SOA records setup guide

August 04, 2024

The SOA (Start of Authority) record is the most important component in the Domain Name System (DNS). 

It helps you define the authoritative information for a DNS zone and manages synchronization between DNS servers. Moreover, it controls caching behavior. Without an SOA record, a DNS zone is considered invalid and incomplete.

Why the SOA Record Matters?

Every DNS zone file must begin with one SOA record. It acts as the first and most authoritative declaration for the domain. The SOA record:

  • Helps identify the primary name server for the domain

  • Coordinate updates between secondary (slave) name servers

  • Manages TTLs (Time-to-Live) and refresh intervals

  • Prevents DNS conflicts during replication

  • Controls DNS caching for resolvers and clients

  • It keeps your DNS structure stable, secure, and synchronized.

SOA Record Syntax

Here’s the SOA record format:

example.com. IN SOA ns1.example.com. admin.example.com.

  2025041101 ; serial

   3600       ; refresh

   1800       ; retry

   1209600    ; expire

   86400      ; minimum TTL

Breakdown of SOA

Field

Meaning

Primary NS (ns1.example.com)

The main server that holds the original DNS zone file.

Responsible Party (admin.example.com)

The email address of the domain admin (written with . instead of @).

Serial

A version number for the zone. Increments when DNS changes are made

Refresh

How often secondary servers check for updates (in seconds).

Retry

Wait time before trying again if the refresh fails.

Expire

If no updates are received within this period, secondaries discard the zone.

Minimum TTL

Controls negative caching – how long resolvers remember failed lookups.

Functions of an SOA Record

1) Zone Authority Declaration The SOA record identifies the origin point of the DNS zone.

2) DNS Synchronization It uses the serial number and allows DNS servers to stay in sync. If the serial changes, they know to fetch the updated data.

3) Caching & Performance The minimum TTL value monitors how long clients cache negative responses. This helps you prevent repeated requests for records that do not exist and also optimizes performance.

4) Redundancy & Reliability They refresh, retry, and expire values, and make sure that there's a robust failover strategy between DNS servers. So, if there's any in case of connection failures or outages, you can overcome them.

SOA Record and DNS Zone Transfers

DNS uses zone transfers to synchronize changes across servers. The SOA record is there to enable this process through its serial number.

Now, if a secondary server notices a higher serial number on the primary, it requests a zone transfer. This mechanism makes sure that all copies of your DNS zone remain consistent and up to date.

Zone transfer types that SOA Records Affect

AXFR (full zone transfer) IXFR (incremental zone transfer)

How to Manage SOA Records?

Use the YYYYMMDDnn Format for Serial Numbers: YYYY : Year MM: Month DD: Day nn: Number of edits done

Example: 2025041101 This makes it easy to track and increment when DNS changes occur.

Set Reasonable Refresh and Retry Values: Normal refresh takes 3600 seconds (1 hour) Retry: 900–1800 seconds (15–30 minutes)

Monitor Your TTL Behavior: Tune your minimum TTL. It depends on how frequently your DNS changes are made. Lower TTL = faster propagation, higher TTL = less DNS traffic.

Update the Serial After Every DNS Change: If you forget to update the serial number, it can break synchronization across servers.

Keep the Admin Contact Accurate: This email can be used in emergencies or for DNS troubleshooting by third-party systems.

Record Type

Purpose

SOA

Declares zone authority and controls DNS sync

A

Helps to map a hostname to an IP address

MX

Helps in specifying mail servers for email routing

NS

Helps to declare name servers for the domain

TXT

Carries arbitrary text, often used for SPF, DKIM, DMARC

CNAME

Aliases one domain name to another

The SOA record is important. It comes first and identifies how all the others behave in a DNS zone.

Impact on Website Performance

A correctly configured SOA record ensures efficient DNS resolution, which can lead to:​

  • Faster Website Load Times: Quick DNS responses reduce latency.​

  • Improved Uptime: Proper synchronization prevents downtime due to DNS issues.​

  • Enhanced SEO: Search engines favor websites with reliable and fast DNS responses, potentially improving search rankings.​

Is the SOA Record Required?

Yes. Every DNS zone must include exactly one SOA record. If it’s missing, DNS servers may refuse to load or propagate the zone.

SEO and Site Speed with the SOA Record

A properly configured SOA record makes things easier by:

  • Making the DNS resolution faster

  • Minimizing the failed lookups

  • Making it Reliable in the propagation of changes

  • Getting Better uptime across global regions

This helps you enhance the overall website reliability, and you can improve crawl efficiency for search engines. It helps you gain a consistent user experience, specifically when there are any domain migrations or email updates.

FAQs

Can I have more than one SOA record? No. Each DNS zone must contain only one SOA record at the top.

What will happen if my SOA serial number isn't updated? If your SOA serial number isn't updated, the Secondary DNS servers may not pull the updated zone and this can lead to out-of-sync DNS data.

What is the best TTL for SOA records? It depends on your needs. 86400 seconds (24 hours) is common, but you can reduce this during high-change periods for faster propagation.

Conclusion

The SOA record is a DNS component.  It works as the main point for your domain’s DNS structure. It helps you ensure your DNS data is reliable, synchronized, and complies with internet standards.

Whether you're running a small blog or a large-scale web application, or you want to maintain a correct and optimized SOA record is non-negotiable for uptime and performance.

February 20, 2025

How to Authenticate Notifii Email Domain - DMARC, DKIM, SPF Setup

This article will guide you how to authenticate the Notifii domain for sending emails.

Read more →
December 12, 2024

Neo Email SPF, DKIM, DMARC Record Configuration - Authentication Email Domain

This article will guide you how to setup Neo Email SPF, DKIM, and DMARC records to authenticate your custom email domain.

Read more →
December 07, 2024

Setup Proton Mail SPF, DKIM, DMARC Records for Domain Authentication

SPF (Sender Policy Framework) helps prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send email on behalf of their domain.

Read more →
August 04, 2024

Configure Cakemail DMARC & DNS Records for Domain Authentication

SPF, DKIM, and DMARC are the commonly used email authentication standards that are necessary to protect emails against spoofing and build trust with email inbox providers (ISPs) like Google. Without these authentications, your emails are likely to be marked as spam by the ISPs. Therefore, several email management platforms like CakeMail, provide the DNS records that you can add to your DNS provider for verification. This step-by-step guide will walk you through the complete DNS setup and domain authentication process. Read on to learn how to configure DNS records in CakeMail.

Read more →
Bulletproof emails with DMARC

Check domain and follow the instructions to nail down your DMARC configuration.
No expert knowledge needed!