Zone file

Last updated

DNS Zone File
Filename extension
.zone
Internet media type
text/dns
Developed by ISI
Initial release1987;37 years ago (1987)
Type of format File format
Standards RFC   1034, 1035, 2308, 4027
Open format?Yes

A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR). A zone file may be either a DNS master file, authoritatively describing a zone, or it may be used to list the contents of a DNS cache. [1]

Contents

File format

The format of a zone file is defined in RFC   1035 (section 5) and RFC   1034 (section 3.6.1). This format was originally used by the Berkeley Internet Name Domain (BIND) software package, but has been widely adopted by other DNS server software – though some of them (e.g. NSD, PowerDNS) are using the zone files only as a starting point to compile them into database format, see also Microsoft DNS with Active Directory-database integration.

A zone file is a sequence of line-oriented entries, each of which is either a directive or a text description that defines a single resource record (RR). An entry is composed of fields separated by any combination of white space (tabs and spaces), and ends at a line boundary except inside a quoted string field value or a pair of enclosing formatting parentheses. Any line may end with comment text preceded by a semicolon, and the file may also contain any number of blank lines.

Entries may occur in any order in a zone file with an exception that SOA record must be at top of the zone.

Directives are control entries that affect the rest of the zone file. The first field of a directive consists of a dollar sign followed by a keyword:

A resource record entry consists of several fields as follows (both field orderings are acceptable and may be used interchangeably):

namettlrecord classrecord typerecord data
namerecord classttlrecord typerecord data

The name field may be left blank. If so, the record inherits the field from the previous record. A free standing @ is used to denote the current origin.

The ttl field specifies the number of seconds after which a caching client must discard the record and perform a new resolution operation to obtain fresh information. Some name servers, including BIND, allow nonstandard representations that use time unit abbreviations (for example, "2d" meaning two 24-hour days or "1h30m" meaning one hour and 30 minutes). It may be omitted, in which case the resulting value will be set from the default TTL (if defined) or from the preceding record.

The record class field indicates the namespace of the record information. It may be omitted, in which case the resulting value will be set from the preceding record. The most commonly used namespace is that of the Internet, indicated by parameter IN, but others exist and are in use, e.g., CHAOS .

The record type field is an abbreviation for the type of information stored in the last field, record data. For example: an address record (type A for IPv4, or type AAAA for IPv6,) maps the domain name from the first field to an IP address in the record data; a mail exchanger record (type MX) specifies the Simple Mail Transfer Protocol (SMTP) mail host for a domain.

The record data field may consist of one or more information elements, depending on the requirements of each record type. For example, an address record only requires an address, while a mail exchanger record requires a priority and a domain name. Such information elements are represented as fields separated by white space.

Example file

An example of a zone file for the domain example.com is the following:

<syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">$ORIGIN example.com.     ; designates the start of this zone file in the namespace</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com</syntaxhighlight>               <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com</syntaxhighlight>               <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">www           IN  CNAME example.com.          ; www.example.com is an alias for example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com</syntaxhighlight> <syntaxhighlight lang="zone" class="" style="background:none; border:none; color:inherit; padding: 0px 0px;" inline="1">mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com</syntaxhighlight>

At minimum, the zone file must specify the Start of Authority (SOA) record with the name of the authoritative master name server for the zone and the email address of someone responsible for management of the name server (represented as a domain name, with a full stop character in place of the usual @ symbol). The parameters of the SOA record also specify a list of timing and expiration parameters (serial number, slave refresh period, slave retry time, slave expiration time, and the maximum time to cache the record). Some name servers, including BIND, also require at least one additional NS record.

In the zone file, domain names that end with a full stop character (such as "example.com." in the above example) are fully qualified while those that do not end with a full stop are relative to the current origin (which is why www in the above example refers to www.example.com).

A zone file is referenced by the configuration file of the name server software. For example, BIND typically uses a statement such as:

zone "example.com" { type master; file "/var/named/db.example.com"; };

Root zone and top-level domains

The zone files for the DNS root zone and for the set of top-level domains contain resource records only for the authoritative domain name servers for each domain name.

Localhost

Some server software automatically configures resource records for specially recognized domains or hostnames, such as localhost, but a customized zone master file may be used.

An example for manual configuration of the forward zone for localhost is the following:

$ORIGINlocalhost.@86400INSOA@root(                  1999010100; serial                       10800; refresh (3 hours)                         900; retry (15 minutes)                      604800; expire (1 week)                       86400; minimum (1 day)                    )@86400INNS@@86400INA127.0.0.1@86400INAAAA::1

The corresponding reverse zone definition is:

;; reverse zone file for 127.0.0.1 and ::1$TTL1814400; 3 weeks@1814400INSOAlocalhost.root.localhost.(                      1999010100; serial                           10800; refresh (3 hours)                             900; retry (15 minutes)                          604800; expire (1 week)                           86400; minimum (1 day)                        )@1814400INNSlocalhost.11814400INPTRlocalhost.

This file does not specify the origin so that it may be used for both IPv4 and IPv6 with this configuration:

zone "0.0.127.in-addr.arpa"  IN {                                type master;                                file "r.local";                                };zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"  IN {                                type master;                                file "r.local";                                };

Similar zone master files may be created for the reverse resolution of the broadcast address and the null address. Such zone files prevent a DNS server from referring to other, possibly external DNS servers.

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">IPv6</span> Version 6 of the Internet Protocol

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last non-empty label of a fully qualified domain name. For example, in the domain name www.example.com, the top-level domain is .com. Responsibility for management of most top-level domains is delegated to specific organizations by the ICANN, an Internet multi-stakeholder community, which operates the Internet Assigned Numbers Authority (IANA), and is in charge of maintaining the DNS root zone.

Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

A mail exchanger record specifies the mail server responsible for accepting email messages on behalf of a domain name. It is a resource record in the Domain Name System (DNS). It is possible to configure several MX records, typically pointing to an array of mail servers for load balancing and redundancy.

<span class="mw-page-title-main">Root name server</span> Name server for the DNS root zone

A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in resolving human-readable host names into IP addresses that are used in communication between Internet hosts.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a * as the leftmost label (part) of a domain name, e.g. *.example.com. The exact rules for when a wildcard will match are specified in RFC 1034, but the rules are neither intuitive nor clearly specified. This has resulted in incompatible implementations and unexpected results when they are used.

In computer networking, localhost is a hostname that refers to the current computer used to access it. The name localhost is reserved for loopback purposes. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.

The name example is reserved by the Internet Engineering Task Force (IETF) as a domain name that may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

<span class="mw-page-title-main">DNS zone</span> Administrable unit of the Domain Name System

A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into different zones, distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another; however, a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.

The name localhost is reserved by the Internet Engineering Task Force (IETF) as a domain name label that may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet.

Multicast DNS (mDNS) is a computer networking protocol that resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as unicast Domain Name System (DNS). It was designed to work as either a stand-alone protocol or compatible with standard DNS servers. It uses IP multicast User Datagram Protocol (UDP) packets and is implemented by the Apple Bonjour and open-source Avahi software packages, included in most Linux distributions. Although the Windows 10 implementation was limited to discovering networked printers, subsequent releases resolved hostnames as well. mDNS can work in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration networking technique specified separately in RFC 6763.

A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server for fetching a given URL.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

<span class="mw-page-title-main">IPv6 address</span> Label to identify a network interface of a computer or other network node

An Internet Protocol version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

A start of authority record is a type of resource record in the Domain Name System (DNS) containing administrative information about the zone, especially regarding zone transfers. The SOA record format is specified in RFC 1035.

References

  1. RFC   1035, Domain Names - Implementation and Specification, P. Mockapetris, (November 1987)