What Is A DNS Zone?
A DNS zone file is used by a name server to convert a FQDN to an IP address. Consider the following example.
Since name servers are public, we can take a look at other name servers to see how they are configured using a command called dig. The dig (Domain Information Groper) command is a popular Linux utility for performing DNS lookups. It offers more flexibility than Windows NSLookup, but it is not by default available in Windows 10. Installing BIND is one option for using dig on Windows. To learn how to enable the dig command in Windows, use your preferred search engine.
1 Open a terminal (cmd) window.
2 Type dig ns.google.com www.google.com any
3 This will return the records for the Google web servers. The A stands for Address.
4 You should see something like this in the output:; <<>> DiG 9.16.35 <<>> ns.google.com www.google.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20994
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5b871c933f22299746e93e8263ab99b2ef32ba753df36c22 (good)
;; QUESTION SECTION:
;ns.google.com. IN A
;; ANSWER SECTION:
ns.google.com. 0 IN A 216.239.32.10
;; Query time: 148 msec
;; SERVER: 172.31.6.10#53(172.31.6.10)
;; WHEN: Wed Dec 28 07:19:46 Bangladesh Standard Time 2022
;; MSG SIZE rcvd: 86
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11938
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 5b871c933f2229972deab7a263ab99b24fd42cd2143933f2 (good)
;; QUESTION SECTION:
;www.google.com. IN ANY
;; ANSWER SECTION:
www.google.com. 0 IN A 142.250.206.100
;; Query time: 1 msec
;; SERVER: 172.31.6.10#53(172.31.6.10)
;; WHEN: Wed Dec 28 07:19:46 Bangladesh Standard Time 2022
;; MSG SIZE rcvd: 87
A DNS zone is a specific portion of the DNS namespace managed by a specific organization or administrator in the Domain Name System (DNS). A DNS zone is a granular control space for DNS components such as authoritative nameservers. The DNS is divided into many zones, which are distinct managed areas of the DNS namespace. DNS zones do not have to be physically separated from one another; a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.
The Internet’s domain namespace is organized in a hierarchical layout of subdomains beneath the DNS root domain. Individual domains in this tree may serve as administrative authority and management delegation points. However, it is usually preferable to implement fine-grained delegation boundaries so that multiple sub-levels of a domain can be managed independently. As a result, the domain name space is divided into zones for this purpose. A zone begins at a domain and extends down the tree to the leaf nodes or the top-level of subdomains, where other zones begin.
DNS is made up of domains logically but zones physically.
A domain is a logical division of the DNS name space, whereas a zone is a physical division because the information is stored in a zone file. In most cases, a domain and a DNS zone have a one-to-one relationship, so the domain mydomain.com would be stored in a zone file called mydomain.com.txt.
We’ll begin with a simple analogy to explain zones and zone files and how they work.
A DNS Zone Story
Quidditch (formerly known as Kwidditch and Cuaditch) is a broomstick-based wizarding sport. It is the most popular and well-known game among wizards and witches, and, according to Rubeus Hagrid, it is the equivalent of Muggles' love of football (Soccer). The game involves four balls(a Quaffle, two Bludgers, and a Golden Snitch) and is played by two teams of seven people (three Chasers, two Beaters, one Keeper, and one Seeker) . The Keeper guards the goal posts, while the three Chasers score goals by tossing the Quaffle into one of the opposing team's three goal posts. The two Beaters keep the Bludgers away from their team, and the Seeker catches the Golden Snitch to end the game. The team whose Seeker catches the Snitch receives 150 points, but this does not guarantee victory if the opposing team still has more points after the Snitch is caught. The goal of the game is to get more points than your opponents. Each goal is worth ten points, and catching the Golden Snitch is worth 150 points. The game ends when the Snitch is caught or when the captains of both teams reach an agreement. Some games could last for several days if the Snitch was not discovered. The Inter-House Quidditch Cup, also known as the Hogwarts Quidditch Cup or simply the Quidditch Cup, is given to the House Quidditch team with the most total points each year at Hogwarts School of Witchcraft and Wizardry. The Championship is structured as a mini-league, with each house team playing each other throughout the year. This results in three games for each team and six games for the entire school to enjoy. Because there are so few games, each one is eagerly anticipated and is usually attended by the entire school, including the teachers.
Hogwarts is divided into four houses. The heads of all four houses are listed below.
| Team | Head of House |
| Gryffindor | Minerva McGonagall |
| Hufflepuff | Pomona Sprout |
| Ravenclaw | Filius Flitwick |
| Slytherin | Severus Snape |
The players for each team are listed below.
Team Gryffindor
Chasers
Katie Bell
Angelina Johnson
Alicia Spinnet
Beaters
Fred Weasley
George Weasley
Keeper
Oliver Wood(Captain)
Seeker
Harry PotterTeam Hufflepuff
Chasers
Malcolm Preece
Heidi Macavoy
Tamsin Applebee
Beaters
Maxine O’Flaherty
Anthony Rickett
Keeper
Herbert Fleet
Seeker
Cedric Diggory(Captain)Team Ravenclaw
Chasers
Roger Davies(Captain)
Jeremy Stretton
Randolph Burrow
Beaters
Duncan Inglebee
Jason Samuels
Keeper
Grant Page
Seeker
Cho ChangTeam Slytherin
Chasers
Marcus Flint(Captain)
Graham Montage
C. Warrington
Beaters
Peregrine Derrick
Lucian Bole
Keeper
Miles Bletchley
Seeker
Draco MalfoyNow the challenge is - Anyone should be able to contact any player on any of the teams.
So you could make a paper list with the names and phone numbers written on it. This was essentially the hosts file method.
This method works, but it is inefficient.
Another option is to make four lists: one for team Gryffindor, one for team Hufflepuff, one for team Ravenclaw and one for team Slytherin.
So you now have three lists, but who manages them?
Because each team has a head of house, you should delegate the list to the head of house.
- Minerva McGonagall manages Gryffindor
- Pomona Sprout manages Hufflepuff
- Filius Flitwick manages Ravenclaw
- Severus Snape manages Slytherin
Now, Headmaster Dumbledore wants Jason Samuels’ phone number from Team Ravenclaw. How does he obtain it?
He needs to know who has Team Ravenclaws’s player list first. So Headmaster Dumbledore requires a list of all the managers’ names and phone numbers. The manager’s name isn’t really important, just the phone number.
So, if someone wants to find Jason Samuels’ phone number on Team Ravenclaw, they contact Headmaster Dumbledore, who returns the phone number of Team Ravenclaw’s manager (Filius Flitwick). They then ask Filius Flitwick for Jason Samuels’ phone number. As illustrated in the diagram below:
When compared to IP addresses and domain names,
- Jason Samuels = A web server, for example
- Phone number = the IP address
- Team Ravenclaw = a Domain Name
- HeadMaster Dumbledore,Minerva McGonagall,Pomona Sprout,Filius Flitwick, Severus Snape are name servers.
- The lists are zones or zone files
If the concept is still not clear to you, please continue reading. It will be in a few sections. Just keep this analogy in the back of your head.
Notice Headmaster Dumbledore doesn’t have a list of players but head of houses i.e it doesn’t contain host names (A records) but head of house names (name server records NS records). Also, Headmaster Dumbledore needs to know who has the team list for all of the teams below him, whereas Filius Flitwick only needs to know the phone number for the Top of the Tree, which in this case is Headmaster Dumbledore because we only have two levels, but this isn't required.
Primary Zones And Secondary Zones
What happens when the head of house goes on vacation?
All they have to do is photocopy their list and give it to someone else (for example, Horace Slughorn), and tell Headmaster Dumbledore the person’s contact information so Headmaster Dumbledore can update his list.
There are always two name servers in DNS for resilience.
In the diagram below, we have added Horace Slughorn to Headmaster Dumbledore’s list. We should also include a note in Severus Snape’s list to remind him to send the list and list updates to Horace Slughorn.
The analogy above depicts two crucial concepts in DNS: primary and secondary zones, as well as zone transfer.
A zone can be classified as either primary or secondary.
Primary zones are now known as master zones, and secondary zones are known as slave zones.
The primary zone is the master record, and it is the one that the administrator changes. To keep things simple, only Severus Snape has the ability to update the list. He has the original (primary zone). When he updates the list, he must send a copy to Horace Slughorn, who already has a copy (secondary zones or slave zones).
Zone Transfer
These changes are copied to the secondary zones on DNS in a process known as zone transfer.
Zone transfer is normally performed from primary to secondary zones, but it is requested by the DNS server in charge of the secondary zone. In our example, Horace Slughorn would ask Severus Snape for an update list. The primary servers can be configured to notify secondary servers of changes.
A zone transfer is, at its most basic, a file copy.
A DNS server that hosts a primary zone is known as a primary name server (master), while one that hosts a secondary zone is known as a secondary name server (slave).
Multiple zone files can be stored and managed by a DNS server, and they can be a mix of primary and secondary zones.
Pomona Sprout, in our analogy, could have a copy of Team Gryffindor‘s list in case Minerva McGonagall goes on vacation. As a direct consequence, a DNS server can serve as both a primary and secondary name server. Primary and secondary name servers are both considered as authoritative for a domain.
We hope you have understood everything we have talked up to this point.
