{"id":61,"date":"2011-08-06T10:19:38","date_gmt":"2011-08-06T09:19:38","guid":{"rendered":"http:\/\/www.simweb.ch\/blog\/?p=61"},"modified":"2011-08-06T10:33:39","modified_gmt":"2011-08-06T09:33:39","slug":"bind-nsd-zone-files-explained","status":"publish","type":"post","link":"https:\/\/www.simweb.ch\/blog\/2011\/08\/bind-nsd-zone-files-explained\/","title":{"rendered":"BIND \/ NSD zone files explained"},"content":{"rendered":"

At work there was a old physical Windows who run DNS for several small domains I got the job of transfering the DNS zones to a NSD server on a Linux VM - with lower memory footprint. I was able to transfer the zones either by copying and fixing the Window zone files (need to be fixed anyway) from C:\\Windows\\system32\\dns\\foo.ch.dns or by using dig if you can't copy zone files but the remote DNS allows zone transfer:<\/p>\n

dig @OriginatingNS myawesomedomain.com AXFR > myawesomedomain.com.zone<\/pre>\n
<\/pre>\n
I've been used to edit zone files manually on my private BIND and\u00a0 NSD - while it compiles its own DB to be faster: It's the same source format. But my knowhow got a bit rusty on that topic and I learned I can write less to get the same result. (less repetitive and error prone). A big thanks goes to the helping hands in #DNS on the freenode IRC, who helped me to get back in the seat and fix the strangenesses of the Windows zones and refactor the stuff .<\/p>\n
If you have to cleanup a zone file anyway I hope this commented sample gives you some ideas:<\/p>\n
;\r\n; Zone file for foo.ch\r\n;\r\n\r\n$ORIGIN foo.ch.\r\n$TTL 86400\r\n\r\n@ IN SOA ns1.foo.ch. hostmaster.foo.ch. (\r\n40 ; serial number\r\n21600 ; refresh\r\n7200 ; retry\r\n691200 ; expire\r\n86400 ) ; default TTL\r\n\r\n; NS\r\nNS ns1.otherdomain.ch.\r\nNS ns2.otherdomain.ch.\r\n\r\n; MX\r\nMX 10 mySMTP\r\nMX 10 externalSMTP.null.ch.\r\n\r\n; A\r\n     A <IP>\r\nsub1 A <IP>\r\nsub2 A <IP>\r\n\r\n; CNAME\r\nwww2 CNAME @\r\nwww2 CNAME sub1\r\nwww1 CNAME www.null.ch.<\/pre>\n
Explanations<\/h4>\n
About the SOA record:<\/strong> There are people who know better about TTL and other settings. But more about the mail address you put in the zone file: RFC2142 says hostmaster@domain should exist (or forwarded) to someone on charge for this DNS zone. You can put any other valid address but the RFC strongly encourages you to have hostmaster@domain available for commidity. (as is postmaser@domain btw)<\/p>\n
If you do it manually, I'd recommend using a zone serial of YYYYMMDD01, I read that in some BIND book, I hope this is still valid.<\/p>\n
Shorter entries<\/strong><\/p>\n
By adding a $ORIGIN variable (don't forget to a \".\" at the end)\u00a0 you can already write less. Here is acorrect but long example (i.e. via AXFR from dig):<\/p>\n
foo.ch       86400 IN A <IP>\r\nsub1.foo.ch. 86400 IN A <IP><\/pre>\n
Short but sufficient if $TTL and $ORIGIN set:<\/p>\n
@    A <IP>\r\nsub1 A <IP><\/pre>\n
Explanation: @ uses $ORIGIN variable and replaces it, $TTL\u00a0 is also inserted automatically without mentioning it and IN can be left out as it seems to be automatically assumed of not present<\/a>. For A records pointing to foo.ch you can even leave out the @, it's also sufficient:<\/p>\n
A <IP><\/pre>\n
With CNAMEs you can also use the @ if the A record is pointing to foo.ch:<\/p>\n
demo CNAME @\r\n     CNAME @<\/pre>\n
Be warned this one won't work:<\/p>\n
demo CNAME<\/pre>\n
If you have external names, let's say you don't operate your own MX, you can add this entry ending with the FQDN completed with \".\"<\/p>\n","protected":false},"excerpt":{"rendered":"
At work there was a old physical Windows who run DNS for several small domains I got the job of transfering the DNS zones to a NSD server on a Linux VM – with lower memory footprint. I was able to transfer the zones either by copying and fixing the Window zone files (need to … more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[1],"tags":[11,9,10],"class_list":["post-61","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-bind","tag-dns","tag-nsd"],"_links":{"self":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts\/61","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/comments?post=61"}],"version-history":[{"count":0,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts\/61\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/media?parent=61"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/categories?post=61"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/tags?post=61"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}