System Administration: Another Step toward the BIND - V

by Tom Adelstein

OK, we had an extended breather from our last look at BIND's zone file It's time to finish up and get a sense of what these records mean.

To go off-topic a little, recently, I had the task of setting up two OpenLDAP servers and putting together a test environment for a project with several developers and several applications including some LAMP applications. Without a working knowledge of DNS, the project would have gone amuck.

So, I take DNS seriously and consider it an essential skill set for Linux system administrators. If you're on the path or have the goal of functioning on the server side of the house, get to know this area.

Now, back to the program.

MX Records

The records designate how one receives email in a domain from other mail transfer agents (MTAs). To receive email on, we list the mail exchanger(s) for the domain. This is done with a MX record:

                   MX 10

This record says that emails for should be delivered to (which is the mailserver for the domain) with a priority of 10. You can list more than one mail exchanger:

                   MX 10
                   MX 20

Now if mail goes to, the originating MTA attempts to connect to since the DNS directory denotes its priority of 10.

If cannot be reached (for whatever reason), then the originating MTA will use the next server Notice that it has a priority of 20. This may not seem intuitive but the higher the number to the right of the MX record, the lower priority that server receives. In this case, 10 is higher than 20.

Until now we have defined MX records for email addressed to Let's say we want to route email to different departments in a company or sections within a governmental agency. We can do that by adding a subdomain to the mail records. would simply require another mx record:        MX 10

Note the '.' at the end of If you do not add the period, then the origin of the zone is appended to the name. For example, if you wrote         MX 10

without a '.', this would transform to

A Records

Up to now we have used the domain names,, and, but we did not specify the IP addresses to which these names should map. We use A records to accomplish the mapping. Many observers consider them the most important DNS records; since you can use them to create host addresses such as where www is the host.

Let's create our first A record:   A

This means that has the IP address

Remember to use the period.

Now in a browser you are used to typing instead of, aren't you? is technically totally different from, but obviously you expect to see the same web site for both. Therefore we create this record:

www                A

which is the same as   A

Finally we specify and

server1            A
server2            A points to a different IP address which makes sense because it is our secondary nameserver which should be on a different system in case our primary nameserver goes down.

The Bootstrapping Problem -Glue Records

You might wonder how and can be used to look up records for if they are in the zone that is to be looked up. When the TLD servers for org tell us the name servers for, they normally give us a name instead of an IP address ( instead of

For situations where the authoritative DNS servers exist in the zone looked up, a glue record exists on the TLD server that maps a name to an IP address (in our case to, and the TLD servers deliver the IP address instead of the name of the name server. So I don't have to find you before I can ask where you are.

CNAME Records

CNAME is short for "canonical name", you can think of it as an alias to an A record. For example,

ftp                CNAME www

means, is an alias for, so points to the same machine as You may encounter situations, especially downloading Linux packages, where the repository looks like This allows someone to reach an ftp site with a browser and download files. CNAMEs permit you to accomplish this.

A CNAME must always point to an A record; not to another CNAME. In addition to that, you must not use CNAME records for MX and SOA records. For example, MX 10 ftp is not allowed.

The use of CNAMEs has pros and cons. Many DNS specialists consider CNAMEs deprecated. Still you might find that CNAME records have some usefulness. For example, if your DNS directory contains many names written as A records, which point to the same IP address.

If you move to another hosting service using different IP address, you would have to update every A record. If you had just one A record and all your other records used CNAMEs, you'd just have to update one A record. So, we still consider that they have a place in the DNS hierarchy.

TXT Records

TXT records give you the ability to assign text to a zone. People primarily use TXT with SPF (Sender Policy Framework) records. Administrators use SPFs to control email from initiating MTAs.

Technically, you can send email from any machine, but the larger email providers such as Yahoo or Hotmail now rely heavily on SPF records to make sure the sending domain has an SPF record. If email arrives from a machine that is not listed in the SPF record, then an MTA could classify you mail as spam.

A wizard exists for creating SPF records at We used this wizard to create an SPF record for, and added it to our zone file:                  TXT "v=spf1 a mx ~all"          TXT "v=spf1 a -all"

Putting It All Together

Now let's look at our zone file It has changed from the first iteration you read earlier. Notice that we added a CNAME and SPF files.

@ IN SOA root.localhost. (
                        2006012103; serial
                        28800; refresh, seconds
                        7200; retry, seconds
                        604800; expire, seconds
                        86400 ); minimum, seconds

                   NS ;

                   MX 10

;   A
www                A
server1            A
server2            A
ftp                CNAME www                  TXT "v=spf1 a mx ~all"          TXT "v=spf1 a -all