A DNS zone is a portion of the global Domain Name System (DNS) namespace for which administrative responsibility has been delegated.

Definition

The DNS namespace is defined by RFC 1034, "Domain Names - Concepts and Facilities" and RFC 1035, "Domain Names - Implementation and Specification". It is divided in hierarchical tree-like fashion into cascading lower-level domains that are ordered as a reverse-prioritized concatenation of names, each level separated by a full stop and descending in priority written from right to left, e.g., sub-b.sub-a.example.com.

Administratively, each level or node in the hierarchy represents a potential boundary of authority for management of the name space. The authority over every level in every branch of the name space tree is delegated to a legal entity or organization, such as a top-level country's domain registry, or a company or individual registered to use a given sub-domain in the system. These administrative spaces or portions of the domain name system are termed DNS zones. DNS zones may consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager. Each manager may further delegate authority over a sub-space of its delegation to other parties.

The most tangible expression of a DNS zone are the database elements that are used to technically administer a zone in a DNS management software system. Traditionally, each zone was stored in a separate database file, the Zone file, containing specification for host addressing, name aliasing, electronic mail routing, backup server systems, geographic location, administrative contacts, and many other pieces of information (cf. List of DNS record types), with an extensible design that has scaled well with the growth of the Internet.

The root zone and top-level domains

At its top level, the global domain name system consists of a single DNS zone, the root zone. This zone is unnamed and represented in the hierarchy by a full stop (period, "."). Currently, the root zone is administered by a set of 13 root nameserver clusters (as of June 2008) distributed throughout the world. The root zone contains all top-level international, ISO country-code, and generic domains, as well as zones used for Internet infrastructure purposes (.arpa). Delegation is handed down to governments and various organizations that administer these top-level domains (TLDs) like '.com', '.net', '.org'.

Second-level domains

Many top-level registries open up their name spaces to the public or to entities with mandated geographic or otherwise scoped purpose for registration of second-level domains. Each one of these registrations obligates the registrant to maintain an administrative and technical infrastructure to manage the responsibility for its zone, including sub-delegation to lower-level domains. Each delegation confers essentially unrestricted autonomy over the allocated space. As each zone is further divided into sub-domains, each becoming a DNS zone itself with its own set of administrators and DNS servers, the tree grows with the largest number of leaf nodes at the bottom. At this lowest level, in the end-nodes or leafs of the tree, the term DNS zone becomes essentially synonymous, both in terms of use and administration, with the term domain. The term domain is used in the business functions of the entity assigned to it and the term zone is usually used for configuration of DNS services.

'Forward' DNS zones

The so far mentioned DNS zones are all used for the mapping of humanly-practical, name-based domains to mostly numerically identified Internet resources. Such domain name resolution is also referred to as forward resolution and the DNS zones associated with such process are often referred to as forward zones.

The term arose as the opposite of 'reverse' zones, used for the reverse process, namely the process of finding the DNS name associated with an IP address, for example. Such 'reverse' zones are maintained in the Internet 'Address and Routing Parameter Area' (.arpa).

Another common use of the term 'forward' zone refers to a specific configuration of DNS name servers, particularly caching name servers, in which resolution of a domain name is "forwarded" to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.

Internet infrastructure DNS zones and 'reverse' zones

The .arpa top-level domain serves as a delegation zone for various technical infrastructure aspects of DNS and the Internet and does not follow the well-known registration and delegation system of the country and generic domains. .arpa is a remnant of the ARPANET, one of the predecessors of today's Internet. Intended as a transition aid to the modern DNS system, deleting it later was found to be impractical. It is now officially the acronym for 'Address and Routing Parameter Area'. It contains sub-zones used for reverse resolution of IP addresses to host names (IPv4: in-addr.arpa, IPv6: ip6.arpa), telephone number mapping (ENUM, e164.arpa), and uniform resource identifier resolution (uri.arpa, urn.arpa). Although the administrative structure of this domain and its sub-domains is different, the technical delegation into zones of responsibility is similar and the DNS tools and servers used are identical. Sub-zones are delegated by components of the respective resources. For example, 8.8.2.5.5.2.2.0.0.8.1.e164.arpa., which might represent an E.164 telephone number in the DNS ENUM system, might be sub-delegated at suitable boundaries of the name. Examples of IP addresses in the 'reverse' DNS zone are: 166.188.77.208.in-addr.arpa, resolving back to the domain name 'www.example.com'. In the case of IP addresses, the reverse zones are always delegated to the Internet service provider (ISP) to which the IP address block is assigned. When an ISP allocates a range to a customer, it usually also delegates the management of that space to the customer by insertion of name server resource records (pointing to the customers DNS facilities) into their zone. Notably, however, many ISPs serving individual end-users, such as homes or small businesses with only one IP address do not do so.

Example of DNS zone authority in DNS queries

Let's have a look at "en.wikipedia.org." as an example. We shall take on the role of a DNS client, and attempt to read this hostname. This is a recursive process, reading the domain from right to left. At each step of the process we will know what the previous zone was, and figure out the zone we must query to find the next zone we need to enter. Finally we will reach the zone that can actually give us an IP address for the hostname.

Note: This demonstrates the recursive method of DNS resolution, by which we will highlight the DNS zones we cross in order to resolve a hostname into an IP address.

Step 1

• The DNS resolution process begins with the root zone, indicated by the Full stop or Period ("."). This zone contains all top-level domains of the Internet.
• Current Zone: "."
• We read the token "org" from "en.wikipedia.org."
• Since we are in the Root zone, we know that we must query the table of Top Level Domains (TLDs) to find out who controls the TLD ".org".
• For the sake of simplicity, let's say that we find that ".org." is administered by the name server "a.root-nameserver.net."
• Next Zone: ".org."

We have entered the .org zone.

Step 2

• Current Zone: ".org."
• We read the token "wikipedia" from "en.wikipedia.org."
• We are in the ".org." zone, and we know that this zone is administered by the name server "a.root-nameserver.net.", so we execute a DNS query to find out who is responsible for the zone "wikipedia.org." and find out that it is controlled by several servers, the first of which is "ns1.wikimedia.org."

We have entered the wikipedia.org zone.

Step 3

• Current Zone: "wikipedia.org."
• We read the token "en" from "en.wikipedia.org."
• We are in the "wikipedia.org." zone, and we know this zone is controlled by (among others) "ns1.wikimedia.org.", so we execute a DNS query to find out about "en.wikipedia.org.", and discover that it has an address record for the IPv4 address for that hostname. The IP address is 91.198.174.2.

We have resolved the hostname "en.wikipedia.org." into the IP address 91.198.174.2.

See also

• Zone file

de:Zone (DNS)