An SOA record is a DNS record that defines the global parameters for a zone file (domain). Each zone file has exactly one SOA record.
SOA records are also called "Start of Authority records," and are defined in RFC 1035.
This page provides a brief overview of SOA records. A more detailed discussion is in our SOA Record Monitoring blog post.
DNS Check can monitor your SOA records, and notify you if they become unresolvable, or have any parameters change.
Fields
The SOA record is typically the most complex record in a zone file. Here are the fields that make up an SOA record:
| Field | Description | Example |
|---|---|---|
| Name | The fully qualified domain name (FQDN) of the zone file. | dnscheck.co. |
| Type | The DNS record type. Always set to SOA. | SOA |
| Name Server | An authoritative name server for the domain. Only one name server should be listed, even if the domain has multiple authoritative name servers. | chan.ns.cloudflare.com. |
| The email address of the domain's administrator. The @ sign should be replaced with a dot (.). | dns.cloudflare.com. | |
| Serial Number | This acts as the "version number" for the SOA record. It gets incremented each time the zone file that the SOA record is in gets updated. Valid values are 1 to 4,294,967,295. | 2019756054 |
| Refresh | The time in seconds that a slave name server should wait before refreshing the zone file from the master. | 10000 |
| Retry | The time in seconds that a slave name server should wait before retrying to establish a connection to the master following a communications error. | 2400 |
| Expire | The time in seconds that may elapse before a zone file is no longer considered authoritative. | 604800 |
| Minimum | The time in seconds to cache NXDOMAIN results in DNS. | 3600 |
DNS Zone File Examples
Here's an example of how an SOA record which uses the example values from this page's Fields section looks in a DNS zone file:
; Name Type Name server Email Serial Refresh Retry Expire Minimum
dnscheck.co. SOA chan.ns.cloudflare.com. dns.cloudflare.com. 2019756054 10000 2400 604800 3600
The Name, Name server, and Email fields in the above example each end in a period, so they're using fully qualified domain names.
Alternatively, you can create an SOA record that's relative to the zone file's $ORIGIN. Here's an example of how to do this using the example values from this page's Fields section:
$ORIGIN dnscheck.co.
; Name Type Name server Email Serial Refresh Retry Expire Minimum
@ SOA chan.ns.cloudflare.com. dns 2019756054 10000 2400 604800 3600
Additional Resources
- Check Your DNS MX Records - a blog post that goes into a lot of detail on what SOA records are used for, their fields, and how to monitor them.
- RFC 1035 - section 3.3.13 (SOA RDATA format) defines the format that SOA records follow.