DNS zone
Encyclopedia
A DNS zone is a portion of the global Domain Name System
(DNS) namespace for which administrative responsibility has been delegated.
fashion into cascading lower-level domains that are ordered as a reverse-prioritized concatenation of names, each level separated by a full stop
and descending in priority written from right to left, e.g., sub-b.sub-a.example.com.
Administratively, each level or node in the hierarchy represents a potential boundary of authority for management of the name space. The authority over every level in every branch of the name space tree is delegated to a legal entity or organization, such as a top-level country's domain registry, or a company or individual registered to use a given sub-domain in the system. These administrative spaces or portions of the domain name system are termed "DNS zones". DNS zones may consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager. Each manager may further delegate authority over a sub-space of its delegation to other parties.
The most tangible expression of a DNS zone are the database elements that are used to technically administer a zone in a DNS management software
system. Traditionally, each zone was stored in a separate database file, the zone file
, containing specification for host addressing, name aliasing, electronic mail routing, backup server systems, geographic location, administrative contacts, and many other pieces of information (see list of DNS record types), with an extensible
design that has scaled
well with the growth of the Internet.
". The term "domain" is used in the business functions of the entity assigned to it and the term "zone" is usually used for configuration of DNS services.
that only contain resource records for other DNS servers. In this way, they provide DNS redundancy while using less network bandwidth than a complete secondary zone.
In other words, Stub Zones serve as a copy of the referred zone that just contains the records essential to identify the authoritative DNS servers for the referred zone.
The term arose as the opposite of reverse zones, used for the reverse process, namely the process of finding the DNS name associated with an IP address, for example. Such reverse zones are maintained in the Internet Address and Routing Parameter Area (domain arpa
).
Another common use of the term forward zone refers to a specific configuration of DNS name server
s, particularly caching name servers, in which resolution of a domain name is forwarded to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.
top-level domain serves as a delegation zone for various technical infrastructure aspects of DNS and the Internet and does not follow the well-known registration and delegation system of the country and generic domains.
The name arpa is a remnant of the ARPANET
, one of the predecessor stages of today's Internet. Intended as a transition aid to the modern DNS system, deleting the arpa domain was later found to be impractical. It is now officially the acronym for Address and Routing Parameter Area. It contains sub-zones used for reverse resolution of IP addresses to host names (IPv4
: in-addr.arpa, IPv6
: ip6.arpa), telephone number mapping (ENUM
, e164.arpa), and uniform resource identifier resolution (uri.arpa, urn.arpa). Although the administrative structure of this domain and its sub-domains is different, the technical delegation into zones of responsibility is similar and the DNS tools and servers used are identical to any other zone. Sub-zones are delegated by components of the respective resources. For example, 8.8.2.5.5.2.2.0.0.8.1.e164.arpa., which might represent an E.164 telephone number in the ENUM
system, might be sub-delegated at suitable boundaries of the name. Examples of IP addresses in the reverse DNS zone are: 166.188.77.208.in-addr.arpa, resolving to the domain name www.example.com. In the case of IP address
es, the reverse zones are always delegated to the Internet service provider
(ISP) to which the IP address block is assigned. When an ISP allocates a range to a customer, it usually also delegates the management of that space to the customer by insertion of name server resource records (pointing to the customers DNS facilities) into their zone. Notably, however, many ISPs serving individual end-users, such as homes or small businesses with only one IP address do not do so.
It begins with a list of addresses for the most authoritative nameservers it knows about – the root zone nameservers (indicated by the full stop or period), which contains nameserver information for all top-level domains of the Internet.
When querying one of the root nameservers it is possible that the root zone will not directly contain a record for "en.wikipedia.org.", in which case it will provide a referral to the authoritative nameservers for the "org." top level domain (TLD). The resolver is issued a referral to the authoritative nameservers for the "org." zone, which it will contact for more specific information. Again when querying one of the "org." nameservers, the resolver may be issued with another referral to the "wikipedia.org." zone, whereupon it will again query for "en.wikipedia.org.". Since "en.wikipedia.org." is a CNAME to "text.wikimedia.org." (which is in turn a CNAME to "text.esams.wikimedia.org."), and the "wikipedia.org." nameservers also happen to contain authoritative data for the "wikimedia.org." zone, the resolution of this particular query occurs entirely within the queried nameserver, and the resolver will receive the address record it requires with no further referrals.
If the last nameserver queried did not contain authoritative data for the target of the CNAME, it would have issued the resolver with yet another referral, this time to the "text.wikimedia.org." zone. However, since the resolver had previously determined the authoritative nameservers for the "org." zone, it would not need to begin the resolution process from scratch but instead start at the "org." zone, thus avoiding a query to the root nameservers again.
Note that there is no requirement that resolving should involve any referrals at all. Looking up "en.wikipedia.org." on the ICANN
root nameservers will always result in referrals, but if an alternative DNS root
is used which is set up to contain a record for "en.wikipedia.org.", then the record will be returned on the first query.
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) namespace for which administrative responsibility has been delegated.
Definition
The DNS namespace is defined by RFC 1034, "Domain Names - Concepts and Facilities" and RFC 1035, "Domain Names - Implementation and Specification". It is divided in hierarchical tree-likeTree (data structure)
In computer science, a tree is a widely-used data structure that emulates a hierarchical tree structure with a set of linked nodes.Mathematically, it is an ordered directed tree, more specifically an arborescence: an acyclic connected graph where each node has zero or more children nodes and at...
fashion into cascading lower-level domains that are ordered as a reverse-prioritized concatenation of names, each level separated by a full stop
Full stop
A full stop is the punctuation mark commonly placed at the end of sentences. In American English, the term used for this punctuation is period. In the 21st century, it is often also called a dot by young people...
and descending in priority written from right to left, e.g., sub-b.sub-a.example.com.
Administratively, each level or node in the hierarchy represents a potential boundary of authority for management of the name space. The authority over every level in every branch of the name space tree is delegated to a legal entity or organization, such as a top-level country's domain registry, or a company or individual registered to use a given sub-domain in the system. These administrative spaces or portions of the domain name system are termed "DNS zones". DNS zones may consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager. Each manager may further delegate authority over a sub-space of its delegation to other parties.
The most tangible expression of a DNS zone are the database elements that are used to technically administer a zone in a DNS management software
DNS management software
DNS management software is computer software that controls Domain Name System server clusters. Its main purpose is to reduce human error when editing complex and repetitive text-based DNS server configuration files. Such files are often deployed on multiple physical servers.DNS service providers...
system. Traditionally, each zone was stored in a separate database file, the zone file
Zone file
A Domain Name System zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text...
, containing specification for host addressing, name aliasing, electronic mail routing, backup server systems, geographic location, administrative contacts, and many other pieces of information (see list of DNS record types), with an extensible
Extensibility
In software engineering, extensibility is a system design principle where the implementation takes into consideration future growth. It is a systemic measure of the ability to extend a system and the level of effort required to implement the extension...
design that has scaled
Scalability
In electronics scalability is the ability of a system, network, or process, to handle growing amount of work in a graceful manner or its ability to be enlarged to accommodate that growth...
well with the growth of the Internet.
Second-level domains
Many top-level registries open up their name spaces to the public or to entities with mandated geographic or otherwise scoped purpose for registration of second-level domains. Each one of these registrations obligates the registrant to maintain an administrative and technical infrastructure to manage the responsibility for its zone, including sub-delegation to lower-level domains. Each delegation confers essentially unrestricted autonomy over the allocated space. As each zone is further divided into sub-domains, each becoming a DNS zone itself with its own set of administrators and DNS servers, the tree grows with the largest number of leaf nodes at the bottom. At this lowest level, in the end-nodes or leaves of the tree, the term "DNS zone" becomes essentially synonymous, both in terms of use and administration, with the term "domainDomain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
". The term "domain" is used in the business functions of the entity assigned to it and the term "zone" is usually used for configuration of DNS services.
Stub Zones
Stub zones are a special type of zone introduced in Windows Server 2003Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
that only contain resource records for other DNS servers. In this way, they provide DNS redundancy while using less network bandwidth than a complete secondary zone.
In other words, Stub Zones serve as a copy of the referred zone that just contains the records essential to identify the authoritative DNS servers for the referred zone.
Forward DNS zones
The aforementioned DNS zones are all used for the mapping of humanly-practical, name-based domains to mostly numerically identified Internet resources. Such domain name resolution is also referred to as forward resolution and the DNS zones associated with such process are often referred to as forward zones.The term arose as the opposite of reverse zones, used for the reverse process, namely the process of finding the DNS name associated with an IP address, for example. Such reverse zones are maintained in the Internet Address and Routing Parameter Area (domain arpa
.arpa
The domain name arpa is a top-level domain in the Domain Name System of the Internet. It is used exclusively for technical infrastructure purposes...
).
Another common use of the term forward zone refers to a specific configuration of DNS name server
Name server
In computing, a name server is a program or computer server that implements a name-service protocol. It maps a human-recognizable identifier to a system-internal, often numeric, identification or addressing component....
s, particularly caching name servers, in which resolution of a domain name is forwarded to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.
Internet infrastructure DNS zones and reverse zones
The arpa.arpa
The domain name arpa is a top-level domain in the Domain Name System of the Internet. It is used exclusively for technical infrastructure purposes...
top-level domain serves as a delegation zone for various technical infrastructure aspects of DNS and the Internet and does not follow the well-known registration and delegation system of the country and generic domains.
The name arpa is a remnant of the ARPANET
ARPANET
The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...
, one of the predecessor stages of today's Internet. Intended as a transition aid to the modern DNS system, deleting the arpa domain was later found to be impractical. It is now officially the acronym for Address and Routing Parameter Area. It contains sub-zones used for reverse resolution of IP addresses to host names (IPv4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
: in-addr.arpa, IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
: ip6.arpa), telephone number mapping (ENUM
Enum
ENUM or enum may refer to:* E.164 NUmber Mapping, a suite of protocols to unify the telephone system with the Internet* An enumerated type, a data type consisting of a set of named values...
, e164.arpa), and uniform resource identifier resolution (uri.arpa, urn.arpa). Although the administrative structure of this domain and its sub-domains is different, the technical delegation into zones of responsibility is similar and the DNS tools and servers used are identical to any other zone. Sub-zones are delegated by components of the respective resources. For example, 8.8.2.5.5.2.2.0.0.8.1.e164.arpa., which might represent an E.164 telephone number in the ENUM
Enum
ENUM or enum may refer to:* E.164 NUmber Mapping, a suite of protocols to unify the telephone system with the Internet* An enumerated type, a data type consisting of a set of named values...
system, might be sub-delegated at suitable boundaries of the name. Examples of IP addresses in the reverse DNS zone are: 166.188.77.208.in-addr.arpa, resolving to the domain name www.example.com. In the case of IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es, the reverse zones are always delegated to the Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
(ISP) to which the IP address block is assigned. When an ISP allocates a range to a customer, it usually also delegates the management of that space to the customer by insertion of name server resource records (pointing to the customers DNS facilities) into their zone. Notably, however, many ISPs serving individual end-users, such as homes or small businesses with only one IP address do not do so.
Example of zone authority in DNS queries
As an example of the DNS resolving process, consider the role of a recursive DNS resolver attempting to lookup the address "en.wikipedia.org.".It begins with a list of addresses for the most authoritative nameservers it knows about – the root zone nameservers (indicated by the full stop or period), which contains nameserver information for all top-level domains of the Internet.
When querying one of the root nameservers it is possible that the root zone will not directly contain a record for "en.wikipedia.org.", in which case it will provide a referral to the authoritative nameservers for the "org." top level domain (TLD). The resolver is issued a referral to the authoritative nameservers for the "org." zone, which it will contact for more specific information. Again when querying one of the "org." nameservers, the resolver may be issued with another referral to the "wikipedia.org." zone, whereupon it will again query for "en.wikipedia.org.". Since "en.wikipedia.org." is a CNAME to "text.wikimedia.org." (which is in turn a CNAME to "text.esams.wikimedia.org."), and the "wikipedia.org." nameservers also happen to contain authoritative data for the "wikimedia.org." zone, the resolution of this particular query occurs entirely within the queried nameserver, and the resolver will receive the address record it requires with no further referrals.
If the last nameserver queried did not contain authoritative data for the target of the CNAME, it would have issued the resolver with yet another referral, this time to the "text.wikimedia.org." zone. However, since the resolver had previously determined the authoritative nameservers for the "org." zone, it would not need to begin the resolution process from scratch but instead start at the "org." zone, thus avoiding a query to the root nameservers again.
Note that there is no requirement that resolving should involve any referrals at all. Looking up "en.wikipedia.org." on the ICANN
ICANN
The Internet Corporation for Assigned Names and Numbers is a non-profit corporation headquartered in Marina del Rey, California, United States, that was created on September 18, 1998, and incorporated on September 30, 1998 to oversee a number of Internet-related tasks previously performed directly...
root nameservers will always result in referrals, but if an alternative DNS root
Alternative DNS root
The Internet uses the Domain Name System to associate the names of computers with their numeric IP addresses and with other information. The top level of the domain name hierarchy, the DNS root, contains the top-level domains that appear as the suffixes of all Internet domain names. The official...
is used which is set up to contain a record for "en.wikipedia.org.", then the record will be returned on the first query.