Create a DNS zone file

by FreeBSD.org

An example master zone file for example.org (existing within /etc/namedb/master/example.org) is as follows:

$TTL 3600        ; 1 hour default TTL
example.org.    IN      SOA      ns1.example.org. admin.example.org. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
                                300             ; Negative Response TTL
                        )

; DNS Servers
                IN      NS      ns1.example.org.
                IN      NS      ns2.example.org.

; MX Records
                IN      MX 10   mx.example.org.
                IN      MX 20   mail.example.org.

                IN      A       192.168.1.1

; Machine Names
localhost       IN      A       127.0.0.1
ns1             IN      A       192.168.1.2
ns2             IN      A       192.168.1.3
mx              IN      A       192.168.1.4
mail            IN      A       192.168.1.5

; Aliases
www             IN      CNAME   example.org.

Note that every hostname ending in a “.” is an exact hostname, whereas everything without a trailing “.” is relative to the origin. For example, ns1 is translated into ns1.example.org.

The format of a zone file follows:

recordname      IN recordtype   value

The most commonly used DNS records:

SOA
start of zone authority
NS
an authoritative name server
A
a host address
CNAME
the canonical name for an alias
MX
mail exchanger
PTR
a domain name pointer (used in reverse DNS)
example.org. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh after 3 hours
                        3600            ; Retry after 1 hour
                        604800          ; Expire after 1 week
                        300 )           ; Negative Response TTL
example.org.
the domain name, also the origin for this zone file.
ns1.example.org.
the primary/authoritative name server for this zone.
admin.example.org.
the responsible person for this zone, email address with “@” replaced. (<admin@example.org> becomes admin.example.org)
2006051501
the serial number of the file. This must be incremented each time the zone file is modified. Nowadays, many admins prefer a yyyymmddrr format for the serial number. 2006051501 would mean last modified 05/15/2006, the latter 01 being the first time the zone file has been modified this day. The serial number is important as it alerts slave name servers for a zone when it is updated.
       IN NS           ns1.example.org.

This is an NS entry. Every name server that is going to reply authoritatively for the zone must have one of these entries.

localhost       IN      A       127.0.0.1
ns1             IN      A       192.168.1.2
ns2             IN      A       192.168.1.3
mx              IN      A       192.168.1.4
mail            IN      A       192.168.1.5

The A record indicates machine names. As seen above, ns1.example.org would resolve to 192.168.1.2.

                IN      A       192.168.1.1

This line assigns IP address 192.168.1.1 to the current origin, in this case example.org.

www             IN CNAME        @

The canonical name record is usually used for giving aliases to a machine. In the example, www is aliased to the “master” machine whose name happens to be the same as the domain name example.org (192.168.1.1). CNAMEs can never be used together with another kind of record for the same hostname.

               IN MX   10      mail.example.org.

The MX record indicates which mail servers are responsible for handling incoming mail for the zone. mail.example.org is the hostname of a mail server, and 10 is the priority of that mail server.

One can have several mail servers, with priorities of 10, 20 and so on. A mail server attempting to deliver to example.org would first try the highest priority MX (the record with the lowest priority number), then the second highest, etc, until the mail can be properly delivered.

For in-addr.arpa zone files (reverse DNS), the same format is used, except with PTR entries instead of A or CNAME.

$TTL 3600

1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh
                        3600            ; Retry
                        604800          ; Expire
                        300 )           ; Negative Response TTL

        IN      NS      ns1.example.org.
        IN      NS      ns2.example.org.

1       IN      PTR     example.org.
2       IN      PTR     ns1.example.org.
3       IN      PTR     ns2.example.org.
4       IN      PTR     mx.example.org.
5       IN      PTR     mail.example.org.

This file gives the proper IP address to hostname mappings for the above fictitious domain.

It is worth noting that all names on the right side of a PTR record need to be fully qualified (i.e., end in a “.”).

 

4 Replies to “Create a DNS zone file”

  1. Hello Andres,

    Thanks for this clear explanations.

    My question concerns an server with one unique IP address and multi-domain configuration.

    Concerning the reverse DNS zone file, taking your example, should all reverse DNS zone files

    contain the same fellowing line?:

    1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (

  2. I have found the solution I have searched for….

    Create only one single reverse file for the multi-domain server which has only one IP address and put in it all the PTR informations for all the domains as following:

    Nothing is better than en example.

    Lets say the server ip address is 111.01.001.02 and we have following domains

    example2.com
    example3.com
    example4.com

    Lets say the the reverse server name is ns2.exemple2.com

    and here the db.reverse file content:

    $TTL 3600 ;one hour while testing
    02.001.01.111.in-addr.arpa. IN SOA ns2.exemple2.com. yourmailid.gmail.com. (
    2014021201; Numero de serie
    1H; Temps d’actualisation (une heure)
    1H; Delai nouvel essai
    7D; Delai d’expiration
    3H; TTL cache negatif
    )

    IN NS ns2.exemple2.com.
    IN NS ns1.someservername.com.

    IN PTR mail.example2.com.
    IN PTR http://www.example2.com.
    IN PTR example2.com.

    IN PTR mail.example3.com.
    IN PTR http://www.example3.com.
    IN PTR example3.com.

    IN PTR mail.example4.com.
    IN PTR http://www.example4.com.
    IN PTR example4.com.

    As you can see all domains an sub-domains for the reverse configuration are unified in à single file.

    In the named.conf.local file could be this kind of information, only once, still for the reverse configuration…

    zone “02.001.01.111.in-addr.arpa” {
    type master;
    file “/etc/bind/db.reverse”;
    };

    or if you use dynamic secondary dns configuration it could look like this

    acl trusted-servers {
    22.100.48.162;
    };

    key “TRANSFER” {
    algorithm hmac-md5 ;
    secret “pppAgGJef5+VpfrCGMqvousfhvNGTH+AowGi1IqgVT=”;
    } ;

    server 22.100.48.162 {
    keys { TRANSFER; };
    };

    zone “02.001.01.111.in-addr.arpa” {
    type master;
    file “/etc/bind/db.reverse”;
    notify yes;
    allow-transfer { key TRANSFER; } ;
    };

    after this you should register all the stuff and restart de dns server

    /etc/init.d/bind9 restart

    check the configuration with following command:

    named-checkconf -z

    and then check the reverse configuration with following command

    host 88.190.21.204

    it should display

    02.001.01.111.in-addr.arpa domain name pointer http://www.example2.com.
    02.001.01.111.in-addr.arpa domain name pointer http://www.example3.com.
    02.001.01.111.in-addr.arpa domain name pointer http://www.example4.com.
    02.001.01.111.in-addr.arpa domain name pointer mail.example2.com.
    02.001.01.111.in-addr.arpa domain name pointer mail.example3.com.
    02.001.01.111.in-addr.arpa domain name pointer mail.example4.com.
    02.001.01.111.in-addr.arpa domain name pointer example2.com.
    02.001.01.111.in-addr.arpa domain name pointer example3.com.
    02.001.01.111.in-addr.arpa domain name pointer example4.com.

  3. remark to my last post:

    this wordpress site is adding ”http://” before an web address ( red text) … pleace delete the ”http://” part in your configuration. 😉

Leave a Reply