4.6 KiB
4.6 KiB
BIND9 Zone File and SOA Configuration Guide
1. What is a Zone File
A zone file defines DNS records for a specific domain. It maps domain names to IP addresses and other resources.
In this example, we are configuring a zone for:
test.com
2. SOA (Start of Authority) Record
Example
$TTL 120
@ IN SOA test.com. admin.test.com (
1;
86400;
7200;
57600;
3600);
Explanation
$TTL 120
- Default Time To Live for all records in this zone.
- Value is in seconds (120 seconds = 2 minutes).
- Controls how long DNS responses are cached.
SOA Record Structure
@ IN SOA <primary-ns> <admin-email> (
<serial>
<refresh>
<retry>
<expire>
<minimum>
)
Fields Breakdown
-
@- Refers to the root of the zone (
test.com).
- Refers to the root of the zone (
-
IN- Internet class (standard for DNS).
-
SOA- Start of Authority record. Defines the authoritative source for the zone.
SOA Parameters
-
Primary Nameserver
test.com.- The authoritative DNS server for this zone.
- Must be a fully qualified domain name (FQDN).
-
Admin Email
admin.test.com- Represents
admin@test.com. - The
@is replaced with a dot in DNS format.
- Represents
Timing Parameters
-
Serial
1;- Version number of the zone.
- Must be incremented on every change.
- Secondary DNS servers use this to detect updates.
-
Refresh (86400 seconds = 24 hours)
- How often secondary servers check for updates.
-
Retry (7200 seconds = 2 hours)
- Retry interval if refresh fails.
-
Expire (57600 seconds = 16 hours)
- Time after which secondary servers discard the zone if they cannot reach the primary.
-
Minimum TTL (3600 seconds = 1 hour)
- Default negative caching time (NXDOMAIN responses).
3. DNS Records in the Zone
Example Zone File
@ IN NS test.com.
@ IN A 10.10.30.1
www IN CNAME docs.test.com
docs IN A 10.10.20.1
NS Record
@ IN NS test.com.
- Defines the authoritative nameserver for the domain.
test.com.must resolve to an IP (via an A record).
A Record
@ IN A 10.10.30.1
- Maps
test.com→10.10.30.1.
CNAME Record
www IN CNAME docs.test.com
www.test.combecomes an alias ofdocs.test.com.- DNS queries for
wwwwill resolve to the IP ofdocs.
Additional A Record
docs IN A 10.10.20.1
- Maps
docs.test.com→10.10.20.1.
4. The Trailing Dot in DNS
Example
test.com.
Explanation
- The trailing dot (
.) indicates a fully qualified domain name (FQDN). - Without the dot, BIND appends the current zone name.
Example Behavior
-
docs.test.com(no dot) → interpreted asdocs.test.com.test.com -
docs.test.com.(with dot) → interpreted correctly asdocs.test.com
Rule:
- Always use a trailing dot for absolute domain names in zone files.
5. Zone Configuration in BIND
File: /etc/bind/named.conf.local
zone 'test.com' IN {
type master;
file "/etc/bind/zones/test.com.zone";
};
Explanation
-
zone 'test.com'- Declares the domain being managed.
-
type master- This server is the authoritative source for the zone.
-
file- Path to the zone file.
6. Validating the Zone File
named-checkzone test.com /etc/bind/zones/test.com.zone
Purpose
-
Validates syntax and logic of the zone file.
-
Detects:
- Missing dots
- Invalid records
- Formatting errors
7. Applying Configuration Changes
Reconfigure BIND
rndc reconfig
- Reloads BIND configuration files.
- Detects new or modified zones.
Reload Specific Zone
rndc reload test.com
- Reloads only the
test.comzone. - Faster and more efficient than restarting the entire service.
8. Key Operational Notes
- Always increment the serial number after modifying the zone.
- Use
named-checkzonebefore applying changes. - Prefer
rndc reloadover full service restart for production systems. - Ensure proper file permissions for
/etc/bind/zones/.
9. Summary
This setup defines:
-
A master DNS zone for
test.com -
Authoritative records:
- Root domain (
test.com) docs.test.com- Alias
www.test.com
- Root domain (
-
Proper SOA configuration for synchronization
-
DNS validation and reload workflow using BIND tools