Domain Naming System, DNS Zones, Records, NameSpace

Article Index

DNS (DomainNameSystemorServiceorServer), anInternetservice that translatesdomain namesinto IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based onIP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain namewww.example.commight translate to198.105.232.4.

TheDomain Name System(DNS) is a hierarchical naming system built on adistributed databasefor computers, services, or any resource connected to the Internetor aprivate network. Most importantly, it translates domain names meaningful tohumansinto the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

Domain Name System is used to map IP address to host name and host name to IP Address. It organizes the name in hierarchical order. The root domain is repressed by a dot (.) or a Full Qualify Domain Name (FQDN) is identified by a dot in the last.

Type Value (decimal) Defining RFC Description Function
A 1 RFC 1035 address record Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but also used for DNSBLs, storing subnet masks in RFC 1101, etc.
AAAA 28 RFC 3596 IPv6 address record Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
AFSDB 18 RFC 1183 AFS database record Location of database servers of an AFS cell. This record is commonly used by AFS clients to contact AFS cells outside their local domain. A subtype of this record is used by the obsolete DCE/DFS file system.
APL 42 RFC 3123 Address Prefix List Specify lists of address ranges, e.g. in CIDR format, for various address families. Experimental.
CERT 37 RFC 4398 Certificate record Stores PKIX, SPKI, PGP, etc.
CNAME 5 RFC 1035 Canonical name record Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
DHCID 49 RFC 4701 DHCP identifier Used in conjunction with the FQDN option to DHCP
DLV 32769 RFC 4431 DNSSEC Look aside Validation record For publishing DNSSEC trust anchors outside of the DNS delegation chain. Uses the same format as the DS record. RFC 5074 describes a way of using these records.
DNAME 39 RFC 2672 delegation name DNAME creates an alias for a name and all its subnames, unlike CNAME, which aliases only the exact name in its label. Like the CNAME record, the DNS lookup will continue by retrying the lookup with the new name.
DNSKEY 48 RFC 4034 DNS Key record The key record used in DNSSEC. Uses the same format as the KEY record.
DS 43 RFC 4034 Delegation signer The record used to identify the DNSSEC signing key of a delegated zone
HIP 55 RFC 5205 Host Identity Protocol Method of separating the end-point identifier and locator roles of IP addresses.
IPSECKEY 45 RFC 4025 IPSEC Key Key record that can be used with IPSEC
KEY 25 RFC 2535 & RFC 2930 key record Used only for SIG (0) (RFC 2931) and TKEY (RFC 2930). RFC 3445 eliminated their use for application keys and limited their use to DNSSEC. RFC 3755 designates DNSKEY as the replacement within DNSSEC.
KX 36 RFC 2230 Key exchanger record Used with some cryptographic systems (not including DNSSEC) to identify a key management agent for the associated domain-name. Note that this has nothing to do with DNS Security. It is Informational status, rather than being on the IETF standards-track. It has always had limited deployment, but is still in use.
LOC 29 RFC 1876 Location record Specifies a geographical location associated with a domain name
MX 15 RFC 1035 mail exchange record Maps a domain name to a list of message transfer agents for that domain
NAPTR 35 RFC 3403 Naming Authority Pointer Allows regular expression based rewriting of domain names which can then be used as URIs, further domain names to lookups, etc.
NS 2 RFC 1035 name server record Delegates a DNS zone to use the given authoritative name servers
NSEC 47 RFC 4034 Next-Secure record Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.
NSEC3 50 RFC 5155 NSEC record version 3 An extension to DNSSEC that allows proof of nonexistence for a name without permitting zone walking
NSEC3PARAM 51 RFC 5155 NSEC3 parameters Parameter record for use with NSEC3
PTR 12 RFC 1035 pointer record Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
RRSIG 46 RFC 4034 DNSSEC signature Signature for a DNSSEC-secured record set. Uses the same format as the SIG record.
RP 17 RFC 1183 Responsible person Information about the responsible person(s) for the domain. Usually an email address with the @ replaced by a .
SIG 24 RFC 2535 Signature Signature record used in SIG (0) (RFC 2931) and TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for use within DNSSEC.
SOA 6 RFC 1035 start of authority record Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
SPF 99 RFC 4408 Sender Policy Framework Specified as part of the SPF protocol in preference to the earlier provisional practice of storing SPF data in TXT records. Uses the same format as the earlier TXT record.
SRV 33 RFC 2782 Service locator Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SSHFP 44 RFC 4255 SSH Public Key Fingerprint Resource record for publishing SSH public host key fingerprints in the DNS System, in order to aid in verifying the authenticity of the host.
TA 32768 N/A DNSSEC Trust Authorities Part of a deployment proposal for DNSSEC without a signed DNS root. See the IANA database and Weiler Spec for details. Uses the same format as the DS record.
TKEY 249 RFC 2930 secret key record A method of providing keying material to be used with TSIG that is encrypted under the public key in an accompanying KEY RR.
TSIG 250 RFC 2845 Transaction Signature Can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server similar to DNSSEC.
TXT 16 RFC 1035 Text record Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework (although this provisional use of TXT records is deprecated in favor of SPF records), Domain Keys, DNS-SD, etc.


DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the Web Servers that serve the website or to Email servers that handle the incoming email.

DNS Records Types:-

ThisList of DNS record typesprovides an overview of types ofresource records(database records) stored in thezone filesof theDomain Name System(DNS). The DNS implements a distributed, hierarchical, and redundant database for information associated with Internetdomain namesand addresses. In these domain servers, different record types are used for different purposes.

The below DNS records are mostly used in all DNS Configurations. Now we will see each one with examples.


DNS works in a client/server fashion. DNS servers respond to requests from DNS clients calledresolvers.ISPsand other organizations set up local DNS resolvers as well as servers. Most DNS servers also act as resolvers, routing requests up the tree to higher-level DNS servers, and also delegating requests to other servers. DNS servers eventually return the requested mapping (either address-to-name or name-to-address) to the resolver.

Name Space

The domain name space consists of atreeof domain names. Each node or leaf in the tree has zero or moreresource records, which hold information associated with the domain name. The tree sub-divides intozonesbeginning at theroot zone. ADNS zonemay consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager.

DNS is the name service provided by the Internet for TCP/IPnetworks. DNS is broken up intodomains, a logical organization of computers that exist in a largernetwork. The domains exist at different levels and connect in ahierarchythat resembles the root structure of a tree.



The right to use a domain name is delegated bydomain name registrarswhich are accredited by theInternet Corporation for Assigned Names and Numbers (ICANN), the organization charged with overseeing the name and number systems of the Internet. In addition to ICANN, each top-level domain (TLD) is maintained and serviced technically by an administrative organization, operating a registry. ICANNpublishes the complete list of TLD registries and domain name registrars. Registrant information associated with domain names is maintained in an online database accessible with theWHOISservice. For most of the more than 240country code top-level domains(ccTLDs), the domain registries maintain the WHOIS (Registrant, name servers, expiration dates, etc.)


Zones are name space area represented by a FQDN in other words information about records of the resource within your DNS domain in stored in a zone file and this zone file exists on the hard drive of one of your name space server. General there is two types: - (1) Forward lookup zone (2) Reverse lookup zone.

Zone categories

Zone in divided in three categories

  1. Primary Zone: - A primary zone server is the master server of that zone. It includes all the records.
  2. Secondary Zone: -This are called backup zone server and contains the copiers of master sever records.
  3. Stub Zone: -Stub zone one mini zone that contains few records that host for master zone. It is similar to the secondary zone but it contains only following records.
  • SOA (Start Of Authority) Record
  • NS (Name Space) Record
  • Host (A) Records


It is process of Transferring authority a zone from one server to another server.

Likewise, an organization administering a domain can divide it into sub domains. Each of those sub domains can bedelegatedto other organizations. This means that an organization becomes responsible for maintaining all the data in that sub domain. It can freely change the data, and even divide up its sub domain into more sub domains and delegate those. Theparent domain retains only pointers to sources of the sub domain's data so that it can refer queries there.