Hetzner - DokuWiki
Example of a zone file using the Hetzner Standard Template
The following zone file has been compiled for the domain "grossefirma.de":
$TTL 86400 @ IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. ( 2000091604 ; Serial 14400 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum @ IN NS ns1.first-ns.de. @ IN NS robotns2.second-ns.de. @ IN NS robotns3.second-ns.com. localhost IN A 127.0.0.1 @ IN A 188.8.131.52 www IN A 184.108.40.206 mail IN A 220.127.116.11 loopback IN CNAME localhost pop IN CNAME www smtp IN CNAME www relay IN CNAME www imap IN CNAME www ftp 3600 IN CNAME ftp.anderedomain.de. @ IN MX 10 mail technik IN A 18.104.22.168 technik IN MX 10 technik @ IN TXT "v=spf1 mx -all"
$TTL 86400 @ IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. ( 2000091604 ; Serial 14400 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum
- The dns zone has a TTL (Time To Live) of 86400 seconds ($TTL 86400)
- The nameserver "ns1.first-ns.de" is responsible for the internet domain (the @ character is a placeholder for the domain "grossefirma.de" itself)
- The period at the end of "ns1.first-ns.de." prevents the primary nameserver from being called "ns1.first-ns.de.grossefirma.de"
- The email address for the Administrator is "email@example.com" (the first period is always replaced by the @ character)
- The zone file was last changed on 16.09.2000, this was the fourth change made on that day
- The secondary nameserver undertakes changes from the primary nameserver every four hours (TTL = 14,400 seconds; Time To Live).
- In the event of error, the secondary nameserver attempts synchronization again after 30 minutes (1800 seconds)
- Should the secondary nameserver not have created synchronization with the primary nameserver after 7 days (604800 seconds), it declares the domain invalid
- The entries are normally valid for 24 hours (86400 seconds), if no other value is defined
- Other nameservers remember "negative" answers, so requests for non-existant hosts are likewise 24 hours
@ IN NS ns1.first-ns.de. @ IN NS robotns2.second-ns.de. @ IN NS robotns3.second-ns.com.
- The "ns1.first-ns.de", "robotns2.second-ns.de" and "robotns3.second-ns.com" are responsible for the nameservers
- The period at the end of the lines here also prevents the search for "ns1.first-ns.de.grossefirma.de", which in this case would be nonsense
- IP addresses are not permitted in NS records (if an own nameserver is used, whose hostname should be "ns1.grossefirma.de": define the appropriate A record and specify Glue when registering the domain and register the nameserver) in advance with the Registrars.
localhost IN A 127.0.0.1 @ IN A 22.214.171.124 www IN A 126.96.36.199 mail IN A 188.8.131.52
- "localhost.grossefirma.de" is resolved as loopback address "127.0.0.1"
- Enquiries, for example in the web browser, for "grossefirma.de" (without "www.") are resolved to "184.108.40.206"
- "www.grossefirma.de" has the IP address "220.127.116.11"
- A host called "mail.grossefirma.de" exists, but it is not clear from this entry whether this is also the responsible mail server
loopback IN CNAME localhost pop IN CNAME www smtp IN CNAME www relay IN CNAME www imap IN CNAME www ftp 3600 IN CNAME ftp.anderedomain.de.
- "localhost.grossefirma.de" can also be controlled as "loopback.grossefirma.de"
- "www.grossefirma.de" has the following additional names "pop.grossefirma.de", "smtp.grossefirma.de", "relay.grossefirma.de" and "imap.grossefirma.de"
- "ftp.grossefirma.de" is forwarded as "ftp.anderedomain.de", as the period at the end prevents resolution to "ftp.anderedomain.de.grossefirma.de"
- "ftp.grossefirma.de" is valid for one hour only (3600 seconds), therefore changes to the entries become known relatively quickly to the nameservers on the world-wide Internet. Important: as long as the secondary nameserver still publishes the old values, this results in a delay in possible changes to the data, therefore the Refresh time should also be shortened in the SOA record
Note: if a subdomain already has a CNAME record, then no further record types can be set for this subdomain.
@ IN MX 10 mail
- There is only one mail server and this is "mail.grossefirma.de"
- IP addresses are not allowed for MX records
- CNAME's are not allowed in MX records, only as aliases for A records
- Further mail servers could be listed in an additional line, but this doesn't often make much sense
- With several mail servers, the one with the least priority (here 10) is given preference
technik IN A 18.104.22.168 technik IN MX 10 technik
- A "sub domain" is created within the zone file, however without being delegated to an external nameserver.
- The host "technik.grossefirma.de" is responsible for the sub domain "technik.grossefirma.de", which resolves to IP address 22.214.171.124.
@ IN TXT "v=spf1 mx -all"
- "grossefirma.de" has a TXT record "v=spf1 mx -all"
- This record type can be used for SPF (Sender Policy Framework)
Delegation of a subdomain to a new zone
As an alternative to the procedure described under "Sub domain", a delegation of subdomains to another DNS server is possible.
For example, a subdomain for the "technology" department of a large company needs to be setup for short-term internal tests. The DNS records of the subdomain need to be independent of the entries for the domain "grossefirma.de" (hosted at a large and possibly inflexible provider).
Preparing the main domain
In the zone file of the domain "grossefirma.de" the following entries are added:
technik IN NS ns.technik ns.technik IN A 126.96.36.199
This lets name server queries for, as an example, "www.technik.grossefirma.de" be passed on to "ns.technik.grossefirma.de". Since this host name should be resolved even by this same name server in the parent domain a "glue record" is entered: ns.technik.grossefirma.de -> 188.8.131.52.
Configuring the Zone File for the new Subdomain
On the new name server a zone file needs to be created for the new subdomain:
@ 86400 IN SOA ns1 admin ( 2000091604 ; Serial 14400 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum @ IN NS ns.technik ns IN A 184.108.40.206 @ IN MX 10 mail mail IN A 220.127.116.11 www IN A 18.104.22.168
The administrator has the email address "firstname.lastname@example.org".
- The primary name server has the hostname "ns.technik.grossefirma.de".
- It is the only name server (there are no secondary name servers).
- It has the IP address "22.214.171.124".
- A host "mail.technik.grossefirma.de" with the IP address of "126.96.36.199" exists and is also responsible for the receipt of the subdomain mail.
- There is another host named "www.technik.grossefirma.de" which resolves to "188.8.131.52".