DNS zone file

Last change on 2021-03-15 • Created on 2020-03-25

Example of a zone file using the Hetzner standard template

The following zone file has been compiled for the domain `grossefirma.de:

$ORIGIN grossefirma.de.
$TTL 86400

; SOA Records
@        IN    SOA    hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600

; NS Records
@        IN    NS    helium.ns.hetzner.de.
@        IN    NS    hydrogen.ns.hetzner.com.
@        IN    NS    oxygen.ns.hetzner.com.

; A Records
@        IN    A     127.0.0.1
mail     IN    A     127.0.0.1
www      IN    A     127.0.0.1

; Others
@        IN    MX    10 mail

SOA record

$TTL 86400
@        IN    SOA    hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600
  • The DNS zone has a TTL (Time To Live) of 86400 seconds ($TTL 86400).
  • The name server hydrogen.ns.hetzner.com is responsible for the internet domain. (The @ character is a placeholder for the domain grossefirma.de itself.)
  • The period at the end of hydrogen.ns.hetzner.com. prevents the primary name server from being called hydrogen.ns.hetzner.com.grossefirma.de.
  • The email address for the administrator is dns@hetzner.com. (The first period is always replaced by the @ character.)
  • The zone file was last changed on 27 April 2020; this was the second change made on that day.
  • The secondary name server undertakes changes from the primary name server every 24 hours (TTL = 86,400 seconds; Time To Live).
  • In the event of an error, the secondary name server attempts synchronization again after 3 hours (3600 seconds).
  • If the secondary name server has not created synchronization with the primary name server after 1000 hours (3,600,000 seconds), it declares the domain invalid.
  • The entries are normally valid for 24 hours (86400 seconds) if no other value is defined.
  • Other name servers remember "negative" answers, so requests for non-existant hosts are likewise 24 hours.

Name servers

 @        IN    NS    helium.ns.hetzner.de.
 @        IN    NS    hydrogen.ns.hetzner.com.
 @        IN    NS    oxygen.ns.hetzner.com.
  • These 3 NS record specify helium.ns.hetzner.de, hydrogen.ns.hetzner.com and oxygen.ns.hetzner.com.com as responsible/authoritative nameservers.
  • The period at the end of the lines is required. Otherwise the main domain grossefirma.de is attached at the end, and helium.ns.hetzner.de would become helium.ns.hetzner.de.grossefirma.de. This would be nonsense in this case.
  • IP addresses are not permitted in NS records. If you are using your own name server (whose hostname should be ns1.grossefirma.de), define the appropriate A record and specify Glue with the domain's registrar. Registering the name server may be required as well, depending on the top level domain.

Hosts

@           IN A     1.2.3.4
www         IN A     2.3.4.5
mail        IN A     2.3.4.5
  • Enquiries, for example, in the web browser for grossefirma.de (without www.) are resolved to 1.2.3.4.
  • www.grossefirma.de has the IP address 2.3.4.5.
  • A host called mail.grossefirma.de exists, but it is not clear from this entry whether this is also the responsible/authoritative mail server.

Aliases

pop         IN CNAME www
smtp        IN CNAME www
relay       IN CNAME www
imap        IN CNAME www
ftp    3600 IN CNAME ftp.anderedomain.de.
  • www.grossefirma.de has the following additional names pop.grossefirma.de, smtp.grossefirma.de, relay.grossefirma.de and imap.grossefirma.de.
  • ftp.grossefirma.de is forwarded as ftp.anderedomain.de, as the period at the end prevents resolution to ftp.anderedomain.de.grossefirma.de.
  • ftp.grossefirma.de is valid for one hour only (3600 seconds); therefore, changes to the entries become known relatively quickly to the name servers on the worldwide internet. Important note: As long as the secondary name server still publishes the old values, this will result in a delay in possible changes to the data; therefore, you should also shorten the refresh time in the SOA record.

Note: If a subdomain already has a CNAME record, then you cannot set any further record types for this subdomain.

Mail servers

@           IN MX 10 mail
  • There is only one mail server and this is mail.grossefirma.de.
  • IP addresses are not allowed for MX records.
  • CNAMEs are not allowed in MX records; they are only allowed as aliases for A records.
  • You can list further mail servers in an additional line, but this doesn't often make much sense.
  • With several mail servers, the one with the least priority (here 10) is given preference.

Subdomain

technik     IN A     5.6.7.8
technik     IN MX 10 technik
  • A subdomain is created within the zone file; however, it is not delegated to an external name server.
  • The host technik.grossefirma.de is the responsible/authoritative host for the subdomain technik.grossefirma.de, which resolves to IP address 5.6.7.8.

TXT records

@           IN TXT   "v=spf1 mx -all"

Delegating a subdomain to a new zone

As an alternative to the procedure described above under "Subdomain", you could instead delegate subdomains to another DNS server.

Note: In the DNS Console, it is not possible to create DNS zones for subdomains! Here subdomains can only be defined as described in the section "Subdomain".

For example, a subdomain for the technology department of a large company needs to be set up for short-term internal tests. The DNS records of the subdomain need to be independent of the entries for the domain "grossefirma.de" (hosted at a large and possibly inflexible provider).

Preparing the main domain

In the zone file of the domain grossefirma.de, add the following entries:

technik     IN NS    ns.technik
ns.technik  IN A     5.6.7.8

For example, this lets name server queries for www.technik.grossefirma.de be passed on to ns.technik.grossefirma.de. Since this host name should be resolved even by this same name server in the parent domain, you should enter a glue record: ns.technik.grossefirma.de -> 5.6.7.8.

Configuring the zone file for the new subdomain

On the new name server, you need to create a zone file for the new subdomain:

@        IN    SOA    hydrogen.ns.hetzner.com. dns.hetzner.com. 2020042701 86400 10800 3600000 3600

@           IN NS    ns.technik
ns          IN A     5.6.7.8

@           IN MX 10 mail
mail        IN A     2.3.4.5

www         IN A     2.3.4.5

The administrator has the email address admin@technik.grossefirma.de.

  • The primary name server has the hostname ns.technik.grossefirma.de.
  • It is the only name server (there are no secondary name servers).
  • It has the IP address 5.6.7.8.
  • A host mail.technik.grossefirma.de with the IP address of 2.3.4.5 exists and is also responsible for receiving the subdomain's mail.
  • There is another host named www.technik.grossefirma.de which resolves to 2.3.4.5.
Table of Contents