SOA Record Lookup

Read the SOA (Start of Authority) record for any domain. Enter a domain and this tool queries live DNS and breaks the SOA into its parts — the primary nameserver, the admin contact, the zone serial number, and the refresh, retry, expire and minimum timers — each explained in plain terms. The SOA is the administrative heart of a DNS zone, and its serial is the fastest way to tell whether a change has been published yet.

Runs in your browser over DNS-over-HTTPS (Google / Cloudflare). Nothing is sent to our server and nothing is stored.

How to use the SOA Record Lookup

Enter the registered domain (the zone apex) and press Look up SOA record. The tool parses the single SOA and shows:

  • The MNAME (primary nameserver) and RNAME (admin contact, converted to a readable email).
  • The serial number — the zone's version stamp.
  • The refresh, retry, expire and minimum timers, each shown in seconds and as a human duration.

Query the apex domain, not a subdomain: every delegated zone has exactly one SOA at its apex. A subdomain returns the parent zone's SOA in the authority section unless it is itself a separate zone.

The SOA record, field by field

Every DNS zone has exactly one SOA record at its apex. It holds the zone's administrative metadata and the timers that govern how secondary nameservers stay in sync with the primary. It looks like a single line of seven fields, and each one means something specific:

  • MNAME — the primary (master) nameserver, the authoritative source the zone is edited on.
  • RNAME — the administrator's email, written in DNS style with the @ replaced by a dot (so hostmaster.example.com means [email protected]).
  • Serial — a version number for the zone. It must increase every time the zone is edited; secondaries compare serials to decide whether they need to pull a fresh copy. A common convention is the date plus a counter, like 2024051001.
  • Refresh — how often a secondary checks the primary's serial for changes.
  • Retry — how long a secondary waits before retrying after a failed refresh.
  • Expire — how long a secondary keeps serving the zone if it cannot reach the primary at all, before it gives up and stops answering.
  • Minimum — today this is the negative-caching TTL: how long resolvers cache a "this record does not exist" answer for the zone.

The field people use most in practice is the serial. After you edit a zone, the serial should go up; if you check the SOA and the serial has not changed, your edit has not been published by the authoritative servers yet. The timers matter mainly for zones with secondary nameservers — they tune the trade-off between how quickly secondaries pick up changes and how much load they put on the primary. Even on a single-provider setup, the minimum value is worth knowing because it controls how long a mistaken NXDOMAIN sticks in caches.

Common use cases

  • Confirming a zone change published — check whether the serial increased after you edited the zone.
  • Finding the primary nameserver — read the MNAME to see which server the zone is authoritatively edited on.
  • Finding the admin contact — get the hostmaster email a zone publishes for its administrator.
  • Tuning secondary sync — review the refresh, retry and expire timers when running secondary nameservers.
  • Understanding negative caching — read the minimum value to know how long NXDOMAIN answers are cached.

Reading the serial to track propagation

The SOA serial is the cleanest single signal that a DNS change has been published. The workflow:

  • Note the serial before you edit. Look it up here and remember the number.
  • Make your change in the DNS provider and save.
  • Re-check the SOA. If the serial has increased, the authoritative servers have your new zone. If it has not, the change is still pending on the provider's side.

Bear in mind this shows the serial a public recursive resolver currently holds, which can itself be cached briefly. For tracking whether several resolvers have caught up with a specific record change, pair this with the DNS Propagation Checker, and to read individual records use the DNS Lookup.

Frequently asked questions

How do I look up a domain's SOA record?
Enter the domain (the zone apex) above and press Look up SOA record. The tool parses the SOA and shows the primary nameserver, admin contact, serial and all four timers in both seconds and human-readable form.

What is the SOA serial number for?
It is the zone's version stamp. It must increase on every edit so secondary nameservers know to pull a fresh copy. Checking whether the serial increased after a change is the quickest way to confirm the change was published.

What do refresh, retry and expire mean?
They control secondary nameservers. Refresh is how often a secondary checks for changes, retry is how long it waits after a failed check, and expire is how long it keeps serving the zone if it cannot reach the primary before giving up.

What is the SOA minimum value?
In modern DNS the minimum field sets the negative-caching TTL: how long resolvers cache a "no such record" (NXDOMAIN) answer for the zone. A high value means a mistaken absence lingers longer in caches.

Why does my subdomain return a different SOA?
A subdomain that is not its own zone returns the parent zone's SOA. Every delegated zone has exactly one SOA at its apex, so query the registered domain to see that zone's authority record.

Does this store the domains I check?
No. The lookup runs in your browser directly against Google or Cloudflare DNS-over-HTTPS. Nothing is sent to our server and nothing is logged.