SOA Record Lookup - Check DNS Zone Authority

No logs stored • Server-side processing

View primary nameserver, admin email, serial number, and zone transfer timings for any domain. All 7 SOA fields parsed with human-readable formatting.

Free Online Start of Authority Checker

7 Fields Parsed

Human-Readable Times

All 8 Record Types

100% Free

Enter a domain above to get started

We'll show you A, AAAA, MX, CNAME, TXT, NS, SOA, and CAA records

DNS Records for

—

0 Records

DNSSEC

A Records

IPv4 Addresses

—

AAAA

AAAA Records

IPv6 Addresses

—

MX Records

Mail Exchange Servers

—

CNAME

CNAME Records

Canonical Names (Aliases)

—

TXT

TXT Records

Text Records (SPF, DKIM, Verification)

—

NS Records

Nameservers

—

SOA

SOA Record

Start of Authority

—

CAA

CAA Records

Certificate Authority Authorization

—

DNSSEC Status

DNSSEC —

DNSKEY Records —

DS Records —

Email Authentication

— Security Score

SPF —

—

DMARC —

—

DKIM Checking...

Mail Server Reputation Checking blacklists...

Understand SOA Records: DNS Zone Authority Explained

An SOA (Start of Authority) record is a DNS record containing administrative information about a DNS zone. It includes seven fields: the primary nameserver (MNAME), administrator email (RNAME), serial number, refresh interval, retry interval, expire time, and minimum TTL. Every DNS zone must have exactly one SOA record, making it essential for zone management and nameserver synchronization.

What You'll Discover

server

Primary nameserver and admin contact for the DNS zone

hash

Version tracking for zone updates and synchronization

clock

Refresh, retry, and expire intervals controlling zone transfers

shield

Minimum TTL for negative caching and default record lifetimes

Can Find

Primary nameserver (MNAME) - the master DNS server for the zone
Administrator email (RNAME) - contact for zone issues
Serial number - zone version for tracking updates
Refresh/Retry/Expire intervals in human-readable format
Minimum TTL for negative caching
All 8 DNS record types via tabs (A, AAAA, MX, CNAME, TXT, NS, SOA, CAA)

Cannot Find

Zone transfer testing (AXFR) - requires specialized tools
Serial number history or change tracking over time
SOA comparison across multiple nameservers
Zone file editing or modification capabilities

Part of Your Workflow

Need to see all authoritative nameservers? NS Lookup Want to check all DNS records at once? DNS Lookup Need to verify SOA propagation globally? DNS Checker

How to Check SOA Records

View zone authority and timing settings in seconds

Enter the Domain

Type the domain you want to check (e.g., google.com, cloudflare.com). We automatically strip www and clean up the input.

Click Lookup

We query DNS servers to retrieve the SOA record along with 7 other record types. Results are cached for 5 minutes.

View All 7 SOA Fields

See primary nameserver, admin email (with @ symbol), serial number, and all timing values in a clean grid layout.

Check Human-Readable Timings

Refresh, retry, expire, and minimum TTL are displayed in both human-readable format (1h 30m) and raw seconds (5400s).

Understanding Your SOA Lookup Results

What each of the 7 SOA record fields means

Primary Nameserver (MNAME)

The primary master nameserver for this DNS zone. This is the authoritative server that holds the original zone file. All other nameservers (secondary/slave) synchronize their data from this server. Example: ns1.google.com is Google's primary nameserver.

Example: ns1.google.com

Administrator Email (RNAME)

The email address of the zone administrator responsible for this DNS zone. In DNS format, the first dot replaces the @ symbol (e.g., dns-admin.google.com). Our tool automatically converts this to standard email format (dns-admin@google.com) for readability.

Example: dns-admin@google.com

Serial Number

A version number that increases whenever the zone is updated. Secondary nameservers compare this number to detect changes. Common formats: YYYYMMDDNN (2024011701), Unix timestamp, or simple incrementing counter. Higher serial = more recent zone version.

Example: 2024011701

Refresh Interval

How often secondary nameservers should check the primary for zone updates. Displayed in human-readable format (e.g., '15m' for 15 minutes, '1h' for 1 hour). Shorter refresh = faster propagation but more DNS traffic.

Example: 15m (900 seconds)

Retry Interval

How long a secondary nameserver should wait before retrying if the primary is unreachable during a refresh. Typically shorter than the refresh interval. If the primary remains unreachable, retries continue until the expire time is reached.

Example: 15m (900 seconds)

Expire Time

How long secondary nameservers should serve cached zone data if they cannot reach the primary. After this time, the zone is considered invalid and secondaries stop responding. Typically 7-14 days to prevent serving stale data.

Example: 7d (604800 seconds)

Minimum TTL

The default TTL for negative caching (NXDOMAIN responses) and records without explicit TTL. Also called 'negative TTL'. Controls how long DNS resolvers cache 'domain not found' responses. Typical values: 5 minutes to 1 hour.

Example: 5m (300 seconds)

Why Choose Our SOA Lookup Tool

Complete zone authority information at a glance

All 7 SOA Fields Parsed

View complete SOA record breakdown: MNAME, RNAME, serial, refresh, retry, expire, and minimum TTL. Every field extracted and explained.

Human-Readable Time Format

Timing values displayed in both formats: human-readable (1h 30m) and raw seconds (5400s). No more mental math converting seconds to hours.

Admin Email Transformation

Administrator email automatically converted from DNS format (first.last.domain.com) to standard email format (first.last@domain.com) for clarity.

Clean Grid Layout

SOA data presented in an easy-to-scan grid layout rather than raw text. Compare values quickly and find what you need instantly.

Access to 8 Record Types

While focused on SOA, switch tabs to view A, AAAA, MX, CNAME, TXT, NS, and CAA records for a complete DNS picture.

Export to JSON/CSV/TXT

Download your SOA lookup results in multiple formats. JSON for automation, CSV for spreadsheets, plain text for documentation.

When You Need SOA Lookup

Common scenarios for checking Start of Authority records

Zone Administration

Identify the primary nameserver and administrator contact for any DNS zone. Essential when troubleshooting or transferring domain management.

Zone Sync Monitoring

Check refresh, retry, and expire intervals to understand how quickly DNS changes propagate to secondary nameservers.

Serial Number Tracking

Verify zone updates by checking the serial number. Higher serial means more recent changes—useful for confirming DNS modifications took effect.

DNS Troubleshooting

Investigate propagation issues by examining SOA timing settings. Long refresh intervals or low expire times can cause sync problems.

How SOA Records Work

SOA records are the administrative backbone of DNS zones, controlling how nameservers synchronize and when cached data expires.

SOA Record Structure

Every DNS zone has exactly one SOA record at its apex. The SOA contains seven fields that define zone authority and synchronization behavior. The MNAME field specifies the primary master nameserver—the authoritative source for the zone file. The RNAME field (stored with the first dot as @) identifies the zone administrator. The remaining five fields (serial, refresh, retry, expire, minimum) control versioning and timing for zone transfers between primary and secondary nameservers.

Zone Transfer Mechanics

Zone transfers (AXFR/IXFR) keep secondary nameservers synchronized with the primary. The process works as follows: 1) Secondary checks primary's SOA serial at refresh intervals, 2) If serial increased, secondary requests a zone transfer, 3) If primary unreachable, secondary retries at retry intervals, 4) If primary unreachable beyond expire time, secondary stops answering queries. This ensures DNS availability while preventing stale data from persisting indefinitely.

Serial Number Formats

The serial number must increase with every zone change. Three common formats exist: 1) YYYYMMDDNN (e.g., 2024011701) - date plus revision number, most readable and recommended, 2) Unix timestamp (e.g., 1705462800) - seconds since 1970, auto-incrementing, 3) Simple counter (e.g., 12345) - just increment by 1 each change. The format doesn't matter technically—only that the number increases. Many DNS providers auto-increment the serial when you make changes.

SOA vs NS Records

SOA and NS records serve different purposes: NS records list ALL authoritative nameservers for a domain (typically 2-6 servers for redundancy). SOA records specify zone METADATA including the PRIMARY nameserver, admin contact, and timing parameters. You need both: NS records tell resolvers which servers to query, SOA records tell those servers how to synchronize. Use NS Lookup to see all nameservers; use SOA Lookup for zone administration details.

SOA Lookup Specifications

Record Type: SOA (Start of Authority)
Fields Parsed: 7 (MNAME, RNAME, Serial, Refresh, Retry, Expire, Minimum)
Time Formatting: Human-readable (1h 30m) + raw seconds (5400s)
Email Transform: DNS format (first.domain.com) → Standard (first@domain.com)
DNS Record Types: 8 available (A, AAAA, MX, CNAME, TXT, NS, SOA, CAA)
Response Time: < 500ms (cached: < 50ms)
Cache Duration: 5 minutes (300 seconds)
Export Formats: JSON, CSV, Plain Text
API Access: REST API at /api/v1/dns-lookup

Frequently Asked Questions

What is an SOA record in DNS?

An SOA (Start of Authority) record is a DNS record containing administrative information about a DNS zone. It includes seven fields: the primary nameserver (MNAME), administrator email (RNAME), serial number, refresh interval, retry interval, expire time, and minimum TTL. Every DNS zone must have exactly one SOA record at its apex. The SOA controls how secondary nameservers synchronize with the primary and how long cached data remains valid.

What are the 7 fields in an SOA record?

The 7 SOA record fields are: 1) MNAME - primary master nameserver, 2) RNAME - administrator email (stored with . instead of @), 3) Serial - zone version number, 4) Refresh - seconds between sync checks, 5) Retry - seconds between retry attempts, 6) Expire - seconds before zone becomes invalid, 7) Minimum - default/negative cache TTL. Our tool parses all seven fields and displays them in a clear grid layout.

What does the serial number mean in SOA records?

The serial number is a version identifier for the DNS zone. It must increase whenever zone records change. Secondary nameservers compare this number to detect updates—if the primary's serial is higher, they request a zone transfer. Common formats include YYYYMMDDNN (2024011701), Unix timestamps, or simple incrementing numbers. Higher serial always means a more recent zone version.

What is the difference between SOA and NS records?

NS records list ALL authoritative nameservers for a domain (typically 2-6 for redundancy). SOA records contain zone METADATA: the primary nameserver, admin contact, and timing parameters for synchronization. NS tells resolvers where to query; SOA tells those servers how to sync. Both are essential—use NS Lookup to see all nameservers, SOA Lookup for administration details.

How do refresh, retry, and expire work in SOA?

These three values control zone transfer timing: Refresh (e.g., 15m) = how often secondary nameservers check the primary for updates. Retry (e.g., 15m) = wait time between attempts if primary is unreachable. Expire (e.g., 7d) = how long secondaries serve cached data if primary stays unreachable. After expire, the zone is considered invalid. Our tool shows these in human-readable format.

Why is the admin email shown with a dot instead of @?

In DNS, the @ symbol has a special meaning (zone apex), so SOA records store email addresses with the first dot replacing @. For example, 'admin@example.com' becomes 'admin.example.com' in the RNAME field. Our tool automatically converts this back to standard email format for readability, so you'll see 'admin@example.com' in the results.

How do I check SOA records using nslookup?

In terminal, run: 'nslookup -type=soa example.com' (replace with your domain). This queries your default DNS server for the SOA record. For a specific DNS server, add it at the end: 'nslookup -type=soa example.com 8.8.8.8'. Our web tool provides the same information with human-readable formatting and no command line required.

What is the Minimum TTL field in SOA?

The Minimum TTL (also called negative TTL) serves two purposes: 1) Default TTL for records that don't specify their own, 2) How long DNS resolvers cache 'not found' (NXDOMAIN) responses. This prevents resolvers from repeatedly querying for non-existent subdomains. Typical values range from 5 minutes to 1 hour.

Can there be multiple SOA records for a domain?

No—by DNS specification (RFC 1035), each zone must have exactly one SOA record. Having multiple SOA records would cause undefined behavior and likely DNS resolution failures. If you see multiple SOA records, it indicates a serious zone configuration error that needs immediate attention.

What is a good refresh interval for SOA?

Typical refresh intervals range from 15 minutes to 24 hours depending on how frequently your DNS changes. Dynamic environments (frequent updates) benefit from shorter intervals (15-30 minutes) for faster propagation. Stable domains can use longer intervals (6-24 hours) to reduce DNS traffic. Most DNS providers set sensible defaults that work for most use cases.

Check Any Domain's SOA Records Now

Enter a domain above to view primary nameserver, admin email, serial number, and all timing settings. Free, fast, human-readable format.

Try Another Lookup