc reload example.com- Verify the change:
dig SOA example.com @localhostIf you're using a control panel like cPanel or Plesk, SOA records are typically managed automatically when you add or modify DNS records. For a streamlined experience, VPS with cPanel from AlexHost gives you a full-featured graphical DNS management interface alongside root-level server access.
Common SOA Record Issues and How to Fix Them
Problem: Secondary servers not updating after DNS changes
Cause: Serial number was not incremented after modifying zone records.
Fix: Increment the serial number and reload the zone on the primary server.
Problem: Zone data becoming stale during primary server downtime
Cause: Expire value is set too low.
Fix: Increase the expire value to at least 604800 (7 days) for production zones.
Problem: Excessive DNS traffic to primary server
Cause: Refresh interval is set too low.
Fix: Increase the refresh interval to 3600 (1 hour) or higher for stable zones.
Problem: Slow propagation of deleted records (NXDOMAIN)
Cause: Minimum TTL is set too high.
Fix: Reduce the minimum TTL to 300–600 seconds for zones that change frequently.
SOA Records in the Context of Full DNS Infrastructure
SOA records don't exist in isolation — they work in conjunction with your entire DNS setup, including A records, MX records, CNAME records, NS records, and TXT records. A complete, well-managed DNS zone is the backbone of your online presence.
Here's how SOA records connect to other hosting services:
- Domain Registration: Your SOA record is created automatically when you register a domain and set up DNS. Manage your domains with Domain Registration from AlexHost.
- Web Hosting: Accurate DNS zones pointing to your hosting server ensure your website loads reliably. AlexHost's Shared Web Hosting includes DNS management tools for easy record configuration.
- Email Hosting: MX records in your DNS zone depend on a valid SOA record for proper zone authority. Pair your DNS setup with Email Hosting for professional, reliable mail delivery.
- SSL Certificates: Domain validation for SSL issuance often involves DNS-based verification. Secure your domains with SSL Certificates from AlexHost.
Recommended SOA Record Values for Production Zones
Use these values as a starting point for production DNS zones:
| Field | Recommended Value | Notes |
|---|---|---|
| Serial | YYYYMMDDNN | Increment on every change |
| Refresh | 3600 (1 hour) | Lower for dynamic zones |
| Retry | 900 (15 min) | Typically 1/4 of refresh |
| Expire | 604800 (7 days) | Minimum for production |
| Min TTL | 300 (5 min) | Balance between caching and flexibility |
Conclusion
The SOA record is the cornerstone of every DNS zone. It defines zone authority, controls synchronization between primary and secondary name servers, and governs how DNS data is cached and refreshed across the internet. Understanding its fields — from the serial number to the expire value — empowers you to manage DNS infrastructure with precision and confidence.
Whether you're verifying an SOA record with dig, troubleshooting zone transfer issues, or configuring a new domain from scratch, the knowledge in this guide gives you a solid foundation.
For a reliable, high-performance platform to host your DNS infrastructure, VPS Hosting from AlexHost delivers the NVMe speed, root access, and DDoS protection your DNS servers demand. Explore our full range of VPS Control Panels to find the management interface that fits your workflow — and take full control of your DNS today.