SOA Record Lookup Tool
SOA Lookup is a free tool used to inspect the Start of Authority record, which defines the core administrative parameters and synchronization timers for a DNS zone.
Inpsect the "Birth Certificate" of any DNS zone. Analyze serial numbers, synchronization timers, and authoritative sources.
Type a domain to check DNS records.
Understanding the SOA (Start of Authority) Record
In the hierarchy of the Domain Name System, the Start of Authority (SOA) record is often called the "birth certificate" of a DNS zone. It is the most fundamental record, containing essential administrative information about the zone and defining how DNS data is synchronized across different servers globally.
Every domain name must have exactly one SOA record at its apex. This record identifies the primary authoritative nameserver and the email of the person responsible for the zone. More importantly, it contains the sync timers that dictate how secondary (slave) nameservers interact with the primary (master) server. Without a valid SOA record, a DNS zone cannot function properly, and secondary servers will not know when to refresh their data.
Anatomy of an SOA Record
MNAME (Primary Target)
This field identifies the primary authoritative nameserver where the zone data originates. It is the source of truth for all record updates.
RNAME (Responsible Person)
The email address of the domain administrator. Note: In DNS format, the "@" is replaced by a dot (e.g., admin.example.com instead of admin@example.com).
Serial Number
A version number for the zone. When you change a record, you must increment this number so secondary servers know the data has changed and needs to be pulled. Usually formatted as YYYYMMDDNN.
Minimum TTL
Also known as "Negative Caching TTL." It tells other DNS resolvers how long to remember that a record doesn't exist (NXDOMAIN) before asking again.
How Secondary Servers Sync
The SOA record defines three critical timers that prevent DNS outages and ensure data consistency across the network:
- Refresh:The interval (in seconds) at which secondary nameservers query the primary server's SOA record to check for changes (by comparing Serial numbers). Standard values range from 3600 (1 hour) to 86400 (1 day).
- Retry:If the primary server is unreachable during a refresh attempt, the secondary server waits this long before trying again. Usually shorter than the Refresh timer (e.g., 600 or 900 seconds).
- Expire:The fail-safe timer. If a secondary server cannot reach the primary server for this long, it stops answering queries for the zone because it assumes the data is dangerously out of date. Typical values are 1-4 weeks (604800 to 2419200 seconds).
Best Practices for SOA Records
Increment Serials
Always increase the serial number when making DNS changes. If you forget, your secondary servers will keep serving old data until the serial is manually bumped.
Valid Hostmaster
Ensure the RNAME points to a mailbox that is actually monitored. Automated tools and security researchers use this to contact domain owners.
Balanced TTLs
Don't set your Minimum TTL too high (prevents quick fixes for typos) or too low. Monitor cache timing with our TTL Checker.
Primary NS Choice
The MNAME should be the primary public nameserver. Verify your delegation using our NS Lookup tool.
Frequently Asked Questions
Can I have more than one SOA record?
No. A DNS zone must have exactly one SOA record. If multiple SOA records are present, resolvers will likely encounter errors, and synchronization between nameservers will break.
Why is my serial number usually 10 digits?
Most administrators use the format YYYYMMDDNN (Year, Month, Day, and a 2-digit sequence number). This makes it easy to track when the last change was made just by looking at the record.
What is a "Lame Delegation"?
This occurs when the NS records in the parent zone point to servers that do not have a corresponding SOA record for the domain. Essentially, the parent says "Server A is in charge," but Server A says "I don't know what this domain is."
Does the SOA record affect website speed?
It primarily affects the speed of secondary server updates and negative caching. It does not directly affect the speed of normal A or CNAME lookups, but poor sync timers can cause availability issues if the primary master goes offline.
Critical TTL Update
If you are planning to move your DNS to a different provider, remember to lower your SOA Refresh and TTL values days in advance. This forces resolvers to check for the new location more frequently, minimizing downtime during migration.