Example of a zone file using the Hetzner standard template
The following zone file has been compiled for the domain grossefirma.de:
$ORIGIN grossefirma.de.
$TTL 86400
; SOA Records
@ IN SOA hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600
; NS Records
@ IN NS helium.ns.hetzner.de.
@ IN NS hydrogen.ns.hetzner.com.
@ IN NS oxygen.ns.hetzner.com.
; A Records
@ IN A 127.0.0.1
mail IN A 127.0.0.1
www IN A 127.0.0.1
; Others
@ IN MX 10 mailSOA record
$TTL 86400
@ IN SOA hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600- The DNS zone has a TTL (Time To Live) of 86400 seconds ($TTL 86400).
- The name server
hydrogen.ns.hetzner.comis responsible for the internet domain. (The @ character is a placeholder for the domaingrossefirma.deitself.) - The period at the end of
hydrogen.ns.hetzner.com.prevents the primary name server from being calledhydrogen.ns.hetzner.com.grossefirma.de. - The email address for the administrator is
dns@hetzner.com. (The first period is always replaced by the@character.) - The zone file was last changed on 27 April 2020; this was the second change made on that day.
- The secondary name server undertakes changes from the primary name server every 24 hours (TTL = 86,400 seconds; Time To Live).
- In the event of an error, the secondary name server attempts synchronization again after 3 hours (3600 seconds).
- If the secondary name server has not created synchronization with the primary name server after 1000 hours (3,600,000 seconds), it declares the domain invalid.
- The entries are normally valid for 24 hours (86400 seconds) if no other value is defined.
- Other name servers remember "negative" answers, so requests for non-existant hosts are likewise 24 hours.
Name servers
@ IN NS helium.ns.hetzner.de.
@ IN NS hydrogen.ns.hetzner.com.
@ IN NS oxygen.ns.hetzner.com.- These 3 NS record specify
helium.ns.hetzner.de,hydrogen.ns.hetzner.comandoxygen.ns.hetzner.com.com as responsible/authoritative nameservers. - The period at the end of the lines is required. Otherwise the main domain
grossefirma.deis attached at the end, andhelium.ns.hetzner.dewould becomehelium.ns.hetzner.de.grossefirma.de. This would be nonsense in this case. - IP addresses are not permitted in NS records. If you are using your own name server (whose hostname should be
ns1.grossefirma.de), define the appropriate A record and specify Glue with the domain's registrar. Registering the name server may be required as well, depending on the top level domain.
Hosts
@ IN A 1.2.3.4
www IN A 2.3.4.5
mail IN A 2.3.4.5- Enquiries, for example, in the web browser for
grossefirma.de(withoutwww.) are resolved to1.2.3.4. www.grossefirma.dehas the IP address2.3.4.5.- A host called
mail.grossefirma.deexists, but it is not clear from this entry whether this is also the responsible/authoritative mail server.
Aliases
pop IN CNAME www
smtp IN CNAME www
relay IN CNAME www
imap IN CNAME www
ftp 3600 IN CNAME ftp.anderedomain.de.www.grossefirma.dehas the following additional namespop.grossefirma.de,smtp.grossefirma.de,relay.grossefirma.deandimap.grossefirma.de.ftp.grossefirma.deis forwarded asftp.anderedomain.de, as the period at the end prevents resolution toftp.anderedomain.de.grossefirma.de.ftp.grossefirma.deis valid for one hour only (3600 seconds); therefore, changes to the entries become known relatively quickly to the name servers on the worldwide internet. Important note: As long as the secondary name server still publishes the old values, this will result in a delay in possible changes to the data; therefore, you should also shorten the refresh time in the SOA record.
Note: If a subdomain already has a CNAME record, then you cannot set any further record types for this subdomain.
Mail servers
@ IN MX 10 mail- There is only one mail server and this is
mail.grossefirma.de. - IP addresses are not allowed for MX records.
- CNAMEs are not allowed in MX records; they are only allowed as aliases for A records.
- You can list further mail servers in an additional line, but this doesn't often make much sense.
- With several mail servers, the one with the least priority (here 10) is given preference.
Subdomain
technik IN A 5.6.7.8
technik IN MX 10 technik- A subdomain is created within the zone file; however, it is not delegated to an external name server.
- The host
technik.grossefirma.deis the responsible/authoritative host for the subdomaintechnik.grossefirma.de, which resolves to IP address5.6.7.8.
TXT records
@ IN TXT "v=spf1 mx -all"grossefirma.dehas a TXT recordv=spf1 mx -all- This record type can be used for SPF (Sender Policy Framework)
Delegating a subdomain to a new zone
As an alternative to the procedure described above under "Subdomain", you could instead delegate subdomains to another DNS server.
Note: In the DNS Console, it is not possible to create DNS zones for subdomains! Here subdomains can only be defined as described in the section "Subdomain".
For example, a subdomain for the technology department of a large company needs to be set up for short-term internal tests. The DNS records of the subdomain need to be independent of the entries for the domain "grossefirma.de" (hosted at a large and possibly inflexible provider).
Preparing the main domain
In the zone file of the domain grossefirma.de, add the following entries:
technik IN NS ns.technik
ns.technik IN A 5.6.7.8For example, this lets name server queries for www.technik.grossefirma.de be passed on to ns.technik.grossefirma.de. Since this host name should be resolved even by this same name server in the parent domain, you should enter a glue record: ns.technik.grossefirma.de -> 5.6.7.8.
Configuring the zone file for the new subdomain
On the new name server, you need to create a zone file for the new subdomain:
@ IN SOA hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600
@ IN NS ns.technik
ns IN A 5.6.7.8
@ IN MX 10 mail
mail IN A 2.3.4.5
www IN A 2.3.4.5The administrator has the email address admin@technik.grossefirma.de.
- The primary name server has the hostname
ns.technik.grossefirma.de. - It is the only name server (there are no secondary name servers).
- It has the IP address
5.6.7.8. - A host
mail.technik.grossefirma.dewith the IP address of2.3.4.5exists and is also responsible for receiving the subdomain's mail. - There is another host named
www.technik.grossefirma.dewhich resolves to2.3.4.5.