Skip to main content
IMHCloud Logo
Back to glossary

DNS Zone

A DNS zone is a distinct area of the Domain Name System that contains all DNS records for a specific domain or subdomain, managed by a single authoritative nameserver.

NetworkingInfrastructure

What is a DNS Zone?

A DNS zone is a database partition that stores all DNS records for a specific domain or subdomain. Think of it as a container that holds configuration data telling the internet how to find your website, mail servers, and other services associated with your domain. Each zone has one or more authoritative nameservers responsible for answering DNS queries within that zone.

A zone differs from a domain in an important way: a domain is a name (like example.com), while a zone is the actual collection of DNS records and settings that control how that domain works. You can have multiple zones for one domain (for example, one zone for example.com and another for mail.example.com).

Why DNS Zones Exist

DNS zones exist to organize the Domain Name System into manageable pieces. Without zones, maintaining billions of domain records on a single server would be impossible. Zones create a hierarchical structure where each zone handles only its relevant records, allowing different administrators to manage different parts of the domain namespace independently.

Zones also enable delegation. A parent zone can delegate authority to child zones (subdomains), allowing you to split responsibility. For example, your registrar might host your root zone (example.com), while your mail provider might host a separate zone for mail.example.com.

What Does a DNS Zone Actually Do?

  • Stores DNS records: Contains A, AAAA, CNAME, MX, TXT, and other record types for your domain
  • Answers queries: The authoritative nameserver for the zone responds to DNS lookups from internet users and systems
  • Routes traffic: Records in the zone direct web traffic, email, and other services to the correct servers
  • Enables delegation: Parent zones can point to nameservers managing child zones for subdomains
  • Provides redundancy: Multiple nameservers can host the same zone, ensuring DNS availability if one fails
  • Manages TTL: Controls how long DNS information is cached by other nameservers and clients

When Would I Use a DNS Zone?

You need a DNS zone whenever you register a domain and want to use it for any service. You'll set up a zone when you want to point your domain at a website, configure email delivery, enable CDN acceleration, or create subdomains for different services. If you're moving hosting providers, you'll manage your zone to update nameserver addresses or transfer zone records to a new provider.

Most registrars automatically create a basic zone for you when you buy a domain, but you'll need to actively manage it once you host services. If you're running a large organization with multiple departments, you might create separate zones for different subdomains so teams can manage their own DNS independently.

When Would I NOT Use a DNS Zone?

You don't need to create additional zones if all your services (website, email, subdomains) fit within a single zone under one authoritative nameserver. Avoid creating unnecessary zones because each zone requires active maintenance and monitoring of nameserver status.

You also shouldn't use zones as a security feature alone—DNS zones don't encrypt or hide your domain configuration (all DNS data is public by design). If you need advanced security features like DNSSEC signing or query privacy, you'll need additional measures beyond a basic zone.

Real-World Example

Company A registers the domain company-a.com and initially hosts everything on one server. They create a single DNS zone for company-a.com with records pointing their website, email, and FTP service to that server.

Six months later, Company A launches a separate app at api.company-a.com hosted on different infrastructure. Instead of adding all api records to their main zone, they create a new child zone for api.company-a.com and point it to a different authoritative nameserver managed by their app hosting provider. Now their web hosting provider manages the company-a.com zone, and the app provider manages the api.company-a.com zone independently.

When a user visits api.company-a.com, the DNS system first queries the nameservers for company-a.com, which responds with the nameserver addresses for the api.company-a.com zone. The second query goes to those nameservers, which return the actual IP address. This delegation is only possible because zones exist.

FAQ

Q: Does every domain need a DNS zone? A: Yes. Every domain must have at least one DNS zone with authoritative nameservers, even if it only contains a single A record pointing to a website. Your registrar usually creates this for you automatically.

Q: Can I have multiple zones for one domain? A: Yes. You can delegate subdomains to separate zones managed by different nameservers. For example, example.com and api.example.com can have separate zones with different authoritative servers.

Q: What happens if my zone's nameserver goes down? A: DNS queries to your zone will fail, making your domain unreachable. This is why zones should be hosted on at least two nameservers for redundancy, so if one fails, the other responds to queries.

Q: Can I move my zone to a different provider? A: Yes. You'll export your zone records from your current provider, import them into the new provider's zone, and update the nameserver addresses at your registrar to point to the new nameservers.

Q: Is DNS zone configuration the same as DNS caching? A: No. A zone is where authoritative records are stored and managed. Caching happens at recursive nameservers and client devices, which store temporary copies of zone records to speed up future lookups.

Summary

  • A DNS zone is a container of DNS records for a domain or subdomain, managed by authoritative nameservers
  • Zones organize the Domain Name System hierarchically, making it possible to delegate management of different domain parts
  • Every zone stores records (A, AAAA, CNAME, MX, TXT) that tell the internet how to route traffic and services
  • Most registrars automatically create a zone when you register a domain, but you manage the records within it
  • Zones should have at least two authoritative nameservers for reliability and redundancy

Related Terms

  • Domain Name System (DNS): The global system that translates domain names into IP addresses, such as converting example.com to 192.0.2.1
  • Nameserver: A server that holds DNS zone records and answers DNS queries, such as ns1.example.com
  • DNS Record: An individual entry in a DNS zone that specifies how to route a specific service, such as an A record pointing a domain to a web server
  • DNS Propagation: The process of DNS nameservers worldwide updating their copies of a zone's records after you make changes
  • SOA Record: A special DNS record that identifies the authoritative nameserver and administrator contact for a zone