DNS zone

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A DNS zone is a portion of a domain name space using the Domain Name System (DNS) for which administrative responsibility has been delegated.

Second-level domains[edit]

Many top-level registries open up their name spaces to the public or to entities with mandated geographic or otherwise scoped purpose for registration of second-level domains. Each one of these registrations obligates the registrant to maintain an administrative and technical infrastructure to manage the responsibility for its zone, including sub-delegation to lower-level domains. Each delegation confers essentially unrestricted autonomy over the allocated space. As each zone is further divided into sub-domains, each becoming a DNS zone itself with its own set of administrators and DNS servers, the tree grows with the largest number of leaf nodes at the bottom. At this lowest level, in the end-nodes or leaves of the tree, the term DNS zone becomes essentially synonymous with the term "domain", both in terms of use and administration. The term domain is used in the business functions of the entity assigned to it and the term zone is usually used for configuration of DNS services.

Forward DNS zones[edit]

The aforementioned DNS zones are all used for the mapping of humanly-practical, name-based domains to mostly numerically identified Internet resources. Such domain name resolution is also referred to as forward resolution and the DNS zones associated with such process are often referred to as forward zones.[citation needed]

The term arose as the opposite of reverse zones, used for the reverse process, namely the process of finding the DNS name associated with an IP address, for example. Such reverse zones are maintained in the Internet Address and Routing Parameter Area (domain arpa).[citation needed]

Another common use of the term forward zone refers to a specific configuration of DNS name servers, particularly caching name servers, in which resolution of a domain name is forwarded to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.[citation needed]

Internet infrastructure DNS zones[edit]

The arpa top-level domain serves as a delegation zone for various technical infrastructure aspects of DNS and the Internet, and does not follow the registration and delegation system of the country and generic domains. The name arpa is a remnant of the ARPANET, one of the predecessor stages of today's Internet. Intended as a transition aid to the modern DNS system, deleting the arpa domain was later found to be impractical. It is now officially the acronym for Address and Routing Parameter Area. It contains sub-zones used for reverse resolution of IP addresses to host names (IPv4: in-addr.arpa, IPv6: ip6.arpa), telephone number mapping (ENUM, e164.arpa), and uniform resource identifier resolution (uri.arpa, urn.arpa). Although the administrative structure of this domain and its sub-domains is different, the technical delegation into zones of responsibility is similar and the DNS tools and servers used are identical to any other zone. Sub-zones are delegated by components of the respective resources. For example,, which might represent an E.164 telephone number in the ENUM system, might be sub-delegated at suitable boundaries of the name. Examples of IP addresses in the reverse DNS zone are:, resolving to the domain name www.example.com. In the case of IP addresses, the reverse zones are always delegated to the Internet service provider (ISP) to which the IP address block is assigned. When an ISP allocates a range to a customer, it usually also delegates the management of that space to the customer by insertion of name server resource records (pointing to the customers DNS facilities) into their zone. Notably, however, many ISPs serving individual end-users, such as homes or small businesses with only one IP address do not do so.

Example of zone authority in DNS queries[edit]

As an example of the DNS resolving process, consider the role of a recursive DNS resolver attempting to look up the address "en.wikipedia.org.". It begins with a list of addresses for the most authoritative name servers it knows about – the root zone name servers (indicated by the full stop or period), which contains name server information for all top-level domains of the Internet.

When querying one of the root name servers, it is possible that the root zone will not directly contain a record for "en.wikipedia.org.", in which case it will provide a referral to the authoritative name servers for the "org." top level domain (TLD). The resolver is issued a referral to the authoritative name servers for the "org." zone, which it will contact for more specific information. Again when querying one of the "org." name servers, the resolver may be issued with another referral to the "wikipedia.org." zone, whereupon it will again query for "en.wikipedia.org.". Since (as of July 2010) "en.wikipedia.org." is a CNAME to "text.wikimedia.org." (which is in turn a CNAME to "text.esams.wikimedia.org."), and the "wikipedia.org." name servers also happen to contain authoritative data for the "wikimedia.org." zone, the resolution of this particular query occurs entirely within the queried name server, and the resolver will receive the address record it requires with no further referrals.

If the last name server queried did not contain authoritative data for the target of the CNAME, it would have issued the resolver with yet another referral, this time to the zone text.wikimedia.org.. However, since the resolver had previously determined the authoritative name servers for the zone org., it does not need to begin the resolution process from scratch but instead start at zone org., thus avoiding another query to the root name servers.

There is no requirement that resolving should involve any referrals at all. Looking up en.wikipedia.org. on the root name servers always results in referrals, but if an alternative DNS root is used which is set up to contain a record for en.wikipedia.org., then the record is returned on the first query.

See also[edit]