DNS zone

DNS zone

A DNS zone is a portion of the global Domain Name System (DNS) namespace for which administrative responsibility has been delegated.

Contents

Definition

The DNS namespace is defined by RFC 1034, "Domain Names - Concepts and Facilities" and RFC 1035, "Domain Names - Implementation and Specification". It is divided in hierarchical tree-like fashion into cascading lower-level domains that are ordered as a reverse-prioritized concatenation of names, each level separated by a full stop and descending in priority written from right to left, e.g., sub-b.sub-a.example.com.

Administratively, each level or node in the hierarchy represents a potential boundary of authority for management of the name space. The authority over every level in every branch of the name space tree is delegated to a legal entity or organization, such as a top-level country's domain registry, or a company or individual registered to use a given sub-domain in the system. These administrative spaces or portions of the domain name system are termed "DNS zones". DNS zones may consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager. Each manager may further delegate authority over a sub-space of its delegation to other parties.

The most tangible expression of a DNS zone are the database elements that are used to technically administer a zone in a DNS management software system. Traditionally, each zone was stored in a separate database file, the zone file, containing specification for host addressing, name aliasing, electronic mail routing, backup server systems, geographic location, administrative contacts, and many other pieces of information (see list of DNS record types), with an extensible design that has scaled well with the growth of the Internet.

Second-level domains

Many top-level registries open up their name spaces to the public or to entities with mandated geographic or otherwise scoped purpose for registration of second-level domains. Each one of these registrations obligates the registrant to maintain an administrative and technical infrastructure to manage the responsibility for its zone, including sub-delegation to lower-level domains. Each delegation confers essentially unrestricted autonomy over the allocated space. As each zone is further divided into sub-domains, each becoming a DNS zone itself with its own set of administrators and DNS servers, the tree grows with the largest number of leaf nodes at the bottom. At this lowest level, in the end-nodes or leaves of the tree, the term "DNS zone" becomes essentially synonymous, both in terms of use and administration, with the term "domain". The term "domain" is used in the business functions of the entity assigned to it and the term "zone" is usually used for configuration of DNS services.

Stub Zones

Stub zones are a special type of zone introduced in Windows Server 2003 that only contain resource records for other DNS servers. In this way, they provide DNS redundancy while using less network bandwidth than a complete secondary zone. In other words, Stub Zones serve as a copy of the referred zone that just contains the records essential to identify the authoritative DNS servers for the referred zone.

Forward DNS zones

The aforementioned DNS zones are all used for the mapping of humanly-practical, name-based domains to mostly numerically identified Internet resources. Such domain name resolution is also referred to as forward resolution and the DNS zones associated with such process are often referred to as forward zones.

The term arose as the opposite of reverse zones, used for the reverse process, namely the process of finding the DNS name associated with an IP address, for example. Such reverse zones are maintained in the Internet Address and Routing Parameter Area (domain arpa).

Another common use of the term forward zone refers to a specific configuration of DNS name servers, particularly caching name servers, in which resolution of a domain name is forwarded to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.

Internet infrastructure DNS zones and reverse zones

The arpa top-level domain serves as a delegation zone for various technical infrastructure aspects of DNS and the Internet and does not follow the well-known registration and delegation system of the country and generic domains. The name arpa is a remnant of the ARPANET, one of the predecessor stages of today's Internet. Intended as a transition aid to the modern DNS system, deleting the arpa domain was later found to be impractical. It is now officially the acronym for Address and Routing Parameter Area. It contains sub-zones used for reverse resolution of IP addresses to host names (IPv4: in-addr.arpa, IPv6: ip6.arpa), telephone number mapping (ENUM, e164.arpa), and uniform resource identifier resolution (uri.arpa, urn.arpa). Although the administrative structure of this domain and its sub-domains is different, the technical delegation into zones of responsibility is similar and the DNS tools and servers used are identical to any other zone. Sub-zones are delegated by components of the respective resources. For example, 8.8.2.5.5.2.2.0.0.8.1.e164.arpa., which might represent an E.164 telephone number in the ENUM system, might be sub-delegated at suitable boundaries of the name. Examples of IP addresses in the reverse DNS zone are: 166.188.77.208.in-addr.arpa, resolving to the domain name www.example.com. In the case of IP addresses, the reverse zones are always delegated to the Internet service provider (ISP) to which the IP address block is assigned. When an ISP allocates a range to a customer, it usually also delegates the management of that space to the customer by insertion of name server resource records (pointing to the customers DNS facilities) into their zone. Notably, however, many ISPs serving individual end-users, such as homes or small businesses with only one IP address do not do so.

Example of zone authority in DNS queries

As an example of the DNS resolving process, consider the role of a recursive DNS resolver attempting to lookup the address "en.wikipedia.org.". It begins with a list of addresses for the most authoritative nameservers it knows about – the root zone nameservers (indicated by the full stop or period), which contains nameserver information for all top-level domains of the Internet.

When querying one of the root nameservers it is possible that the root zone will not directly contain a record for "en.wikipedia.org.", in which case it will provide a referral to the authoritative nameservers for the "org." top level domain (TLD). The resolver is issued a referral to the authoritative nameservers for the "org." zone, which it will contact for more specific information. Again when querying one of the "org." nameservers, the resolver may be issued with another referral to the "wikipedia.org." zone, whereupon it will again query for "en.wikipedia.org.". Since (as of July 2010) "en.wikipedia.org." is a CNAME to "text.wikimedia.org." (which is in turn a CNAME to "text.esams.wikimedia.org."), and the "wikipedia.org." nameservers also happen to contain authoritative data for the "wikimedia.org." zone, the resolution of this particular query occurs entirely within the queried nameserver, and the resolver will receive the address record it requires with no further referrals.

If the last nameserver queried did not contain authoritative data for the target of the CNAME, it would have issued the resolver with yet another referral, this time to the "text.wikimedia.org." zone. However, since the resolver had previously determined the authoritative nameservers for the "org." zone, it would not need to begin the resolution process from scratch but instead start at the "org." zone, thus avoiding a query to the root nameservers again.

Note that there is no requirement that resolving should involve any referrals at all. Looking up "en.wikipedia.org." on the ICANN root nameservers will always result in referrals, but if an alternative DNS root is used which is set up to contain a record for "en.wikipedia.org.", then the record will be returned on the first query.

See also


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • DNS zone transfer — DNS zone transfer, also sometimes known by its (most common) opcode mnemonic AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to employ for replicating the databases containing the DNS data across… …   Wikipedia

  • Zone — may refer to:In geography: * One of five geographical zones of the earth: ** The torrid zone ** The north and south temperate zones ** The north and south frigid zones * Hardiness zone, in gardening and other agriculture a geographically defined… …   Wikipedia

  • DNS root zone — A DNS root zone is the top level DNS zone in a Domain Name System (DNS) hierarchy. Most commonly it refers to the root zone of the largest global DNS, deployed for the Internet. Ultimate authority over the DNS root zone rests with the US… …   Wikipedia

  • DNS-Server — Domain Name System (DNS) Familie: Internetprotokollfamilie Einsatzgebiet: Namensauflösung Ports: 53/UDP, 53/TCP DNS im TCP/IP‑Protokollstapel: Anwendung DNS Transport UD …   Deutsch Wikipedia

  • DNS Security Extensions — DNSSEC im TCP/IP‑Protokollstapel: Anwendung DNSSEC Transport UDP TCP Internet IP (IPv4, IPv6) Netzzugang …   Deutsch Wikipedia

  • DNS Server — Domain Name System (DNS) Familie: Internetprotokollfamilie Einsatzgebiet: Namensauflösung Ports: 53/UDP, 53/TCP DNS im TCP/IP‑Protokollstapel: Anwendung DNS Transport UD …   Deutsch Wikipedia

  • DNS Root Nameserver — globale Anycast Instanz des K Root Servers im AMS IX Root Nameserver, oft auch nur Root Server genannt, publizieren verlässlich die Root Zone des Domain Name Systems (DNS) im Internet. Diese Datei besteht aus ca. 2.500 Einträgen und ist die… …   Deutsch Wikipedia

  • Zone file — In computer networking, a zone file is a database element of the domain name system (DNS) originally used by the Berkeley Internet Name Domain (BIND) software package and other DNS server software. As such it has derived its definition from the… …   Wikipedia

  • DNS-Caching — DNS Cache von Windows 7, abgerufen mit ipconfig. Zu sehen sind der Eintrag wikipedia.de, der dazugehörige zuständige Nameserver, sowie der Negativeintrag wipieda.de DNS Caching hält das Ergebnis einer rekursiven DNS Namensauflösung eine Zeit lang …   Deutsch Wikipedia

  • DNS cache poisoning — is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server s cache database that did not originate from authoritative DNS sources. It may be a deliberate… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”