SOA Record Lookup
Check SOA (start of authority) records for any DNS zone across 12 global resolvers. Free real-time DNS checker.
What is an SOA record?
An SOA record ("start of authority") sits at the apex of every DNS zone and carries metadata about the zone: the primary nameserver, the responsible-party email, and a set of timing parameters (serial, refresh, retry, expire, minimum TTL). Every DNS zone has exactly one SOA.
When to check the SOA
- Diagnosing whether a zone change has actually been published (the SOA serial typically increments on each change)
- Confirming which nameserver is currently the primary
- Auditing zone-wide TTL and refresh settings
Reading the results
An SOA record value packs seven fields into one string: mname rname serial refresh retry expire minimum. mname is the primary nameserver, rname is the responsible-party email (with . instead of @), and the rest are timing parameters in seconds.
Common errors and pitfalls
- Serial doesn't increment after a change: most modern providers handle this automatically, but on legacy bind setups you have to bump it manually. If the serial doesn't change, secondary nameservers won't pull the new zone data.
- Different SOAs across resolvers: usually one resolver has a slightly stale cache. Wait one minimum-TTL window and re-check.
- rname has a literal
@: that's a common typo. The "@" must be encoded as a dot in the SOA, soadmin@example.combecomesadmin.example.com.. - Negative cache TTL too high: the "minimum" field controls how long resolvers cache NXDOMAIN answers. Set it to 300–3600 seconds for fast iteration during DNS work.
FAQ
What does the SOA serial number mean?
It's a version counter for the zone. By convention it's a date-style integer (YYYYMMDDNN), incremented every time the zone changes. Secondary nameservers compare serials to decide whether to pull a fresh zone copy from the primary.
Why does the SOA serial differ across resolvers?
The newest serial is what the primary nameserver actually has. Resolvers may serve a slightly older serial until their cache (governed by the SOA's minimum-TTL field) refreshes.
What does each timing field mean?
refresh: how often secondaries check the primary for changes. retry: how often to retry if refresh fails. expire: how long secondaries serve stale data when the primary is unreachable. minimum: TTL for negative responses (NXDOMAIN/NODATA).
Can a zone have multiple SOA records?
No. Exactly one SOA per zone, at the apex.
Background reading
See DNS zones for theory and the DNS Records Explained guide for context.