BIND Zone File Examples
Small, valid examples using reserved DNS names and address ranges
The examples below use example.test, IPv4 addresses from 192.0.2.0/24, and IPv6 addresses from 2001:db8::/32. These ranges are reserved for documentation and should be replaced with your real domain names and addresses before use.
Minimal Authoritative Zone
This is close to the smallest practical forward zone: one SOA record, one NS record, an address for the nameserver, and an apex A record.
$TTL 3600
@ IN SOA ns1.example.test. hostmaster.example.test. (
2026051501 ; serial
7200 ; refresh
3600 ; retry
1209600 ; expire
3600 ; negative cache ttl
)
@ IN NS ns1.example.test.
ns1 IN A 192.0.2.10
@ IN A 192.0.2.20Web and Mail Zone
This example adds common web, mail, policy, certificate, and service discovery records while keeping all names inside the same zone.
$TTL 3600
@ IN SOA ns1.example.test. hostmaster.example.test. (
2026051502 ; serial
7200 ; refresh
3600 ; retry
1209600 ; expire
3600 ; negative cache ttl
)
; Nameservers
@ IN NS ns1.example.test.
@ IN NS ns2.example.test.
ns1 IN A 192.0.2.10
ns2 IN A 192.0.2.11
; Web
@ IN A 192.0.2.20
@ IN AAAA 2001:db8::20
www IN CNAME example.test.
api IN A 192.0.2.21
; Mail
@ IN MX 10 mail.example.test.
mail IN A 192.0.2.30
@ IN TXT "v=spf1 mx -all"
_dmarc IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
; Certificate policy
@ IN CAA 0 issue "letsencrypt.org"
; Service discovery
_sip._tcp IN SRV 10 60 5060 sip.example.test.
sip IN A 192.0.2.40Adapting the Examples
- Replace
example.testwith your zone origin and keep trailing dots on fully qualified target names. - Replace documentation addresses with real IPv4 and IPv6 addresses.
- Increment the SOA serial every time you change the zone.
- Remove records you do not operate, such as MX, CAA, SRV, or IPv6 records.
- Validate the complete zone after every edit, not just the changed line.
Try the examples. Paste either zone into the validator with example.test as the FQDN.