We help IT Professionals succeed at work.

DNS SOA Record example

jskfan asked
DNS SOA Record example

I would like to know what is DNS SOA Record.
For instance I have WIndows DNS as shown on the Screenshot below.. where can I find the SOA Record ?

Thank you

Watch Question

A DNS SOA record is a (StartOf Authority) record. In your example screenshot, the SOA record will exist at both the root of test.local and the root of _msdcs.test.local. These are both DNS zones in their own right and a SOA record needs to be present where it is delegated to. For example if you have 2 DNS servers on your domain. 1 a domain controller, the other a member server.


dc1.test.local will have an SOA record for the DNS zone test.local.
server1.test.local will have an SOA record for the DNS zone sub.test.local.

If you were to have a subdomain called sub2.test.local that was not delegated to any other name servers, then there will be no SOA record at this level. Going back to your DNS zones in your Active Directory Domain Services environment, the highlighted yellow points will contain an SOA (_msdcs.test.local because of the DNS delegation from test.local signified by the red line). All other subdomains will have no SOA record, unless they are delegated somewhere else.

The purpose of the SOA record is that the SOA record contains information about the DNS zone with regard to zone transfers, TTL's, contact info, etc. It is basically a work horse record that keeps slave name servers in sync with the primary name server. For example:

The Serial number tells the secondary/slave DNS servers when there has been an update, and therefore to initiate a zone transfer request.
The refresh interval tells secondary servers when they should request an update from the master/primary DNS server.
The expire interval will tell a slave/secondary DNS server how long to wait before it stops serving the DNS zone after it has lost contact with the primary server.
And so on...

The Internet will otherwise be filled with articles discussing the SOA record and its nuances.


if I understand the Forward Lookup Zones have SOA Record , I believe the Reverse Lookup Zone also has SOA.
I also am not clear with Delegation, if you can explain what it is.

Thank you
Whether the zone is a forward or reverse lookup is irrelevant and if you want to simplify it:

Forward lookup zones match records to IP's (host.name =
Reverse lookup zones match IP's to records ( = host.name)

Both will have SOA records. I could probably go on and on about how DNS works, but first you should read up about it. Refer to the MS documentation on DNS concepts here. Once you have some grounding, then you can consider the concept of DNS delegation.

A delegation, is just how DNS tells clients/servers which name server looks after queries for that domain. So out on the Internet when you acquire permission to license a domain and you pick your DNS servers, the (for example) .com registry creates a DNS delegation that points to your chosen name servers. In the example of your domain lets focus on _msdcs.test.local.

In your forward lookup zone under test.local, you will notice that the subdomain _msdcs is greyed out. If you select this you will see what it has been delegated and it will contain the records for the name servers which should be queries; these will be your actual DC's again and then of course you have a zone called _msdcs.test.local, and this is where the delegation is going. You can go ahead if you want an created a new delegation called "example" under test.local and point it at some non-existing IP's to see how it works.
David FavorFractional CTO
Distinguished Expert 2018

1) What is a SOA record. See Learnctx's first comment.

2) To see your SOA record...

One way...

imac> dig +short davidfavor.com soa
net10.wpfastsites.com. root.davidfavor.com. 2020011739 43200 900 1209600 300

Open in new window

3) if I understand the Forward Lookup Zones have SOA Record , I believe the Reverse Lookup Zone also has SOA.

PTR records (reverse lookup) are just another type of DNS record.


The way to think about this is one zone (collection of DNS records associated with a domain) has one SOA record.

4) I also am not clear with Delegation, if you can explain what it is.

Unsure what you're asking here.

Expand on your question, mentioning your exact concern or problem to resolve.


Thank you
David FavorFractional CTO
Distinguished Expert 2018

You're welcome!
nociSoftware Engineer
Distinguished Expert 2018

Delegations is some NS record redirecting further lookups to Another Name Server.
The zone for which this is done needs to have a SOA record.

(The delegation can be to the same server if needed).  SOA means all records in the tree below that one belong to it. ...
google does NOT manage the .COM zone,  it does manage the GOOGLE.COM zone.
The SOA record tells everyone concerned about this.

It also tells the read of the record  some more info: the Principal Name server for the zone (master), all others in the NS records are slaves.
The mail address to send cimplaints to (without a @ it is the first . in  its name)  a serial number and some other info for the slaves to sync to their master.