The SOA DNS Resource Record Explained

soa dnsDNS is an acronym for the Domain Name System (or the Domain Number System, or Domain Name Server – take your pick). Domain Name Systems act as a translator between the domain name that we know as the URL and the computerized number version of this name known as the Internet Protocol (IP) address. Every website we visit on the web has these two addresses associated with the data stored on the webpage. It would be difficult –to say the least – to remember a series of numbers, like, for each website we want to visit. So instead, the DNS was born to connect more practical names like,, to these numbers to retrieve information. Because of this, the DNS is sometimes referred to as the Internet’s Phone book, making connections between users like you and me, and the computer language which reads all of the pertinent data. Network engineering is a complex field of computer jargon and things you can’t see. In this TCP/IP training video learn how Transmission Control Protocol and Internet Protocols connect and communicate throughout the Internet.

This transfer of information from the domain name to the DNS and back to the browser is called a forward lookup. It’s a function of the DNS database that allows the domain name to be searched in the “phone book” to locate the appropriate IP address. Likewise, there is a reverse lookup that allows you to utilize the IP address to resolve the proper domain name. These two functions are called lookup commands. In addition to the forward and reverse lookup there are other related commands that retrieve information about the DNS server. One of these is the nslookup command that will retrieve the SOA DNS record information. For more DNS lookup commands read From Dig to Host.

SOA stands for Start of Authority and indicates that a DNS name server is in fact the best source of data for a specified domain. When you use SOA you can expect to retrieve the following data:

Source host

This is the host where the file originated from. It is displayed as a name server.

Serial Number

This serial number is meant to be revised in the zone file every time a change is made. This is to ensure that all of the changes made to the file will be given to the proper secondary DNS servers. Change this value in increments in each event a change is made to the zone file. The number that pulls from the SOA resource record is the current revision status number.

Refresh Time

The refresh time is the amount of seconds a secondary DNS server waits before checking the primary DNS server’s record for implemented changes. If the refreshing period (which is indicated here in seconds) expires the secondary DNS server automatically sends a request for a copy of the existing primary DNS SOA record. It then compares the two serial numbers to see if there are any current revisions that were never distributed to the secondary server. If the serial values are not identical, the secondary DNS will ask for a zone transfer from the primary DNS server.

Retry Time

When the zone transfer is requested due to varying serial numbers between the primary and secondary DNS, the secondary server waits a certain amount of seconds before resending the request. The amount of seconds it waits is dubbed the retry time.

Expire Time

When the retry time is exceeded and the secondary server is still not receiving an answer, it will expire the zone transfer request. It does this to ensure that due to the time passed it is not going to receive expired information. The time retrieved by the SOA DNS resource record indicates the amount of time the secondary server will wait. Sometimes when errors like this occur it can be frustrating to fix. Learn about network troubleshooting in this course.

Minimum TTL

TTL stands for time-to-live and its job is to let other servers know how long they should keep data in their cache.

To query the SOA resource record:

  • Open your command line by going to Start>Run and typing in cmd. (New to the command line? Check out this online tutorial Master the Linux Command Line.)
  • Use the command nslookup and hit enter.
  • To identify what record you are interested in retrieving type in set type=soa. Hit enter.
  • Now you can type in the domain you want to look up. This can be any domain name, like, or Hit enter.
  • You’ll notice that the record will indicate this is a non-authoritative answer. To get the authoritative answer you’ll need to use the name server which can be located at the beginning of the non-authoritative answer. It will look something like
  • Using your name server, type in server Hit enter.
  • And the last step is to type the domain name again, like,, and hit enter. You will see a lot more information than you did before.

The SOA DNS resource record is an easy tool to use for locating source information about a domain. If the idea of network engineering and IT support gets your gears turning learn how to become a network engineer in this course – and get paid to do something you enjoy.