SOLUTIONS
Deliver Superior Online Experiences
Mitigate DDoS AttacksStop Malicious Bot AbuseAccelerate Internet ApplicationsEnsure Application AvailabilityOptimize Web ExperiencesStream Videos On-Demand
Secure Employee Applications and Devices
Deliver Zero Trust Access to ApplicationsImplement Secure Access Service Edge (SASE)Protect Users Accessing the InternetProtect Corporate NetworksManage Secure Contractor AccessReplace Virtual Private Networks (VPNs)Secure Your Remote WorkforceStop Zero Day Attacks with Browser Isolation
 
Protect and Accelerate Networks
Solutions-Solutions-Protect and Accelerate Networks-Cloudflare's Network ServicesMitigate L3 DDoS AttacksConnect network infrastructure with CloudflareTransform Corporate Networks
Code on the Network Edge
Build a Serverless ApplicationDeploy a Static WebsiteConfigure a CDNDefine Conditional Request Routing
Manage a Secure Cloud
Secure Hybrid, Cloud, & SaaS PlatformsEnable SSL for SaaS ApplicationsReduce Cloud Data Transfer Costs
Register a Website
Register or Transfer a Website
INDUSTRIES
eCommerceFinancial ServicesGamingHealthcare and Life SciencesMedia and EntertainmentPublic SectorSaaSEducation
PUBLIC INTEREST
Election CampaignsAthenian ProjectProject GalileoProject Fair Shot
FOR INFRASTRUCTURE
Application & Network Security
DDoS ProtectionWAFBot ManagementMagic TransitMagic WANRate LimitingSSL / TLSSSL/TLS for SaaS ProvidersCloudflare SpectrumNetwork InterconnectCDNDNSArgo Smart RoutingLoad BalancingStream DeliveryChina NetworkWaiting Room
FOR TEAMS
Cloudflare for TeamsAccessGatewayBrowser Isolation
FOR DEVELOPERS
Serverless Applications
Cloudflare WorkersCloudflare Workers KV
Domain Registration
Cloudflare Registrar
Website Development
Cloudflare PagesCloudflare Stream
SaaS Developers
Cloudflare for SaaS
FOR EVERYONE
1.1.1.11.1.1.1 with WARP (App)1.1.1.1 for Families
INSIGHTS
AnalyticsCloudflare LogsWeb AnalyticsCloudflare Radar
PRIVACY
Data LocalizationCompliance
FOR INFRASTRUCTURE
Advanced Security
Bot ManagementFirewall rulesMagic TransitSpectrum (TCP/UDP)SSLWAFCDNDNSImage ResizingLoad BalancingStream (Video)
 
Insights
Analytics
Domain Registration
Registrar
FOR SERVERLESS APPLICATIONS
Workers Quick StartCloudflare PagesSample Workers ProjectsWorkers TutorialsCommand-line (Wrangler)Runtime
FOR TEAMS
Cloudflare for Teams
EXPLORE CLOUDFLARE API
Cloudflare APIAPI Authentication
DOCUMENTATION HUB
Dev Documentation Hub
RESOURCES
Resource HubWhitepapersWebinarsSolutions & Product GuidesCase StudiesAnalysts
EXPLORE
What's New?Network MapCloudflare in ChinaGDPR
GET STARTED
Register Your WebsiteWelcome CenterGet Help
LEARN
Learning CenterSecurityDDoSBot ManagementSSLIdentity and Access ManagementPerformanceCDNDNSCloudServerlessNetwork Layer
CONNECT
BlogCommunity
TRUST
Trust HubPrivacy & Data ProtectionCertificationsTrust & SafetyGDPRLegal Documentation
CONTACT
+1 650 319 8930
CHANNEL & ALLIANCE PARTNERS
Partner NetworkPartner Portal
TECHNOLOGY PARTNERS
OverviewAnalytics PartnersBandwidth AllianceEndpoint Security PartnershipsInterconnect PartnershipsNetwork On-ramp PartnershipsPeering Portal
PRICING BY PLAN
FreeProBusinessEnterprise
COMPARE AND EXPLORE
Need Help Choosing a Plan?Add OnsCompare All Plans

What is a DNS SOA record?

The SOA record contains important information about a domain and who is responsible for it.

Learning Objectives

After reading this article you will be able to:

  • Understand the purpose of an SOA record
  • Explain zone serial numbers and zone transfers

Copy article link

What is a DNS SOA record?

The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.

All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also important for zone transfers.

Example of an SOA record:

name example.com
record type SOA
MNAME ns.primaryserver.com
RNAME admin.example.com
SERIAL 1111111111
REFRESH 86400
RETRY 7200
EXPIRE 4000000
TTL 11200

The 'RNAME' value here represents the administrator's email address, which can be confusing because it is missing the ‘@’ sign, but in an SOA record admin.example.com is the equivalent of admin@example.com.

What is a zone serial number?

In the DNS, a 'zone' is an area of control over namespace. A zone can include a single domain name, one domain and many subdomains, or many domain names. In some cases, 'zone' is essentially equivalent with 'domain,' but this is not always true.

A zone serial number is a version number for the SOA record. In the example above, the serial number is listed next to 'SERIAL.' When the serial number changes in a zone file, this alerts secondary nameservers that they should update their copies of the zone file via a zone transfer.

What are the other parts of an SOA record?

  • MNAME: This is the name of the primary nameserver for the zone. Secondary servers that maintain duplicates of the zone's DNS records receive updates to the zone from this primary server.
  • REFRESH: The length of time (in seconds) secondary servers should wait before asking primary servers for the SOA record to see if it has been updated.
  • RETRY: The length of time a server should wait for asking an unresponsive primary nameserver for an update again.
  • EXPIRE: If a secondary server does not get a response from the primary server for this amount of time, it should stop responding to queries for the zone.

What is a zone transfer?

A DNS zone transfer is the process of sending DNS record data from a primary nameserver to a secondary nameserver. The SOA record is transferred first. The serial number tells the secondary server if its version needs to be updated. Zone transfers take place over the TCP protocol.

Learn more about various DNS records.

Sales

About DNS

DNS Servers

DNS Records

DNS Glossary

Learning Center Navigation

© 2021 Cloudflare, Inc.Privacy PolicyTerms of UseDisclosureCookie PreferencesTrademark