What is a DNS Zone: All You Need to Know About?

If you own a website or have ever worked on developing one, you might have come across the term DNS zone. It is an important portion of the Domain Name System (aka DNS) within a namespace. A DNS zone is specified by particular entities, i.e., an organization or administrator. In this article, you’ll learn what a DNS zone is, how it works, and much more.

What Actually is a DNS Zone?

A DNS zone, as mentioned earlier, is a particular entity inside the namespace of a DNS. This entity is used to provide precise control to an administrator or an organization responsible for managing things like DNS records, subdomains, server settings, TTL, etc. 

DNS zones are meant to split up the authoritative control of various segments under a namespace. Why so? Well, to provide more precise control to the authoritative entity. 

Let us simplify this for you with an example. 

Suppose you have a domain “whatsmydns.me.” The DNS zone for this domain typically includes all subdomains such as “www.whatsmydns.me” and “email.whatsmydns.me.” 

These subdomains will be managed as DNS records within the same zone (each separately) unless you delegate their control to another server name. That subdomain will become a separate DNS zone and be managed independently if delegated. 

Types of DNS Zones

 Below discussed are the five major types of DNS zones. 

• Primary DNS Zone

The primary DNS zone is a read and write copy, having all the DNS records stored in a primary file. Only one such file can be stored on a server at a time. Plus, if an update is required, you have to do it in the primary zone file and then copy it into the secondary zones. 

• Secondary DNS Zone

A secondary DNS zone is a read-only copy of the primary zone. It has a synchronized copy of DNS records in primary servers while using transfer protocols, i.e., AXFR (for full transfers) or IXFR (for incremental updates). 

The primary purpose of the secondary zone is to ensure that the queries are resolved consistently in case the primary server becomes unavailable. DNS resolvers can query any name server listed in a domain’s NS records. 

• Forward Lookup Zone

This one is the zone that is meant for translating domain names into IP addresses. When a DNS query for a domain name is received, the A or AAAA mapping records in the forward lookup zone are consulted. They help in finding the right corresponding IP address for that particular query. 

• Reverse Lookup Zone

Reverse lookup zones, think of them as a counterpoint to forward lookup zones. Using the pointer records aka PTR, they map an IP address back to its domain name. 

• Stub Zone

This is the zone that only contains the documents needed by a system to identify the authoritative name servers of a particular zone. It is usually considered a lightweight DNS zone and includes only three record types:

• NS (name server)
• A/AAAA (glue records)
• SOA (start of authority)

DNS servers use the stub zone to maintain an updated list of authoritative servers for delegated zones. Stub zones benefit large or segmented networks; they help forward DNS queries efficiently without relying on full recursion.

How Does a DNS Zone Work?

The working principle of DNS zones is very simple. When a user enters a domain like “example.com” in their browser, the device sends a DNS query to a recursive DNS resolver (often provided by the user’s ISP or a public DNS provider). 

The resolver then begins a hierarchical resolution process:

• First: Queries a root name server to find which name server is responsible for the top-level domain, i.e., “.com”.
• Second: Resolver queries the TLD name server to learn which name servers are authoritative for the domain entered. 

• Third: Resolver queries one of the authoritative name servers to obtain the IP address of the requested resource, e.g., “www.example.com”. 

The IP address they provide will be used to create a connection between the user device and the hosting server of the website they searched for. 

What is a DNS Zone File?

It is a plain text file, each separate for a particular zone on DNS servers, having all the records for the domains under it. Every single line in this file is meant to represent a resource record. Resource records are those that ensure that DNS is redirecting users to the correct server upon initiating a query. 

Key Elements

DNS zone files basically have two key components, i.e., Start of Authority (SOA) record and Time to Live (TTL) record. 

• SOA records include crucial information such as the primary DNS server and the contact information of the zone administrator. 
• TTL helps in ensuring that the system remains updated by telling how long the DNS records were stored before they are refreshed. 

Types of Records in a DNS Zone File

A DNS zone file contains multiple types of records. Some of them are discussed inside the table below. 

Benefits of DNS Zones

DNS zones offer multiple benefits, including:

• Decentralization: You can protect your servers from being overwhelmed by distributing the administrative workload into DNS zones. 
• Speed: When DNS zones are created, the number of hops that are needed to resolve domain names is also reduced, ultimately improving data retrieval speed.
• Traffic Distribution: DNS zones let you customize the settings for balancing traffic loads. It helps in reducing the load of internet traffic coming across different servers. 

How a DNS Zone is Delegated?

DNS zone delegation is a process in which larger zones are divided into smaller ones. These smaller zones are further assigned to different servers. This helps in handling localized DNS queries more efficiently. As the load on the DNS structure is reduced, you will get better performance. 

But how to delegate DNS zones? 

To delegate DNS zones, as an administrator of a subdomain, you have to create an NS record. These records will assign responsibility for handling subdomain queries to the authoritative servers.

Let us simplify this for you with an example. 

Suppose you have a domain “whatsmydns.me” and you want to delegate a DNS zone for the subdomain “it.yourdomain.com”. For this, you have to add an NS to the zone file of “yourdomain.com”. 

Doing this will give the authority of handling DNS queries of the subdomain to the zone file governing the “it” subdomain. 

Changes in DNS Zones

Changes refer to any sort of modification, i.e., adding a new record, altering, or deleting the existing record in the DNS zone file of a particular domain. 

Tracking these changes from time to time is very crucial, as a minor change can lead to serious consequences. Here we would like to give you the example of Facebook. 

In 2021, a Facebook outage occurred because of a change in the IP addresses of DNS servers. The platform remained inaccessible for almost seven hours, and the traffic was being diverted to another unauthorized platform. This change in DNS server costs Facebook $60 to $100 million in revenue loss. 

That is why it is necessary to track changes in DNS zone files from time to time. To track these changes, enable zone change notifications (ZCN) so that whenever a change is made to a zone, other DNS servers will get notified. 

Besides ZCN, using external monitoring services and conducting DNS query analysis can also be beneficial. 

Common Issues in DNS Zone

So far, you might have gotten the idea that managing a DNS zone is like maintaining the backbone of a domain. A single issue in configuration can cause severe problems such as email failure, increased downtime, or a broken website. 

Two common issues faced by those managing a DNS zone are discussed below. 

• Propagation Delays

When a change is made to the DNS Zone file of a domain, they are applied immediately on the authoritative name servers. However, users worldwide might not see the updates right away due to DNS caching.

DNS resolvers (such as those used by ISPs or browsers) store previously resolved records for a specific duration. This duration is defined by the Time to Live (TTL) value associated with each record.

Until the TTL expires, these resolvers may continue serving the old (cached) record, which leads to the common perception of a “propagation delay.”

Depending on the TTL, the propagation usually takes time between a few minutes and 48 hours. But how do you know whether it is propagated or not?

A simple way to do that is to run the domain through a DNS checker tool. It will help you find out how your domain is resolving across different servers around the globe. 

• Misconfiguration

By misconfiguration, we mean a typo error while entering the values in DNS records. Know that a single typing error can make your website, email, or any other subdomain unavailable. Besides this, there are also some other mistakes that lead to severe issues, including:

• Pointing an A record to the wrong IP
• Forgetting a trailing dot in CNAME targets
• Setting the wrong priority in MX records
• Duplicate or conflicting entries

To avoid this, always double-check your DNS zone files or DNS dashboard. A better and recommended way is to run tests using the DNS lookup tool from time to time. 

How Does a DNS Zone Differ from a DNS Server?

DNS zones are often mistaken for a single DNS server or sometimes for a domain name. Know that a single DNS zone can contain many subdomains, and multiple such zones can exist on a server. 

Moreover, specified entities can manage DNS zones, containing the record that links a domain to an IP address and other resources. Meanwhile, the DNS server is like a physical machine or software on which such records are stored. 

Why are they Created Separately? 

DNS zones are created by specifying the subdomain you want to delegate. To do this, you must create an NS record that points to the domain name of the DNS server responsible for the subdomain. 

In case the name server’s domain is part of the same parent zone, you have to create a corresponding “A” record to provide its IP address. This is necessary to ensure the resolvers can locate and contact the authoritative server for the subdomain.

Furthermore, you can also create an MX record, which will be used to specify the mail server for handling emails of that particular subdomain.

DNS namespaces are usually vast and have a complex structure. Managing them in bulk at a single place can be hectic. 

DNS zones are created separately, each on its authoritative name server, to make their management efficient and effective. This separation of zones allows for:

• Delegation of authority/control
• Granular management within their respective areas
• Streamlined DNS operations with less load on individual servers

Wrapping Up

DNS zones are the entities that are specified under a namespace to provide more authoritative control to administrators. They help in reducing the workload on a server. By creating multiple DNS zone files, you can distribute the workload across different DNS servers under a namespace.