Example of DNS zone | Stéphane D'Alu

Table of content

Default value for TTL
Zone example.com
1. Localhost
2. Name servers
3. Mail
4. Web and ftp
5. Services
6. Host
7. Delegation

The zone example.com will be defined to have the following specifications:

the zone is defined with two name servers: ns1.example.com and ns6.sample.net
two servers will manage the mail for the whole domain mrelay1.example.com and mrelay1.sample.com
hosting of ftp and web servers
two hosts are in the domain: incal and rork.
delegating the sub zone: home

Requirement: DNS, DNS records

Default value for TTL

The record lifespan is set to 1 day by default.

    $TTL            1D

Zone example.com

The zone is defined by:

the serial number and the associated various delays (refresh, delay before retry, delay before expiration, minimum conservation time),
the DNS servers necessary for managing the zone (NS),
the servers dealing with the mails (MX) and a rule to define outgoing mail (SPF).

master/example.com

    example.com.    IN      SOA    ns1.example.com. hostmaster.example.com. (
                                     2011040100     ; Serial
                                     2H             ; Refresh
                                     1H             ; Retry
                                     7D             ; Expire
                                     1D )           ; Minimum
                    IN      NS     ns1.example.com.
                    IN      NS     ns6.sample.net.
                    IN      MX     10 mrelay1.example.com.
                    IN      MX     20 mrelay1.sample.com.
                    IN      SPF    "v=spf1 a:mrelay1.example.com ~all"

Localhost

The loopback called localhost is defined to avoid overloading the server of the zone above with requests that should stay local, and provide a greater security by defining ourselves the value of localhost.

master/example.com

    ; Myself
    ;----------------------------------------------------------------------
    localhost       IN      A      127.0.0.1
                    IN      AAAA   ::1

Name servers

One of the name servers (ns1.example.com) used to delegate the domain belongs to it.

master/example.com

    ; DNS
    ;----------------------------------------------------------------------
    ns1             IN      A      192.168.1.5
                    IN      AAAA   2001:db8:0:1::5

Remember that for the delegation it will be necessary to include this data. More information is available on the NS record.

Mail

Mail to be sent to the domain has been defined previously by the MX record, it is now necessary to provide the definition of the MX used for this domain (mrelay1), a rule describing outgoing mail will also be provided (SPF record) to limit spam. Mail will be read from a web interface (mail) and with a mail reader using the IMAP protocol (imap), sending mail is done with SMTP protocol (smtp). Distinction is done here between incoming and outgoing mails for the domain (mrelay1) and the mail sent by mail clients belonging to the domain (smtp).

master/example.com

    ; Mail
    ;----------------------------------------------------------------------
    mrelay1         IN      A      192.168.1.10
                    IN      SPF    "v=spf1 a ~all"

    mail            IN      A      192.168.1.10
                    IN      AAAA   2001:db8:0:1::10
    smtp            IN      CNAME  mail
    imap            IN      CNAME  mail

Web and ftp

Two web servers and an ftp server are created. And the geographical location of the web server is specified.

master/example.com

    ; Web
    ;----------------------------------------------------------------------
    www             IN      A      192.168.1.20
                    IN      AAAA   2001:db8:0:1::20
                    IN      LOC    45 45 8.15 N 4 52 20.17 E 180m 5m 5m 5m
    piwik           IN      CNAME  www

    ; Ftp
    ;----------------------------------------------------------------------
    ftp             IN      A      192.168.1.20
                    IN      AAAA   2001:db8:0:1::20

Services

Names for the LDAP and Subversion services are defined.

master/example.com

    ; Other sevices
    ;----------------------------------------------------------------------
    ldap            IN      A      192.168.1.5
                    IN      AAAA   2001:db8:0:1::5
    svn             IN      A      192.168.1.20
                    IN      AAAA   2001:db8:0:1::20

Host

Two hosts in the domain are defined here, and their SSH fingerprints are published.

master/example.com

    ; Host
    ;----------------------------------------------------------------------
    incal           IN      A      192.168.1.207
                    IN      AAAA   2001:db8:0:1::207
                    IN      SSHFP  1 1 760b00b0656e5e7b15a6d9f3091dc6ad428015f1
                    IN      SSHFP  2 1 d4beef568791c5074a66455d8d38ab7500dcb391

    rork            IN      A      192.168.2.124
                    IN      AAAA   2001:db8:0:2::124
                    IN      SSHFP  1 1 a906b58df5cc9a6fdea2bb98508b04291d7784b4
                    IN      SSHFP  2 1 831e8dd3a77883cdc51176a5ef4a0529b0371087

Delegation

Zone delegation for the home zone is put into place with the NS records. Be careful, the following sample uses only one name server instead of the two advised.

master/example.com

1
2
3

    ; Delegation
    ;----------------------------------------------------------------------
    home            IN      NS     ns1.example.com.