Types writing DNS Zone file with
examples
A zone file holds the DNS resource records for all of the domain
names associated with the zone. Zone files store all of the data
served by a DNS server. This recipe describes the basic zone
file format without any resource records suitable for any type
of zone file.
The zone file needs to be created within the DNS server's
working directory. There is no requirement for filenames with
zone file, but a reasonable standard is db.domain.name, the name
of the domain preceded by db.
The basic format of the zone file is a time to live (TTL) field
followed by the start of authority (SOA) records. The TTL
instructs non-authoritative DNS servers how long to cache
records retrieved from the zone file. The longer this period,
the longer it will take to propagate changes to the zone files.
The shorter the TTL, the harder your DNS servers will work
beacuse beacuse non-authoritative servers will have to ask it
the same question more frequently. Values from a few hours to a
day are reasonable.
An integer TTL value is interpreted as seconds, although for
those of us who are not walking calculators, adding m at the end
means minutes, h hours, d days, and w weeks. A day would be
represented by any of the following lines:
$TTL 86400
$TTL 1440m
$TTL 24h
$TTL 1d
The SOA section is an intimidating chunk of code for the
uninitiated, but each field in the SOA has a meaningful purpose
and taken a piece at a time, it is simple. The SOA starts with
the zone's primary domain name (we'll use debiantest.com in this
recipe), the class of the zone (IN), SOA, and the following
seven fields in order:
MNAME The master dns server for the zone (for example
ns1.debiantest.com.).
RNAME An email address for someone responsible for the domain
(with the @ replaced with a .) such as nospam.debiantest.com.
Serial number This value is perhaps the greatest source of
DNS-related head scratching. To make things fast and efficient,
BIND processes zone files into another format. When BIND loads a
zone file at startup, it checks the serial number and only
processes the zone file if the serial number is bigger than its
previously processed version. So, if you change the zone file
but not the serial number, BIND will ignore the changes.
A common format for the serial number contains the date and a
unique serial number (YYYYMMDDNN) such as 2006011402 for the
second revision (02) of the file on January 14, 2006. This
allows for 100 changes to the file in a day. If more changes are
required, I recommend going home for a good night's sleep.
Refresh Secondary or slave servers can be configured to poll the
master server with this period to check if the serial number has
changed and therefore if it needs to update the zone file.
Retry If the master DNS server for the zone fails to answer a
slave server's request for an update, the slave server will ask
this often. Typically an hour or less.
Expire In the event of a failure of the master DNS server, a
slave server will continue to use its existing data for this
period of time. After the expire time has passed, the data are
considered stale and will not be used at which time the domain
will no loger resolve. This value should be long enough to allow
master server outages to be corrected, on the order of weeks.
Negative caching TTL Negative answers (such as when a requested
record does not exist) can be cached on non-authoritative
servers as well. This field acts like the overall TTL but
specifically for negative answers. Small values are appropriate
(15m to 2h).
The fields can be placed within parentheses if they extend over
more than one line. Putting this all together, the following is
the zone file (minus any resource records) for the domain
debiantest.com:
$TTL 1d
debiantest.com. IN SOA ns1.debiantest.com (
nospam.debiantest.com
2004010402
1h
15m
4w
1h )
Writing zone files
The second part of configuring a DNS server is the zone files.
These are the files that contain the list of all the hosts in
your domain, and their corresponding IP address.
First, there's a number of DNS records that needs a little
explanation.
SOA - Start of Authority. This is the record that states that
this server is authorative for the specified domain.
NS - Name server: Specifies the name server to use to look up a
domain
MX - Mail Exchange: Specifies mail server(s) for the domain.
A - A Record: Used for linking a FQDN to an IP address
CNAME - Canoical name: Used to assign aliases to existing A
records.
PTR - Used to reveres map IP addresses to a FQDN.
There's many other types of records, but these are the most
commonly used records.
A zone file contains two parts. First, the SOA section, and then
the list of DNS records. A typical zone file will look something
like this:
$TTL 86400
@ IN SOA mailer.debiantest.net. hostmaster.debiantest.net.(
2003060919; serial
21600; refresh every 6 hours
3600; retry after one hour
604800; expire after a week
86400 ); minimum TTL of 1 day
IN NS mailer.debiantest.net.
IN MX 10 mailer.debiantest.net.
mailer IN A 192.168.3.1
firewall IN A 192.168.3.19
switch IN A 192.168.3.3
relay IN A 192.168.3.20
cisco IN CNAME switch
www IN CNAME mailer
mrtg IN CNAME mailer
The SOA record might be a little tricky. First, it lists the
name server for the domain, and next the e-mail address of the
administer of the domain (note that the @ has been replaced by a
period). The serial number doesn't have to be a date, however,
whenever a change to the zone file on the master DNS server is
changed, the serial number must be increased by some value. That
way, any slave server(s) will know that an update has been made,
and they'll do a zone transfer to get the newest copy of the
zone file. The other numbers are explained in the file itself,
and the numbers I have here are the default values... The next
record is the name server record. Here, it simply refers to
itself as the name server, however, if you have several servers
for a domain (one master, and at least one slave), you should
put in an entry for each name server.
The MX record also points to the same server. If you have more
than one mail server, you can add several MX records. The value
is for priority; the lower the number, the higher the priority.
A secondary mail server should therefore have a higher value
(i.e. 20).
Next are all the A records in no specific order. If you have
many hosts, you may want to put them in alphabetically or
numerically, whichever works for you. And, at the end, I have
the CNAME records. Since my "mailer" server is also my web
server, I needed the "www" to point to the same IP address as
"mailer".
And, now, the reverse zone file with all the PTR records. This
is really handy of you need to look up a host name when you know
the IP address.
$TTL 86400
@ IN SOA mailer.debiantest.net. hostmaster.debiantest.net.(
0606190719 ; serial
21600 ; refresh after 6 hours
3600 ; retry in 1 hour
604800 ; expire after a week
86400 ) ; minimum TTL of one day
IN NS mailer.debiantest.net.
19 IN PTR firewall.debiantest.net.
3 IN PTR switch.debiantest.net.
1 IN PTR mailer.debiantest.net.
20 IN PTR relay.debiantest.net.
There isn't much difference in how the zone file looks, except
that it contains only the SOA record and PTR records. The IP
address range has been specified in the configuration file, so
only the last octet is listed in the zone file.
