BIND / NSD zone files explained

At work there was a old physical Windows who run DNS for several small domains I got the job of transfering the DNS zones to a NSD server on a Linux VM – with lower memory footprint. I was able to transfer the zones either by copying and fixing the Window zone files (need to be fixed anyway) from C:\Windows\system32\dns\foo.ch.dns or by using dig if you can’t copy zone files but the remote DNS allows zone transfer:

dig @OriginatingNS myawesomedomain.com AXFR > myawesomedomain.com.zone

I’ve been used to edit zone files manually on my private BIND and  NSD – while it compiles its own DB to be faster: It’s the same source format. But my knowhow got a bit rusty on that topic and I learned I can write less to get the same result. (less repetitive and error prone). A big thanks goes to the helping hands in #DNS on the freenode IRC, who helped me to get back in the seat and fix the strangenesses of the Windows zones and refactor the stuff .

If you have to cleanup a zone file anyway I hope this commented sample gives you some ideas:

;
; Zone file for foo.ch
;

$ORIGIN foo.ch.
$TTL 86400

@ IN SOA ns1.foo.ch. hostmaster.foo.ch. (
40 ; serial number
21600 ; refresh
7200 ; retry
691200 ; expire
86400 ) ; default TTL

; NS
NS ns1.otherdomain.ch.
NS ns2.otherdomain.ch.

; MX
MX 10 mySMTP
MX 10 externalSMTP.null.ch.

; A
     A <IP>
sub1 A <IP>
sub2 A <IP>

; CNAME
www2 CNAME @
www2 CNAME sub1
www1 CNAME www.null.ch.

Explanations

About the SOA record: There are people who know better about TTL and other settings. But more about the mail address you put in the zone file: RFC2142 says hostmaster@domain should exist (or forwarded) to someone on charge for this DNS zone. You can put any other valid address but the RFC strongly encourages you to have hostmaster@domain available for commidity. (as is postmaser@domain btw)

If you do it manually, I’d recommend using a zone serial of YYYYMMDD01, I read that in some BIND book, I hope this is still valid.

Shorter entries

By adding a $ORIGIN variable (don’t forget to a “.” at the end)  you can already write less. Here is acorrect but long example (i.e. via AXFR from dig):

foo.ch       86400 IN A <IP>
sub1.foo.ch. 86400 IN A <IP>

Short but sufficient if $TTL and $ORIGIN set:

@    A <IP>
sub1 A <IP>

Explanation: @ uses $ORIGIN variable and replaces it, $TTL  is also inserted automatically without mentioning it and IN can be left out as it seems to be automatically assumed of not present. For A records pointing to foo.ch you can even leave out the @, it’s also sufficient:

A <IP>

With CNAMEs you can also use the @ if the A record is pointing to foo.ch:

demo CNAME @
     CNAME @

Be warned this one won’t work:

demo CNAME

If you have external names, let’s say you don’t operate your own MX, you can add this entry ending with the FQDN completed with “.”

August 6, 2011

Posted In: Uncategorized

Tags: , ,

Leave a Comment