Beep beep... Loading...
Beep beep... Loading...
An SOA (Start of Authority) record is like the birth certificate of your domain. It contains essential information about your domain's administration, including who's responsible for it and how often it gets updated.
Format:
@ IN SOA primary-ns admin-email (
serial ; Serial Number
refresh ; Refresh interval
retry ; Retry interval
expire ; Expiration time
minimum-ttl ; Minimum TTL
)Real-world example:
example.com. IN SOA ns1.example.com. admin.example.com. (
2024030501 ; Serial: YYYYMMDDNN
3600 ; Refresh: 1 hour
1800 ; Retry: 30 minutes
604800 ; Expire: 1 week
86400 ; Minimum TTL: 24 hours
)Think of an SOA record like a book's publishing information page:
Just like you need this information to manage a book's publication, DNS systems need SOA records to manage and update domain information properly.
The primary nameserver for the domain (e.g., ns1.example.com)
Domain administrator's email (@ replaced with ., e.g., admin.example.com)
Version number, usually in format YYYYMMDDNN
How often secondary servers check for updates (e.g., 3600 = 1 hour)
How long to wait before retrying failed refresh (e.g., 1800 = 30 minutes)
Maximum time secondary servers should retain data (e.g., 604800 = 1 week)
Default TTL for negative responses (e.g., 86400 = 24 hours)
Each DNS zone must have exactly one SOA record - no more, no less.
Always increment the serial number when making zone changes.
Not incrementing the serial number prevents secondary servers from getting updates.
Setting refresh, retry, or expire times too low can overload your DNS servers.
Using @ in the admin email instead of a dot (.) will cause parsing errors.
Stick to common refresh (3600), retry (1800), and expire (604800) values unless you have specific needs.
Keep a log of serial number updates and what changes were made.
Periodically check your SOA record to ensure all values are correct and up to date.