A simple DNS zone

This post explains how to point your domain name to a server by writing a plain text file.

What is a zone?

To setup a website, you need a domain name and a server hosting your web. The glue that associates your domain name with the IP of your server is the DNS zone. The DNS zone is a text file with at least a line like this:

@  3600  IN   A  37.153.96.123

This means “the IP of this domain is 37.153.96.123. Reload this file in hour to check for changes”. This file is physically hosted in the nameserver of your domain seller, which together with other nameservers forms the Domain Name System.

Usually you would configure this file through a web interface but writing it yourself in plain text is straightforward. Here is my complete zone file:

*  3600  IN   A  37.153.96.123
@  3600  IN   A  37.153.96.123
@  3600  IN  MX  1 ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  5 ALT1.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  5 ALT2.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  10 ALT3.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  10 ALT4.ASPMX.L.GOOGLE.COM.
@  3600  IN TXT  "google-site-verification=H2wZIxEo74Ygq1_mcoj4k1M9UUY8cJahCgvt0-7aWEE"

It looks complicated now, but everything looks complicated before it looks easy. By the end of this post you will know how to write yours.

What is the DNS?

The Domain Name System (DNS) is a globally distributed network of name servers that translate domain names to IP addresses.

DNS = the address book for Internet servers

For example, your friends have numeric telephone numbers but you never type those. Instead, you click their names in your address book. Likewise, even when Internet addresses are numeric, we use domain names instead.

Because of the sheer number of domains in the Internet, it wouldn’t be possible to store them on a single computer. Instead, translations between IPs and domain names is provided by a network of servers distributed around the world. Together, they form the DNS, short for Domain Name System.

When you type a server name in your browser, the browser automatically looks up that name in a DNS server, gets the associated IP address, and calls that IP address. All in less than a second.


A name server is a server which answers DNS queries. When you buy a domain, the seller sets up your domain on one of his name servers, and gives you access in case you want to change anything. Whenever a browser requests the IP for your domain, that name server will reply with the information.

The DNS is hierarchical. Usually, big servers provided by your Internet provider company have most popular domains in memory. If they are queried about a new domain, they delegate and delegate until reaching the original name server where that domain was registered. If you change your DNS data, it will take between 1 and 10 hours to spread around the world, up to a maximum of around 36 hours.

Zone format

The DNS information for a given domain is contained in a zone file, which is a file containing rows with the following fields:

nameTTLrecord classrecord typerecord data

Fields

The name indicates the subdomain that this record refers to. The value may be @ (base domain), * (any subdomain), or an arbitrary string (a specific subdomain).

name meaning explanation
blog blog.pokemon.com Subdomains are defined by any arbitrary string in the field name.
@ pokemon.com This is the same as blank, but other records may reference this entry using @.
* *.pokemon.com An asterisk means this record applies to any subdomain not explicitly named in the zone.

TTL is the numerical value, in seconds, of how long a DNS record will be kept in memory before it is read again from the zone file. This implies that if you edit the zone file, that change will take up to TTL seconds to be effective. Common values seems to be 10800 (3 hours), and 28800 (8 hours).

The record class is IN (short for Internet) for records involving host names, servers, or IP addresses.

The record type is one of 38 possible DNS record types. The most common are A, AAAA, CNAME, MX, TXT.

A Address record Maps a 32-bit IPv4 address to a domain name.
AAAA IPv6 address record Maps a 128-bit IPv6 address to a domain name.
CNAME Canonical name record Alias one name to another name or to an IP address.
MX Mail eXchange record Maps a domain to a mail transfer agent (MTA), which is a computer acting both as client and server of the SMTP protocol.
TXT Text record Stores arbitrary human-readable text in a DNS record. This is commonly used to hold SPF data and verify domain ownership.

The record data depends on the kind of record.

  • For an A record it will be an IP address.
  • For a MX record it will be: priority, space, MTA name, dot.
  • For a TXT the value format is not defined in the DNS standard.

So what was in my zone file?

@  3600  IN   A  37.153.96.123

This is an A record for the IP of my virtual machine. It has no subdomain so it refers to my base domain jano.com.es. The name server will re-read the file every hour (3600 seconds).

*  3600  IN   A  37.153.96.123

This maps any subdomain to the same IP. You could be browsing this site using asfhsdkfjdsh.jano.com.es and it would work just the same. Try it. If I wanted to create just an specific subdomain like blog, I would replace the asterisk with it.

@  3600  IN  MX  1 ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  5 ALT1.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  5 ALT2.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  10 ALT3.ASPMX.L.GOOGLE.COM.
@  3600  IN  MX  10 ALT4.ASPMX.L.GOOGLE.COM.

These are the MX records of the Gmail servers. The decimal number after the MX indicates the priority of each server (which one you should query first). In MX records, the domain name always ends with a dot.

@  3600  IN TXT  "google-site-verification=H2wZIxEo74Ygq1_mcoj4k1M9UUY8cJahCgvt0-7aWEE"

Finally, this is a TXT record that verifies my ownership of jano.com.es for Google. Some sites like Google, give you a string and ask you to create a TXT record with it to prove that you own that domain.

DNS Lookups

There are three tools to read DNS records: dig, host, and nslookup. If you are using MacOS or Linux, you may have all three. On Windows, you have only nslookup.

Try checking the TXT record of my domain:

dig -t txt jano.com.es  
host -t txt jano.com.es  
nslookup -type=TXT jano.com.es  

References

There is a lot to learn about the DNS if you are so inclined.

comments powered by Disqus