Domainee
Sign inGet started

SOA record

The 'Start of Authority' DNS record at the zone apex. Holds metadata about the zone: primary NS, admin email, serial number, refresh timers.

The SOA (Start of Authority) record is the metadata record at the top of every DNS zone. Exactly one per zone, sitting at the apex. It holds the bookkeeping information for the zone.

example.com.   SOA   ns1.example.com. admin.example.com. 2026051800 7200 3600 1209600 3600

Fields, in order:

  1. Primary NS. The "master" nameserver for the zone.
  2. Admin email. First . is read as @. So admin.example.com. means admin@example.com.
  3. Serial. Incremented on every zone change. Secondaries use it to know when to re-pull.
  4. Refresh. How often secondaries check for updates (seconds).
  5. Retry. How long to wait after a failed refresh.
  6. Expire. Secondary stops serving after this long without contact.
  7. Minimum / Negative caching TTL. How long resolvers cache "this name doesn't exist" responses.

Why you rarely care

Modern hosted DNS providers (Cloudflare, Route 53) manage the SOA for you. You almost never edit it directly. The exception is if you're running your own authoritative DNS, in which case the SOA serial number drives zone replication.

When it does come up

  • Migrating DNS providers: the new provider's SOA values may differ. Worth a sanity check.
  • Debugging weird negative-caching behavior: high SOA minimum can mean "no such record" responses get cached for too long. Lower it during onboarding.
  • Reading dig output: every authoritative response includes the SOA serial, useful for confirming you're hitting the right server.

Want this handled for you? Start free with Domainee — 50 custom domains + 100 GB bandwidth, no card.