Previous Section
 < Day Day Up > 
Next Section


Zone Files

A DNS server uses several zone files covering different components of the DNS. Each zone uses two zone files: the principal zone file and a reverse mapping zone file. The zone file contains the resource records for hosts in the zone. A reverse mapping file contains records that provide reverse mapping of your domain name entries, enabling you to map from IP addresses to domain names. The name of the file used for the zone file can be any name. The name of the file is specified in the zone statement's file entry in the named.conf file. If your server supports several zones, you may want to use a name that denotes the specific zone. Most systems use the domain name as the name of the zone file. For example, the zone mytrek.com would have a zone file also called mytrek.com. These could be placed in a subdirectory called zones or master. The zone file used in the following example is called mytrek.com. The reverse mapping file can also be any name, though it is usually the reverse IP address domain specified in its corresponding zone file. For example, in the case of mytrek.com zone file, the reverse mapping file might be called 192.168.0, the IP address of the mytrek.com domain defined in the mytrek.com zone file. This file would contain reverse mapping of all the host addresses in the domain, allowing their hostname addresses to be mapped to their corresponding IP addresses. In addition, BIND sets up a cache file and a reverse mapping file for the localhost. The cache file holds the resource records for the root name servers to which your name server connects. The cache file can be any name, although it is usually called named.ca. The localhost reverse mapping file holds reverse IP resource records for the local loopback interface, localhost. Although localhost can be any name, it usually has the name named.local.

Zone Files for Internet Zones

A zone file holds resource records that follow a certain format. The file begins with general directives to define default domains or to include other resource record files. These are followed by a single SOA record, name server and domain resource records, and then resource records for the different hosts. Comments begin with a semicolon and can be placed throughout the file. The @ symbol operates like a special macro, representing the domain name of the zone to which the records apply. The @ symbol is used in the first field of a resource or SOA record as the zone's domain name. Multiple names can be specified using the * matching character. The first field in a resource record is the name of the domain to which it applies. If the name is left blank, the previous explicit name entry in another resource record is automatically used. This way, you can list several entries that apply to the same host without having to repeat the hostname. Any host or domain name used throughout this file that is not terminated with a period has the zone's domain appended to it. For example, if the zone's domain is mytrek.com and a resource record has only the name rabbit with no trailing period, the zone's domain is automatically appended to it, giving you rabbit.mytrek.com. Be sure to include the trailing period whenever you enter the complete fully qualified domain name as in turtle.mytrek.com..

Directives

You can also use several directives to set global attributes. $ORIGIN sets a default domain name to append to address names that do not end in a period. $INCLUDE includes a file. $GENERATE can generate records whose domain or IP addresses differ only by an iterated number. The $ORIGIN directive is often used to specify the root domain to use in address records. Be sure to include the trailing period. The following example sets the domain origin to mytrek.com and will be automatically appended to the lizard host name that follows.

$ORIGIN   mytrek.com.
lizard   IN   A    192.168.0.2

SOA Record

A zone file begins with an SOA record specifying the machine the name server is running on, among other specifications. The @ symbol is used for the name of the SOA record, denoting the zone's domain name. After the SOA, the name server resource records (NS) are listed. Just below the name server records are resource records for the domain itself. Resource records for host addresses (A), aliases (CNAME), and mail exchangers (MX) follow. The next example shows a sample zone file, which begins with an SOA record and is followed by an NS record, resource records for the domain, and then resource records for individual hosts:

; Authoritative data for turle.mytrek.com
;
@ IN SOA turtle.mytrek.com. hostmaster.turtle.mytrek.com.(
                             93071200 ; Serial number
                                10800 ; Refresh 3 hours
                                 3600 ; Retry 1 hour
                              3600000 ; Expire 1000 hours
                              86400 ) ; Minimum 24 hours
   
             IN      NS        turtle.mytrek.com.
             IN      A         192.168.0.1
             IN      MX   10   turtle.mytrek.com.
             IN      MX   15   rabbit.mytrek.com.
   
turtle       IN      A         192.168.0.1
             IN      HINFO     PC-686 LINUX
gopher       IN      CNAME     turtle.mytrek.com.
ftp          IN      CNAME     turtle.mytrek.com.
www          IN      A         192.168.0.1
   
rabbit       IN      A         192.168.0.2
   
lizard       IN      A         192.168.0.3
             IN      HINFO     MAC MACOS
localhost    IN      A         127.0.0.1

The first two lines are comments about the server for which this zone file is used. Notice that the first two lines begin with a semicolon. The class for each of the resource records in this file is IN, indicating these are Internet records. The SOA record begins with an @ symbol that stands for the zone's domain. In this example, it is mytrek.com. Any host or domain name used throughout this file that is not terminated with a period has this domain appended to it. For example, in the following resource record, turtle has no period, so it automatically expands to turtle.mytrek.com. The same happens for rabbit and lizard. These are read as rabbit.mytrek.com and lizard.mytrek.com. Also, in the SOA, notice that the e-mail address for hostmaster uses a period instead of an @ symbol; @ is a special symbol in zone files and cannot be used for any other purpose.

Nameserver Record

The next resource record specifies the name server for this zone. Here, it is mytrek.com. Notice the name for this resource record is blank. If the name is blank, a resource record inherits the name from the previous record. In this case, the NS record inherits the value of @ in the SOA record, its previous record. This is the zone's domain, and the NS record specifies turtle.mytrek.com as the name server for this zone.

             IN   NS    turtle.mytrek.com.

Here the domain name is inherited. The entry can be read as the following. Notice the trailing period at the end of the domain name:

mytrek.com. IN   NS    turtle.mytrek.com.

Address Record

The following address records set up an address for the domain itself. This is often the same as the name server, in this case 192.168.0.1 (the IP address of turtle.mytrek.com). This enables users to reference the domain itself, rather than a particular host in it. A mail exchanger record follows that routes mail for the domain to the name server. Users can send mail to the mytrek.com domain and it will be routed to turtle.mytrek.com.

               IN    A     192.168.0.1

Here the domain name is inherited. The entry can be read as the following:

mytrek.com. IN   A     192.168.0.1

Mail Exchanger Record

The next records are mail exchanger (MX) records listing turtle.mytrek.com and fast.mytrek.com as holding the mail servers for this zone. You can have more than one mail exchanger record for a host. More than one host may exist through which mail can be routed. These can be listed in mail exchanger records for which you can set priority rankings (a smaller number ranks higher). In this example, if turtle.mytrek.com cannot be reached, its mail is routed through rabbit.mytrek.com, which has been set up also to handle mail for the mytrek.com domain:

          IN     MX    100    turtle.mytrek.com.
          IN     MX    150    rabbit.mytrek.com.

Again the domain name is inherited. The entries can be read as the following:

mytrek.com.   IN      MX  100   turtle.mytrek.com.
mytrek.com.   IN      MX  150   rabbit.mytrek.com.

Address Record with Host Name

The following resource record is an address record (A) that associates an IP address with the fully qualified domain name turtle.mytrek.com. The resource record name holds only turtle with no trailing period, so it is automatically expanded to turtle.mytrek.com. This record provides the IP address to which turtle.mytrek.com can be mapped.

turtle   IN    A     192.168.0.1

Inherited Names

Several resource records immediately follow that have blank names. These inherit their names from the preceding full record—in this case, turtle.mytrek.com. In effect, these records also apply to that host. Using blank names is an easy way to list additional resource records for the same host (notice that an apparent indent occurs). The first record is an information record, providing the hardware and operating system for the machine.

         IN    HINFO    PC-686 LINUX

Alias Records

If you are using the same machine to run several different servers, such as Web, FTP, and Gopher servers, you may want to assign aliases to these servers to make accessing them easier for users. Instead of using the actual domain name, such as turtle.mytrek.com, to access the Web server running on it, users may find using the following is easier: for the Web server, www.mytrek.com; for the Gopher server, gopher.mytrek.com; and for the FTP server, ftp.mytrek.com. In the DNS, you can implement such a feature using alias records. In the example zone file, two CNAME alias records exist for the turtle.mytrek.com machine: FTP and Gopher. The next record implements an alias for www using another address record for the same machine. None of the name entries ends in a period, so they are appended automatically with the domain name mytrek.com. www.mytrek.com, ftp.mytrek.com, and gopher.mytrek.com are all aliases for turtle.mytrek.com. Users entering those URLs automatically access the respective servers on the turtle.mytrek.com machine.

Loopback Record

Address and mail exchanger records are then listed for the two other machines in this zone: rabbit.mytrek.com and lizard.mytrek.com. You could add HINFO, TXT, MINFO, or alias records for these entries. The file ends with an entry for localhost, the special loopback interface that allows your system to address itself.

IPv6 Zone File

This is the same file using IPv6 addresses. The addresses are site-local (FEC0), instead of global (3), providing private network addressing. The loopback device is represented by the IPv6 address ::1. The A6 IPv6 address records are used.

; Authoritative data for turle.mytrek.com, IPv6 version
;
@ IN SOA turtle.mytrek.com. hostmaster.turtle.mytrek.com.(
                             93071200 ; Serial number
                                10800 ; Refresh 3 hours
                                 3600 ; Retry 1 hour
                              3600000 ; Expire 1000 hours
                              86400 ) ; Minimum 24 hours
   
             IN      NS        turtle.mytrek.com.
             IN      A6        FEC0::8:800:200C:417A
             IN      MX   10   turtle.mytrek.com.
             IN      MX   15   rabbit.mytrek.com.
   
turtle       IN      A6        FEC0::8:800:200C:417A
             IN      HINFO     PC-686 LINUX
gopher       IN      CNAME     turtle.mytrek.com.
ftp          IN      CNAME     turtle.mytrek.com.
www          IN      A6        FEC0::8:800:200C:417A
   
rabbit       IN      A6        FEC0::FEDC:BA98:7654:3210
   
lizard       IN      A6        FEC0::E0:18F7:3466:7D
             IN      HINFO     MAC MACOS
localhost    IN      A6        ::1

Reverse Mapping File

Reverse name lookups are enabled using a reverse mapping file. Reverse mapping files map fully qualified domain names to IP addresses. This reverse lookup capability is unnecessary, but it is convenient to have. With reverse mapping, when users access remote hosts, their domain name addresses can be used to identify their own host, instead of only the IP address. The name of the file can be anything you want. On most current distributions, it is the zone's domain address (the network part of a zone's IP address). For example, the reverse mapping file for a zone with the IP address of 192.168.0.1 is 192.168.0. Its full pathname would be something like /var/named/192.168.0. On some systems using older implementations of BIND, the reverse mapping filename may consist of the root name of the zone file with the extension .rev. For example, if the zone file is called mytrek.com, the reverse mapping file would be called something like mytrek.rev.

IPv4 IN-ADDR.ARPA Reverse Mapping Format

In IPv4, the zone entry for a reverse mapping in the named.conf file uses a special domain name consisting of the IP address in reverse, with an IN-ADDR.ARPA extension. This reverse IP address becomes the zone domain referenced by the @ symbol in the reverse mapping file. For example, the reverse mapping zone name for a domain with the IP address of 192.168.43 would be 43.168.192.IN-ADDR.ARPA. In the following example, the reverse domain name for the domain address 192.168.0 is 1.168.192.IN-ADDR.ARPA:

zone "1.168.192.IN-ADDR.ARPA" in {
          type master;
          file "192.168.0";
          };

A reverse mapping file begins with an SOA record, which is the same as that used in a forward mapping file. Resource records for each machine defined in the forward mapping file then follow. These resource records are PTR records that point to hosts in the zone. These must be actual hosts, not aliases defined with CNAME records. Records for reverse mapping begin with a reversed IP address. Each segment in the IP address is sequentially reversed. Each segment begins with the host ID, followed by reversed network numbers. If you list only the host ID with no trailing period, the zone domain is automatically attached. In the case of a reverse mapping file, the zone domain as specified in the zone statement is the domain IP address backward. The 1 expands to 1.1.168.192. In the following example, turtle and lizard inherit the domain IP address, whereas rabbit has its address explicitly entered:

; reverse mapping of domain names 1.168.192.IN-ADDR.ARPA
;
@ IN SOA turtle.mytrek.com. hostmaster.turtle.mytrek.com.(
                        92050300 ; Serial (yymmddxx format)
                           10800 ; Refresh 3hHours
                            3600 ; Retry 1 hour
                         3600000 ; Expire 1000 hours
                         86400 ) ; Minimum 24 hours
   
@            IN    NS       turtle.mytrek.com.
1            IN    PTR      turtle.mytrek.com.
2.1.168.192  IN    PTR      rabbit.mytrek.com.
3            IN    PTR      lizard.mytrek.com.

IPv6 IP6.ARPA Reverse Mapping Format

In IPv6, reverse mapping can be handled either with the current IP6.ARPA domain format or with the older IP6.INT format. With IP6.ARPA, the address is represented by a bit level representation that places the hexadecimal address within brackets. The first bracket is preceded by a backslash. The address must be preceded by an x indicating that it is a hexadecimal address. Following the address is a number indicating the number of bits referenced. In a 128-bit address, usually the first 64 bits reference the network address and the last 64 bits are for the interface address. The following example shows the network and interface addresses for lizard.

FEC0:0000:0000:0000:00E0:18F7:3466:007D   lizard IPv6 address
\[xFEC0000000000000/64]                   lizard network address
\[x00E018F73466007D/64]                lizard interface address
   

The zone entry for a reverse mapping in the named.conf file with an IP6.ARPA extension would use the bit-level representation for the network address.

zone "\[xfec0000000000000/64].IP6.ARPA" in {
          type master;
          file "fec.ip6.arpa";
          };

A reverse mapping file then uses the same bit level format for the interface addresses.

@ IN SOA turtle.mytrek.com. hostmaster.turtle.mytrek.com.(
                        92050300 ; Serial (yymmddxx format)
                           10800 ; Refresh 3hHours
                            3600 ; Retry 1 hour
                         3600000 ; Expire 1000 hours
                         86400 ) ; Minimum 24 hours
   
@ IN NS turtle.mytrek.com.
\[x00080800200C417A/64]    IN    PTR      turtle.mytrek.com.
\[xFEDCBA9876543210/64]    IN    PTR      rabbit.mytrek.com.
\[x00E018F73466007D/64]    IN    PTR      lizard.mytrek.com.

IPv6 IP6.INT Reverse Mapping Format

The older IP6.INT format uses a nibble format for the IPv6 address. The hexadecimal address is segmented into each hex number, separated by a period and written in reverse. This gives you 32 hex numbers in reverse order. The IP6.INT version for the lizard address is shown here.

FEC0:0000:0000:0000:00E0:18F7:3466:007D   lizard IPv6 address
0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f           lizard network address
D.7.0.0.6.6.4.3.7.F.8.1.0.E.0.0           lizard interface address

The zone entry for a reverse mapping in the named.conf file with an IP6.INT extension would use the reverse nibble format for the network address.

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.IP6.INT" in {
          type master;
          file "fec.ip6.int";
          };

The reverse zone file then uses the reverse nibble format for each interface address.

@ IN SOA turtle.mytrek.com. hostmaster.turtle.mytrek.com.(
                        92050300 ; Serial (yymmddxx format)
                           10800 ; Refresh 3hHours
                            3600 ; Retry 1 hour
                         3600000 ; Expire 1000 hours
                         86400 ) ; Minimum 24 hours
$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f IN NS turtle.mytrek.com.
A.7.1.4.C.0.0.2.0.0.8.0.8.0.0.0   IN    PTR      turtle.mytrek.com.
0.1.2.3.4.5.6.7.8.9.A.B.C.D.E.F   IN    PTR      rabbit.mytrek.com.
D.7.0.0.6.6.4.3.7.F.8.1.0.E.0.0   IN    PTR      lizard.mytrek.com.

Localhost Reverse Mapping

A localhost reverse mapping file implements reverse mapping for the local loopback interface known as localhost, whose network address is 127.0.0.1. This file can be any name. On most systems, localhost is given the name named.local. On other systems, localhost may use the network part of the IP address, 127.0.0. This file allows mapping the domain name localhost to the localhost IP address, which is always 127.0.0.1 on every machine. The address 127.0.0.1 is a special address that functions as the local address for your machine. It allows a machine to address itself. In the zone statement for this file, the name of the zone is 0.0.127.IN-ADDR.ARPA. The domain part of the IP address is entered in reverse order, with IN-ADDR.ARPA appended to it, 0.0.127.IN-ADDR.ARPA. The named.conf entry is shown here:

zone "0.0.127.IN-ADDR.ARPA" {
           type master;
           file "named.local";
           };

The name of the file used for the localhost reverse mapping file is usually named.local, though it can be any name. The NS record specifies the name server the localhost should use. This file has a PTR record that maps the IP address to the localhost. The 1 used as the name expands to append the zone domain—in this case, giving you 1.0.0.127, a reverse IP address. The contents of the named.local file are shown here. Notice the trailing periods for localhost:

@ IN SOA localhost. root.localhost. (
                        1997022700 ; Serial
                             28800 ; Refresh
                             14400 ; Retry
                           3600000 ; Expire
                           86400 ) ; Minimum
   
         IN      NS    turtle.mytrek.com.
1        IN      PTR   localhost.

In IPv6, local host reverse mapping is specified using the reverse of the IPv6 localhost address. This address consists of 31 zeros and a 1, which can be written in shorthand as ::1, where :: represents the sequence of 31 zeros. With IPv6 IP6.ARPA format, these can be written in a bit level format, where the first 64 bits consist of a network address of all zeros, and the interface address has the value 1.

0000:0000:0000:0000:0000:0000:0000:0001   locahost IPv6 address
\[x00000000000000000000000000000001/128]  localhost address
  

In the named.conf file, the IP6.ARPA localhost entry would look like this.

zone "\[x00000000000000000000000000000001/64].IP6.ARPA" in {
          type master;
          file "192.168.0";
          };

In the localhost reverse mapping file, the localhost entry would appear like this.

\[x0000000000000001/64]     IN      PTR   localhost.

For the older IP6.INT format, the localhost entry would use the same network address of zeros, but the localhost reverse mapping file would use a nibble format for the address, as shown here.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0  IN      PTR   localhost.


Previous Section
 < Day Day Up > 
Next Section
This HTML Help has been published using the chm2web software.