BIND / NSD zone files explained

At work there was a old physical Windows who run DNS for several small domains I got the job of transfering the DNS zones to a NSD server on a Linux VM – with lower memory footprint. I was able to transfer the zones either by copying and fixing the Window zone files (need to be fixed anyway) from C:\Windows\system32\dns\ or by using dig if you can’t copy zone files but the remote DNS allows zone transfer:

dig @OriginatingNS AXFR >

I’ve been used to edit zone files manually on my private BIND and  NSD – while it compiles its own DB to be faster: It’s the same source format. But my knowhow got a bit rusty on that topic and I learned I can write less to get the same result. (less repetitive and error prone). A big thanks goes to the helping hands in #DNS on the freenode IRC, who helped me to get back in the seat and fix the strangenesses of the Windows zones and refactor the stuff .

If you have to cleanup a zone file anyway I hope this commented sample gives you some ideas:

; Zone file for

$TTL 86400

@ IN SOA (
40 ; serial number
21600 ; refresh
7200 ; retry
691200 ; expire
86400 ) ; default TTL

; NS

; MX
MX 10 mySMTP
MX 10

; A
     A <IP>
sub1 A <IP>
sub2 A <IP>

www2 CNAME @
www2 CNAME sub1
www1 CNAME


About the SOA record: There are people who know better about TTL and other settings. But more about the mail address you put in the zone file: RFC2142 says hostmaster@domain should exist (or forwarded) to someone on charge for this DNS zone. You can put any other valid address but the RFC strongly encourages you to have hostmaster@domain available for commidity. (as is postmaser@domain btw)

If you do it manually, I’d recommend using a zone serial of YYYYMMDD01, I read that in some BIND book, I hope this is still valid.

Shorter entries

By adding a $ORIGIN variable (don’t forget to a “.” at the end)  you can already write less. Here is acorrect but long example (i.e. via AXFR from dig):       86400 IN A <IP> 86400 IN A <IP>

Short but sufficient if $TTL and $ORIGIN set:

@    A <IP>
sub1 A <IP>

Explanation: @ uses $ORIGIN variable and replaces it, $TTL  is also inserted automatically without mentioning it and IN can be left out as it seems to be automatically assumed of not present. For A records pointing to you can even leave out the @, it’s also sufficient:

A <IP>

With CNAMEs you can also use the @ if the A record is pointing to

demo CNAME @
     CNAME @

Be warned this one won’t work:

demo CNAME

If you have external names, let’s say you don’t operate your own MX, you can add this entry ending with the FQDN completed with “.”

