Debianhelp.co.uk


Types writing DNS Zone file with examples

A zone file holds the DNS resource records for all of the domain names associated with the zone. Zone files store all of the data served by a DNS server. This recipe describes the basic zone file format without any resource records suitable for any type of zone file.
The zone file needs to be created within the DNS server's working directory. There is no requirement for filenames with zone file, but a reasonable standard is db.domain.name, the name of the domain preceded by db.

The basic format of the zone file is a time to live (TTL) field followed by the start of authority (SOA) records. The TTL instructs non-authoritative DNS servers how long to cache records retrieved from the zone file. The longer this period, the longer it will take to propagate changes to the zone files. The shorter the TTL, the harder your DNS servers will work beacuse beacuse non-authoritative servers will have to ask it the same question more frequently. Values from a few hours to a day are reasonable.

An integer TTL value is interpreted as seconds, although for those of us who are not walking calculators, adding m at the end means minutes, h hours, d days, and w weeks. A day would be represented by any of the following lines:

$TTL 86400
$TTL 1440m
$TTL 24h
$TTL 1d


The SOA section is an intimidating chunk of code for the uninitiated, but each field in the SOA has a meaningful purpose and taken a piece at a time, it is simple. The SOA starts with the zone's primary domain name (we'll use debiantest.com in this recipe), the class of the zone (IN), SOA, and the following seven fields in order:

MNAME The master dns server for the zone (for example ns1.debiantest.com.).

RNAME An email address for someone responsible for the domain (with the @ replaced with a .) such as nospam.debiantest.com.

Serial number This value is perhaps the greatest source of DNS-related head scratching. To make things fast and efficient, BIND processes zone files into another format. When BIND loads a zone file at startup, it checks the serial number and only processes the zone file if the serial number is bigger than its previously processed version. So, if you change the zone file but not the serial number, BIND will ignore the changes.

A common format for the serial number contains the date and a unique serial number (YYYYMMDDNN) such as 2006011402 for the second revision (02) of the file on January 14, 2006. This allows for 100 changes to the file in a day. If more changes are required, I recommend going home for a good night's sleep.

Refresh Secondary or slave servers can be configured to poll the master server with this period to check if the serial number has changed and therefore if it needs to update the zone file.

Retry If the master DNS server for the zone fails to answer a slave server's request for an update, the slave server will ask this often. Typically an hour or less.

Expire In the event of a failure of the master DNS server, a slave server will continue to use its existing data for this period of time. After the expire time has passed, the data are considered stale and will not be used at which time the domain will no loger resolve. This value should be long enough to allow master server outages to be corrected, on the order of weeks.

Negative caching TTL Negative answers (such as when a requested record does not exist) can be cached on non-authoritative servers as well. This field acts like the overall TTL but specifically for negative answers. Small values are appropriate (15m to 2h).

The fields can be placed within parentheses if they extend over more than one line. Putting this all together, the following is the zone file (minus any resource records) for the domain debiantest.com:



$TTL 1d
debiantest.com. IN SOA ns1.debiantest.com (
nospam.debiantest.com
2004010402
1h
15m
4w
1h )

Writing zone files

The second part of configuring a DNS server is the zone files. These are the files that contain the list of all the hosts in your domain, and their corresponding IP address.

First, there's a number of DNS records that needs a little explanation.

SOA - Start of Authority. This is the record that states that this server is authorative for the specified domain.

NS - Name server: Specifies the name server to use to look up a domain

MX - Mail Exchange: Specifies mail server(s) for the domain.

A - A Record: Used for linking a FQDN to an IP address

CNAME - Canoical name: Used to assign aliases to existing A records.

PTR - Used to reveres map IP addresses to a FQDN.

There's many other types of records, but these are the most commonly used records.

A zone file contains two parts. First, the SOA section, and then the list of DNS records. A typical zone file will look something like this:

$TTL 86400
@ IN SOA mailer.debiantest.net. hostmaster.debiantest.net.(
2003060919; serial
21600; refresh every 6 hours
3600; retry after one hour
604800; expire after a week
86400 ); minimum TTL of 1 day

IN NS mailer.debiantest.net.
IN MX 10 mailer.debiantest.net.
mailer IN A 192.168.3.1
firewall IN A 192.168.3.19
switch IN A 192.168.3.3
relay IN A 192.168.3.20

cisco IN CNAME switch
www IN CNAME mailer
mrtg IN CNAME mailer

The SOA record might be a little tricky. First, it lists the name server for the domain, and next the e-mail address of the administer of the domain (note that the @ has been replaced by a period). The serial number doesn't have to be a date, however, whenever a change to the zone file on the master DNS server is changed, the serial number must be increased by some value. That way, any slave server(s) will know that an update has been made, and they'll do a zone transfer to get the newest copy of the zone file. The other numbers are explained in the file itself, and the numbers I have here are the default values... The next record is the name server record. Here, it simply refers to itself as the name server, however, if you have several servers for a domain (one master, and at least one slave), you should put in an entry for each name server.

The MX record also points to the same server. If you have more than one mail server, you can add several MX records. The value is for priority; the lower the number, the higher the priority. A secondary mail server should therefore have a higher value (i.e. 20).

Next are all the A records in no specific order. If you have many hosts, you may want to put them in alphabetically or numerically, whichever works for you. And, at the end, I have the CNAME records. Since my "mailer" server is also my web server, I needed the "www" to point to the same IP address as "mailer".

And, now, the reverse zone file with all the PTR records. This is really handy of you need to look up a host name when you know the IP address.

$TTL 86400
@ IN SOA mailer.debiantest.net. hostmaster.debiantest.net.(
0606190719 ; serial
21600 ; refresh after 6 hours
3600 ; retry in 1 hour
604800 ; expire after a week
86400 ) ; minimum TTL of one day

IN NS mailer.debiantest.net.

19 IN PTR firewall.debiantest.net.
3  IN  PTR switch.debiantest.net.
1  IN  PTR mailer.debiantest.net.
20 IN PTR relay.debiantest.net.

There isn't much difference in how the zone file looks, except that it contains only the SOA record and PTR records. The IP address range has been specified in the configuration file, so only the last octet is listed in the zone file.