SOLUTIONS
Deliver Superior Online Experiences
Mitigate DDoS Attacks Stop Malicious Bot Abuse Accelerate Internet Applications Ensure Application Availability Optimize Web Experiences Stream Videos On-Demand
Secure Employee Applications and Devices
Deliver Zero Trust Access to Applications Implement Secure Access Service Edge (SASE) Protect Users Accessing the Internet Protect Corporate Networks Manage Secure Contractor Access Replace Virtual Private Networks (VPNs) Secure Your Remote Workforce Stop Zero Day Attacks with Browser Isolation
 
Protect and Accelerate Networks
Mitigate L3 DDoS Attacks Connect network infrastructure with Cloudflare Transform Corporate Networks
Code on the Network Edge
Build a Serverless Application Deploy a Static Website Configure a CDN Define Conditional Request Routing
Manage a Secure Cloud
Secure Hybrid, Cloud, & SaaS Platforms Enable SSL for SaaS Applications Reduce Cloud Data Transfer Costs
Register a Website
Register or Transfer a Website
INDUSTRIES
eCommerce Gaming Media and Entertainment Public Sector SaaS
PUBLIC INTEREST
Election Campaigns Athenian Project Project Galileo Project Fair Shot
FOR INFRASTRUCTURE
Application & Network Security
DDoS Protection WAF Bot Management Magic Transit Rate Limiting SSL / TLS Cloudflare Spectrum Network Interconnect
Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing Stream Delivery China Network Waiting Room
FOR TEAMS
Cloudflare for Teams Access Gateway Browser Isolation
FOR DEVELOPERS
Serverless Applications
Cloudflare Workers Cloudflare Workers KV
Domain Registration
Cloudflare Registrar
Website Development
Cloudflare Pages Cloudflare Stream
FOR EVERYONE
1.1.1.1 1.1.1.1 with WARP (App) 1.1.1.1 for Families
INSIGHTS
Analytics Cloudflare Logs Web Analytics Cloudflare Radar
PRIVACY
Data Localization Compliance
FOR INFRASTRUCTURE
Advanced Security
Bot Management Firewall rules Magic Transit Spectrum (TCP/UDP) SSL WAF
Performance & Reliability
CDN DNS Image Resizing Load Balancing Stream (Video) Argo Tunnel
 
Insights
Analytics
Domain Registration
Registrar
FOR SERVERLESS APPLICATIONS
Workers Quick Start Cloudflare Pages Sample Workers Projects Workers Tutorials Command-line (Wrangler) Runtime
FOR TEAMS
Access Access Audit logs Gateway Gateway Activity Logs
EXPLORE CLOUDFLARE API
Cloudflare API API Authentication
DOCUMENTATION HUB
Dev Documentation Hub
RESOURCES
Resource Hub Whitepapers Webinars Solutions & Product Guides Case Studies Analysts
EXPLORE
What's New? Network Map Cloudflare in China GDPR
GET STARTED
Register Your Website Welcome Center Get Help
LEARN
Learning Center Security DDoS Bot Management SSL Identity and Access Management Performance CDN DNS Cloud Serverless Network Layer
CONNECT
Blog Community
COMPLIANCE
GDPR Transparency Report Compliance
CONTACT
+1 650 319 8930
CHANNEL & ALLIANCE PARTNERS
Partner Network Partner Portal
TECHNOLOGY PARTNERS
Overview Analytics Partners Bandwidth Alliance Interconnect Partnerships Peering Portal
PRICING BY PLAN
Pro Business Enterprise
COMPARE AND EXPLORE
Need Help Choosing a Plan? Add Ons Compare All Plans

What is a DNS SOA record?

The SOA record contains important information about a domain and who is responsible for it.

Share facebook icon linkedin icon twitter icon email icon
What is DNS?
What is 1.1.1.1?
DNS Security
DNS Server Types
DNS Records
DNS Glossary of Terms
  • What is DNS?
  • What is 1.1.1.1?
  • DNS Security
  • DNS Server Types
  • DNS Records
  • Overview
  • DNS A Record
  • DNS CNAME Record
  • DNS MX Record
  • DNS TXT Record
  • DNS NS Record
  • DNS SOA Record

    What is a DNS SOA record?

    The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.

    All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also important for zone transfers.

    Example of an SOA record:

    name example.com
    record type SOA
    MNAME ns.primaryserver.com
    RNAME admin.example.com
    SERIAL 1111111111
    REFRESH 86400
    RETRY 7200
    EXPIRE 4000000
    TTL 11200

    The 'RNAME' value here represents the administrator's email address, which can be confusing because it is missing the ‘@’ sign, but in an SOA record admin.example.com is the equivalent of admin@example.com.

    What is a zone serial number?

    In the DNS, a 'zone' is an area of control over namespace. A zone can include a single domain name, one domain and many subdomains, or many domain names. In some cases, 'zone' is essentially equivalent with 'domain,' but this is not always true.

    A zone serial number is a unique identifier for the zone. In the example above, the serial number is listed next to 'SERIAL.' A DNS server can quickly look up a zone's records in its database via the serial number, which will bring up the SOA record.

    What are the other parts of an SOA record?

    • MNAME: This is the name of the primary nameserver for the zone. Secondary servers that maintain duplicates of the zone's DNS records receive updates to the zone from this primary server.
    • REFRESH: The length of time (in seconds) secondary servers should wait before asking primary servers for the SOA record to see if it has been updated.
    • RETRY: The length of time a server should wait for asking an unresponsive primary nameserver for an update again.
    • EXPIRE: If a secondary server does not get a response from the primary server for this amount of time, it should stop responding to queries for the zone.

    What is a zone transfer?

    A DNS zone transfer is the process of sending DNS record data from a primary nameserver to a secondary nameserver. The SOA record is transferred first. Using the serial number, the secondary server can check to see if it already has the data in its database. Zone transfers take place over the TCP protocol.

    Learn more about various DNS records.

  • DNS SRV Record
  • DNS PTR Record
  • DNS Glossary of Terms
  • DNS Zone
  • IP Address
  • What's a DNS Server?
  • Domain Name
  • Cloudflare Registrar
  • DNS over TLS
  • Domain Name Registrar
  • Expired Domains
  • Best Domain Name Registrar
  • DNS Root Server
  • Dynamic DNS
  • Reverse DNS
  • Primary Vs Secondary DNS
  • Round-Robin DNS
  • DNS Cache Poisoning
  • Anycast DNS
  • Recursive DNS

DNS SOA Record

Learning Objectives

After reading this article you will be able to:

  • Understand the purpose of an SOA record
  • Explain zone serial numbers and zone transfers

What is a DNS SOA record?

The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.

All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also important for zone transfers.

Example of an SOA record:

name example.com
record type SOA
MNAME ns.primaryserver.com
RNAME admin.example.com
SERIAL 1111111111
REFRESH 86400
RETRY 7200
EXPIRE 4000000
TTL 11200

The 'RNAME' value here represents the administrator's email address, which can be confusing because it is missing the ‘@’ sign, but in an SOA record admin.example.com is the equivalent of admin@example.com.

What is a zone serial number?

In the DNS, a 'zone' is an area of control over namespace. A zone can include a single domain name, one domain and many subdomains, or many domain names. In some cases, 'zone' is essentially equivalent with 'domain,' but this is not always true.

A zone serial number is a unique identifier for the zone. In the example above, the serial number is listed next to 'SERIAL.' A DNS server can quickly look up a zone's records in its database via the serial number, which will bring up the SOA record.

What are the other parts of an SOA record?

  • MNAME: This is the name of the primary nameserver for the zone. Secondary servers that maintain duplicates of the zone's DNS records receive updates to the zone from this primary server.
  • REFRESH: The length of time (in seconds) secondary servers should wait before asking primary servers for the SOA record to see if it has been updated.
  • RETRY: The length of time a server should wait for asking an unresponsive primary nameserver for an update again.
  • EXPIRE: If a secondary server does not get a response from the primary server for this amount of time, it should stop responding to queries for the zone.

What is a zone transfer?

A DNS zone transfer is the process of sending DNS record data from a primary nameserver to a secondary nameserver. The SOA record is transferred first. Using the serial number, the secondary server can check to see if it already has the data in its database. Zone transfers take place over the TCP protocol.

Learn more about various DNS records.

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.