SOA records for subdomains?

I apologize, since I’m a new community forums user it doesn’t look like it’s allowing me to post links in this post. I searched the Community Forums for an answer, and didn’t find anything specific to this.

I run a community organization with domains the organization reserved a few years ago, and just recently launched a new site on one of these domains, with all other domains pointing to the .org domain. Currently, I use my VPS provider’s DNS to manage this domain.

As part of the new site rollout, I enabled Mailgun for bulk emails with the subdomain, since that is all that is supported by the website engine (Ghost). We sent our first bulk email newsletter this week, and it was mostly successful. However, there were some temporary failures, from Yahoo!/AOL.

The Yahoo! postmaser documentation for the RFC 5321 error suggests we are missing an SOA record for, since it is that domain that appears in the MAIL FROM SMTP header. When I tried to add the SOA record to my VPS provider’s DNS portal, due to a bug in the software they use it erased all of the records in the zone, including the base SOA record for When I reached out to my VPS provider, they recommended I move all of my domains to Cloudflare since they’re not my domain registrar. To explore Cloudflare, I’ve moved all but my to Cloudflare today.

It doesn’t look like SOA records can be added by the user in Cloudflare, at least not by the free plan user. Documentation suggests if Cloudflare is the authoritative DNS for the domain, it creates the SOA records automatically. If I move (along with to Cloudflare, will the SOA record for the subdomain be automatically created? Or is it not working for Yahoo!/AOL because my VPS provider doesn’t have something set up correctly (since they’re still the authoritative DNS for I’m not sure if it makes sense to have an SOA record for a subdomain, which is why I’m asking.

Cloudflare handles the SOA record for you.

However, it doesn’t make any sense to me that this is the problem. Are you sure it wasn’t an SPF record they said was missing?


I’d guess it’s some kind of delegation issue, as outlined in this article:

But it’s hard to be sure when we know neither the domain nor the details of the previous DNS setup.

@trey1 SOA records are not something you would ever touch as a user. If yahoo is returning an Unresolvable RFC.5321 from domain error, that would rather indicate a more general problem with your DNS setup.


OK, this all makes sense. I did some extra digging, at least into the temporary failures for Yahoo!/AOL recipients. It looks like all of them were ultimately delivered. Out of 188 bulk emails sent, only five of them failed, four temporarily. Three of those temporary failures were from this Yahoo!/AOL error, and the fourth temporary failure looked like it was on the recipient’s end. The permenant failure is likely due to the email address no longer being in service (554 error, not related to my DNS setup).

So, out of the 188 emails I sent, only three were for Yahoo!/AOL and had this missing SOA record error (I think these temporary failures didn’t affect all Yahoo!/AOL email addresses on my list, as several were delivered without issue). In my Ghost application, these look like they were at least received successfully ten minutes after the initial bulk email went out (18:30 local time July 12). And about half of those appeared to have opened the email at least.

I think this is exactly what happened, and for whatever reason Yahoo! couldn’t find the SOA record initially. Even though it most certainly existed at the time the original bulk email was sent, at least according to my VPS provider’s DNS portal.

Due to the DNS portal bug I had to totally recreate my DNS zone for, including for And my VPS provider doesn’t allow having a separate zone for subdomains, so I basically set everything back up from scratch.

Now when I run the following:

dig soa

It most definitely returns the SOA record for, and the temporary nature of this failure was borne out when Yahoo!/AOL delivered the message ten minutes later.

My guess is my VPS provider has either performance or configuration issues in their nameservers, and I should strongly consider moving to Cloudflare, as even my VPS provider suggests. It happened about a year ago where my VPS provider’s nameservers totally went down and I couldn’t get to my VPS.

Somehow my post confirming @Laudian 's reply didn’t show up. I think my VPS provider has performance or configuration problems in their DNS servers, as the temporary failures returned by Yahoo! were ultimately delivered. I had to recreate all of my DNS records for this zone from scratch due to the bug. Now when I run this command:

dig soa

I get the SOA record for returned, so it is workning now (I don’t recall checking it before the bulk email went out).

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.