What is Zone File?
A zone file is a plain-text file that contains all DNS resource records for a single domain zone, following the master file format defined in RFC 1035.
A zone file is a text file stored on an authoritative DNS server. It lists every DNS resource record for a particular zone. A zone is a distinct part of the domain namespace, such as example.com. The file follows the master file format specified in RFC 1035. This format uses a series of directives and resource record definitions. Each record maps a domain name to a type of data, such as an IP address for an A record or a mail server for an MX record.
The file typically starts with optional directives for default time-to-live (TTL) and the Start of Authority (SOA) record. The SOA record holds administrative metadata. After the SOA, other records follow, including NS records for name servers, A and AAAA records for addresses, CNAME records for aliases, and TXT records for arbitrary text. Each record line contains fields for name, TTL, class (almost always IN for Internet), record type, and record-specific data. Semicolons denote comments. The $ORIGIN directive sets a base domain name, allowing shorthand relative names.
Zone files are loaded by a DNS nameserver, either BIND, Knot, PowerDNS, or another implementation. Operators edit the file manually or through a management tool, then signal the server to reload the zone. A secondary server may transfer the zone file from a primary server using a zone transfer (AXFR/IXFR). The zone file format is universal across most DNS software, though some servers use alternative database backends behind the scenes.
Key facts
- Defined in RFC 1035 Section 5 as the master file format.
- Each zone file corresponds to exactly one DNS zone.
- Starts with an SOA record containing zone metadata and TTL defaults.
- Uses semicolons for comments and parentheses for multiline records.
- Loaded by an authoritative nameserver and served to recursive resolvers.
How it works in practice
Related terms
References
More in DNS
A Record
A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.
AAAA Record
A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.
Authoritative DNS
An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.
CAA Record
A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.
CNAME Record
A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.
DNS
The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.
DNS Anycast
DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.
DNS Caching
DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.
DNS Hijacking
DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.
DNSSEC
DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.