What is a DNS Zone and DNS Zone file? Ultimate Guide

FTC disclaimer: This post contains affiliate links and I will be compensated if you make a purchase after clicking on my link.

Every domain name in the world is part of the DNS system.

There are several DNS settings, also called DNS records, to access these domain names.

Now, to keep these DNS records in order, a DNS zone has been created.

So, let us understand what a DNS zone is and how it is created.

What is the DNS zone?

A DNS zone is a distinct and contiguous administrative portion of the DNS namespace.

It means that the portion of the DNS namespace management and administrative responsibility has been delegated to a legal entity (manager, organization, company, or individual).

Moreover, the DNS zone can also be defined as the administrative function with granular control over DNS components, such as authoritative name servers.

To know these DNS zones better, it is good to know certain terms like DNS namespace, DNS lookup, DNS lookup, DNS Records, and how DNS works.

You can follow the tutorial on how DNS works and DNS Records and the type of DNS records for complete guidance.

Briefly, let’s understand some of the terms below.

What is DNS Namespace?

The DNS Namespace is an inverted hierarchical tree-like structure that organizes an entire collection of DNS administrative domain names.

DNS namespace DigitalMediaGlobe

Moreover, the DNS namespace is part of the DNS system that organizes descending branches, which is very similar to the tree’s root.

Each branch is called a domain, and sub-branches are called a subdomain. Also, the term domain and subdomain are relative to each other.

It means that a domain can be the sub-domain to the domain above it in the hierarchy, and it can be the parent domain to the subdomain below it.

In other words, we can define the DNS namespace as the total of all DNS zone, which is organized and administered in a hierarchical inverted tree-like structure and forms the DNS namespace.

What is the DNS lookup?

DNS lookup is when it sends a DNS query to find a specific domain name’s IP address.

DNS queries occur every time you access websites, send emails, or files using an application like browsers, Outlook ( Email client).

When any browser or network device tries to find the hostname’s IP address, it performs a DNS lookup.

In other words, the DNS lookup is essentially checking the DNS zone, which is managed by different DNS servers for that hostname.

Also, these different administrative DNS zone contains DNS records of that particular domain name.

In another way, the DNS lookup is also finding all DNS records of a given domain name. The records include mostly A, AAAA, CNAME, MX, NS, PTR, SRV, SOA, TXT, and CAA records.

Understanding DNS Zone (Analogy)

To explain the DNS zone better, let us understand the DNS zone with a football league analogy.

Let’s suppose an FZ person or organization manages the football league.

The FZ organization has three teams: Team TA, TB, and TC.

And, each football team has 20 players in the squad.

So, to contact each player in a team, you have to adopt a methodology.

We have created a player lists for each team. But to manage the player list, we need to have a manager for each team.

Let suppose MA manages team TA, MB manages team TB, and MC manages team TC.

Now, the football league organizer FZ wants the phone number of a player in team TA. Let suppose the player’s name is TA1.

The search process started with finding the manager’s name and phone number of each team.

The organizer FZ will need a list of the manager’s names and phone numbers for each team.

If anybody wants the phone number of player TA1 of team A, they will contact the organizer FZ, and FZ will return the phone number of the manager (MA) of Team A.

Afterward, they will contact the manager, MA, of Team A. Next, manager MA will return the phone number of player TA1 of Team A.

Compilation of the DNS Analogy

Now, the whole lookup process can be summarized by replacing its IP address and Domain names.

  • Player TA1 = A web server
  • Phone number = the IP address
  • Team A = A Domain name
  • FZ (Organizer), MA (Manager of Team A), MB ((Manager of Team B), MC (Manager of Team C) = Nameservers
  • Manager List (Team A, B, C) = DNS Zone
  • Player Lists (Team A, Team B, Team C) = DNS Zone files

Now, when we combine all DNS zones, it will be termed as Namespace (Manager List).

But, organizer FZ has the manager’s name of all the team and is equal to NS Records (Name Server records).

Classification of DNS zone

The DNS zone is classified under two heads:

  • Primary DNS zone
  • Secondary DNS zone

Authoritative nameservers

Primary DNS Zone

As we have discussed, the DNS zone is the portion of the DNS Namespace.

The primary DNS zone of the DNS Namespace is the original Read-Write Authoritative DNS zone.

When the DNS server hosts a primary DNS zone, it is called an Authoritative DNS server or primary DNS server.

Authoritative DNS server contains original DNS records that can be fetched at the time of the DNS lookup.

All types of DNS zone updates are possible only in the Primary DNS zone.

Secondary DNS zone

A Secondary DNS zone acts as a backup to the primary DNS zone, and it contains read-only records of the primary zone.

It also reduces the load on the primary DNS zone and acts as a backup in primary DNS zone failure.

DNS zone levels (DNS zone in DNS namespace)

As we know that the DNS Namespace is one of the components of the Domain Name System (DNS).

The DNS Namespace mainly consists of Top Level Domain (.com, .net, etc.), Second Level Domain (such as digitalmediaglobe.com), and lower-level domain, which is also called as sub-domain (such as support.digitalmediaglobe.com).

At each level of the DNS Namespace, at least one DNS zone holds the domain’s DNS records.

Moreover, at each hierarchical level of the DNS system, there is a Nameserver that contains a DNS zone file that holds the DNS records of that zone.

And, the authoritative DNS zone (Primary DNS zone) will have an authoritative DNS server (Primary DNS server) that will contain original DNS records.

Let’s look into different levels of the DNS Namespace and how the DNS zone is managed.

dns namespace levels different DNS zone

DNS Root zone

The Root in the DNS namespace is represented by a dot (.), and it is the start point of the Domain Namespace.

The Internet Corporation supervises the DNS Root zone for Assigned Names and Numbers (ICANN).

ICANN further delegates management to its subsidiary Internet Assigned Numbers Authority (IANA).

The DNS Root zone is operated and managed by logical DNS servers.

These DNS servers are responsible for handling any recursive DNS query and providing the requested details of the next level of the DNS namespace – the Top Level Domain (TLD) server.

The DNS Root zone is managed and run by organizations like Verisign, NASA, and the U.S. Army Research Labs.

TLD zones

In a TLD namespace, there can be multiple TLD zones. As we know, the Top Level Domain (TLD) can be .com, .net, .gov, or it can have country codes domain such as .uk, .us.

There are currently more than 1500 TLD domains, and each TLD has a separate DNS zone known as the TLD zone.

Moreover, the Top Level Domain and zones are managed by ICANN/IANA.

Domain Zones

The second-level domain in the domain namespace is the one that was managed and operated by an individual or organization.

The second-level domain can be like google.com, yahoo.com, digitalmediaglobe.com, and likewise.

The organization can also run their own DNS nameserver or delegate the management and operation to the external provider.

A single domain can also have multiple sub-domain, which mainly belong to the same zone.

If we would like to separate a sub-domain to a different zone, it can be done easily.

Like, shop.digitalmediaglobe.com can be separated as a single independent website requiring separate DNS management and its own DNS zone.

What is the DNS Zone file?

A DNS zone file consists of a plain text file containing all the DNS records of the zone and every domain within the zone.

The DNS zone files are stored in the DNS server. It is defined in RFC 1035 and RFC 1034.

Moreover, the DNS file contains the domain names, IP address, and other details organized in the form of resource records (RR)

There are two types of DNS zone files:

  • Authoritative zone file or Primary zone file
  • A DNS cache file, which is just a copy of the authoritative zone file.

In a DNS zone file, one record represents per line. Further, each DNS zone file must start with TTL (Time to Live), specifying how long the DNS records should be kept in the DNS server cache.

The DNS zone file consists of the below fields:

  • Name – It acts as an identifier of the DNS record, which is expressed in alphanumeric format. It can either be left blank or can be inherited from the previous record.
  • TTL (Time to Live) – It specifies how long the DNS record should be kept in a DNS local cache. If it is not specified, it will take the global TTL value at the top of the DNS zone file.
  • Record class – It indicates the namespace – typically denoted as IN, which means the Internet Namespace.
  • DNS Record type includes DNS record types, mainly: A record or AAAA record, CNAME record, etc.
  • DNS Record data – It includes the value of the Record depends on record types. The value is separated by white space.

DNS file structure

The DNS file structure must follow some of the rules.

When you add a record for a hostname, the hostname must end with a trailing period (.). For instance, example.com.(hostname or main domain name)

If the hostname does not contain a trailing period (.), it is relative to the main domain name. For instance, specifying “FTP” or “WWW” records does not need a period (.) at the end.

The comment in the DNS zone file will start with a semicolon (;).

And, the multiple line comment is represented by a bracket (“(“), and when the multiple line comment end, then it is closed with a bracket (“)”).

Moreover, any new line in a multiple line comment starts with a semicolon (;).

The DNS zone files start with mandatory records:

Global Time to Live (TTL)

The TTL decides how long to hold the current records before it gets refreshed. The DNS records are held in the DNS server’s cache.

Start of Authority (SOA) record

Every DNS zone file also includes the mandatory record known as SOA (Start of Authority) record.

Further, the SOA record specifies the detail of the primary authoritative name server for the DNS zone.

Other than the above two mandatory records, the DNS zone file can also have the below records.

NS record (Nameserver record)

It specifies the authoritative nameserver of all the domains in the DNS zone.

The nameserver contains details of the records corresponding to the domain name.

A record (IPv4)

It points to an IP address (IPv4) corresponding to the domain name or hostname.

AAAA record (IPv6)

It points to an IP address (IPv6) corresponding to a domain name or hostname.

CNAME record (Canonical Name records)

The CNAME record maps an alias name (secondary domain name or subdomain name) to a main or canonical domain name.

For instance, support@digitalmediaglobe is pointing to the digitalmediaglobe.com.

MX records (Mail exchange record)

It points to an SMTP email server of the domain name.

DNS Zone file record contents

The DNS zone file record consists of two parts: directive and resource records (RR).

The directive part starts with a “$” sign. There are three directives in the zone file.

  • $TTL – This is DNS zone Time to Live value.
  • $ORIGIN – Defines a base name from which ‘unqualified’ names (those without a trailing dot(.)) substitutions are made when processing the zone file.
  • $INCLUDE – Include another zone file to this zone file.

The $TTL directive must appear before the SOA record and at the top of the zone file.

The example of the DNS file zone

$ORIGIN example1.com. ; designates the start of present zone file in the namespace
$TTL 1h ; The default Global TTL expiration time of a resource record
example1.com. IN SOA ns.example1.com. root.example1.com. (
2020120710 ; serial number of the present zone file
1d ; slave refresh time (1 day)
1d ; slave retry time in case of any problem (1 day)
4w ; slave expiration time (4 weeks)
1h ; minimum caching time in case of failed DNS lookups (1 hour)
example1.com. NS ns1.nameserver1.com. ; ns.example1.com is the nameserver for example1.com
example1.com. NS ns2.nameserver1.com. ; ns.example2.com is a backup nameserver for example1.com
example1.com. MX 10 mx1.nameserver1.com
example1.com. MX 10 mx2.nameserver1.com ; mail.example1.com is the mailserver for example1.com
example1.com. A ; ip address for "example1.com"
www A

What is a Reverse Lookup zone?

The reverse lookup zone works opposite to the DNS lookup zone. In this case, the lookup process starts to find the given IP address’s domain name or hostname.

Furthermore, the reverse lookup process takes place for spam filtering, bot detection, and troubleshooting. It just verifies the authenticity of the IP address.