12.3. Zone Files

12.3.1. Zone File Directives

Directives begin with the dollar sign character ($) followed by the name of the directive. They usually appear at the top of the zone file.

The following are commonly used directives:

• $INCLUDE — Configures named to include another zone file in this zone file at the place where the directive appears. This allows additional zone settings to be stored apart from the main zone file.

• $ORIGIN — Appends the domain name to unqualified records, such as those with the hostname and nothing more.

  For example, a zone file may contains the following line:

  $ORIGIN example.com

  Any names used in resource records that do not end in a trailing period (.) will have example.com appended to them.

  	Note
  	The use of the $ORIGIN directive is unnecessary if the zone is specified in /etc/named.conf because the zone name is used as the value for the $ORIGIN directive by default.

• $TTL — Sets the default Time to Live (TTL) value for the zone. This is the length of time, in seconds, a zone resource record is valid. Each resource record can contain its own TTL value, which overrides this directive.

  Increasing this value allows remote nameservers to cache the zone information for a longer period of time, reducing the number of queries for the zone and lengthening the amount of time required to proliferate resource record changes.

12.3.2. Zone File Resource Records

The primary component of a zone file is its resource records.

There are many types of zone file resource records. The following are used most frequently:

• A — Address record, which specifies an IP address to assign to a name, as in this example:

  <host> IN A <IP-address>

  If the <host> value is omitted, then an A record points to a default IP address for the top of the namespace. This system is the target for all non-FQDN requests.

  Consider the following A record examples for the example.com zone file:

  IN A 10.0.1.3 server1 IN A 10.0.1.5

  Requests for example.com are pointed to 10.0.1.3, while requests for server1.example.com are pointed to 10.0.1.5.

• CNAME — Canonical name record, maps one name to another. This type of record is also known as an alias record.

  The next example tells named that any requests sent to the <alias-name> will point to the host, <real-name>. CNAME records are most commonly used to point to services that use a common naming scheme, such as www for Web servers.

  <alias-name> IN CNAME <real-name>

  In the following example, an A record binds a hostname to an IP address, while a CNAME record points the commonly used www hostname to it.

  server1 IN A 10.0.1.5 www IN CNAME server1

• MX — Mail eXchange record, which tells where mail sent to a particular namespace controlled by this zone should go.

  IN MX <preference-value> <email-server-name>

  In this example, the <preference-value> allows numerical ranking of the email servers for a namespace, giving preference to some email systems over others. The MX resource record with the lowest <preference-value> is preferred over the others. However, multiple email servers can possess the same value to distribute email traffic evenly among them.

  The <email-server-name> may be a hostname or FQDN.

  IN MX 10 mail.example.com. IN MX 20 mail2.example.com.

  In this example, the first mail.example.com email server is preferred to the mail2.example.com email server when receiving email destined for the example.com domain.

• NS — NameServer record, which announces the authoritative nameservers for a particular zone.

  This is an example of an NS record:

  IN NS <nameserver-name>

  The <nameserver-name> should be a FQDN.

  Next, two nameservers are listed as authoritative for the domain. It is not important whether these nameservers are slaves or if one is a master; they are both still considered authoritative.

  IN NS dns1.example.com. IN NS dns2.example.com.

• PTR — PoinTeR record, designed to point to another part of the namespace.

  PTR records are primarily used for reverse name resolution, as they point IP addresses back to a particular name. See Section 12.3.4 Reverse Name Resolution Zone Files for more examples of PTR records in use.

• SOA — Start Of Authority record, proclaims important authoritative information about a namespace to the nameserver.

  Located after the directives, an SOA resource record is the first resource record in a zone file.

  The following example shows the basic structure of an SOA record:

  @ IN SOA <primary-name-server> <hostmaster-email> ( <serial-number> <time-to-refresh> <time-to-retry> <time-to-expire> <minimum-TTL> )

  The @ symbol places the $ORIGIN directive (or the zone's name, if the $ORIGIN directive is not set) as the namespace being defined by this SOA resource record. The primary nameserver that is authoritative for this domain is used for the <primary-name-server>, and the email of the person to contact about this namespace is substituted for the <hostmaster-email>.

  The <serial-number> is incremented every time you change the zone file so that named will know that it should reload this zone. The <time-to-refresh> tells any slave servers how long to wait before asking the master nameserver if any changes have been made to the zone. The <serial-number> value is used by the slave to determine if it is using outdated zone data and should refresh it.

  The <time-to-retry> tells the slave nameserver the interval to wait before issuing another refresh request, if the master nameserver is not answering. If the master has not replied to a refresh request before the <time-to-expire> elapses, the slave stops responding as an authority for requests concerning that namespace.

  The <minimum-TTL> requests that other nameservers cache the zone's information for at least this amount of time (in seconds).

  With BIND, all times refer to seconds. However, it is possible to use abbreviations when specifying units of time other than seconds, such as minutes (M), hours (H), days (D), and weeks (W). The table in Table 12-1 shows an amount of time in seconds and the equivalent time in another format.

  Seconds	Other Time Units
  60	1M
  1800	30M
  3600	1H
  10800	3H
  21600	6H
  43200	12H
  86400	1D
  259200	3D
  604800	1W
  31536000	365D

  Table 12-1. Seconds compared to other time units

  The following example illustrates the form an SOA resource record might take when it is configured with real values.

  @ IN SOA dns1.example.com. hostmaster.example.com. ( 2001062501 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day

12.3.3. Example Zone File

Seen individually, directives and resource records can be difficult to grasp. However, when placed together in a single file, they become easier to understand.

The following example shows a very basic zone file.

$ORIGIN example.com
$TTL 86400
@     IN     SOA    dns1.example.com.     hostmaster.example.com. (
                    2001062501 ; serial
                    21600      ; refresh after 6 hours
                    3600       ; retry after 1 hour
                    604800     ; expire after 1 week
                    86400 )    ; minimum TTL of 1 day

      IN     NS     dns1.example.com.
      IN     NS     dns2.example.com.

      IN     MX     10     mail.example.com.
      IN     MX     20     mail2.example.com.

             IN     A       10.0.1.5

server1      IN     A       10.0.1.5
server2      IN     A       10.0.1.7
dns1         IN     A       10.0.1.2
dns2         IN     A       10.0.1.3

ftp          IN     CNAME   server1
mail         IN     CNAME   server1
mail2        IN     CNAME   server2
www          IN     CNAME   server2

In this example, standard directives and SOA values are used. The authoritative nameservers are set as dns1.example.com and dns2.example.com, which have A records that tie them to 10.0.1.2 and 10.0.1.3, respectively.

The email servers configured with the MX records point to server1 and server2 via CNAME records. Since the server1 and server2 names do not end in a trailing period (.), the $ORIGIN domain is placed after them, expanding them to server1.example.com and server2.example.com. Through the related A resource records, their IP addresses can be determined.

FTP and Web services, available at the standard ftp.example.com and www.example.com names, are pointed at the appropriate servers using CNAME records.

12.3.4. Reverse Name Resolution Zone Files

A reverse name resolution zone file is used to translate an IP address in a particular namespace into a FQDN. It looks very similar to a standard zone file, except that PTR resource records are used to link the IP addresses to a fully qualified domain name.

A PTR record looks similar to this:

<last-IP-digit>      IN     PTR    <FQDN-of-system>

The <last-IP-digit> relates to the last number in an IP address that should point to a particular system's FQDN.

In the follow example, IP addresses 10.0.1.20 through 10.0.1.25 are pointed to corresponding FQDNs.

$ORIGIN 1.0.10.in-addr.arpa
$TTL 86400
@     IN     SOA    dns1.example.com.     hostmaster.example.com. (
                    2001062501 ; serial
                    21600      ; refresh after 6 hours
                    3600       ; retry after 1 hour
                    604800     ; expire after 1 week
                    86400 )    ; minimum TTL of 1 day

      IN     NS     dns1.example.com.
      IN     NS     dns2.example.com.

20    IN     PTR    alice.example.com.
21    IN     PTR    betty.example.com.
22    IN     PTR    charlie.example.com.
23    IN     PTR    doug.example.com.
24    IN     PTR    ernest.example.com.
25    IN     PTR    fanny.example.com.

This zone file would be called into service with a zone statement in the named.conf file which looks similar to the following:

zone "1.0.10.in-addr.arpa" IN {
  type master;
  file "example.com.rr.zone";
  allow-update { none; };
};

There is very little difference between this example and a standard zone statement, except for the zone name. Note that a reverse name resolution zone requires the first three blocks of the IP address reversed followed by .in-addr.arpa. This allows the single block of IP numbers used in the reverse name resolution zone file to be associated with the zone.