Connected: An Internet Encyclopedia
Zones

Up: Connected: An Internet Encyclopedia
Up: Programmed Instruction Course
Up: Section 2 - Domain Naming
Prev: Dig II
Next: The in-addr.arpa Domain

Zones

Zones One of most confusing aspects of DNS is its subdivision of the naming tree into Zones of Authority. It's really not that difficult to understand. The top node of each zone has an SOA (Start of Authority) resource record, along with NS (Name Server) records to identify its name servers. The parent zone also has the same set of NS records to identify servers for the sub zone. All of these resource records have the same domain name - the top name of the zone. The parent zone may also need address (A) records for the sub zone's name servers.

Now read what RFC 1034 says about zone division, then read both the subsections. The discussion of class division is largely irrelevant - the Internet Class is the only one we're really interested in.


The domain database is partitioned in two ways: by class, and by "cuts" made in the name space between nodes.

The class partition is simple. The database for any class is organized, delegated, and maintained separately from all other classes. Since, by convention, the name spaces are the same for all classes, the separate classes can be thought of as an array of parallel namespace trees. Note that the data attached to nodes will be different for these different parallel classes. The most common reasons for creating a new class are the necessity for a new data format for existing types or a desire for a separately managed version of the existing name space.

Within a class, "cuts" in the name space can be made between any two adjacent nodes. After all cuts are made, each group of connected name space is a separate zone. The zone is said to be authoritative for all names in the connected region. Note that the "cuts" in the name space may be in different places for different classes, the name servers may be different, etc.

These rules mean that every zone has at least one node, and hence domain name, for which it is authoritative, and all of the nodes in a particular zone are connected. Given, the tree structure, every zone has a highest node which is closer to the root than any other node in the zone. The name of this node is often used to identify the zone.

It would be possible, though not particularly useful, to partition the name space so that each domain name was in a separate zone or so that all nodes were in a single zone. Instead, the database is partitioned at points where a particular organization wants to take over control of a subtree. Once an organization controls its own zone it can unilaterally change the data in the zone, grow new tree sections connected to the zone, delete existing nodes, or delegate new subzones under its zone.

If the organization has substructure, it may want to make further internal partitions to achieve nested delegations of name space control. In some cases, such divisions are made purely to make database maintenance more convenient.


Next: The in-addr.arpa Domain

Connected: An Internet Encyclopedia
Zones