Home/ Glossary/ DNS Zone

DNS Zone (DNS Zone)

Security Glossary - DNS

Definition: A DNS zone is a distinct portion of the DNS namespace managed by a specific entity. A zone contains the DNS records for a domain and its subdomains (unless a subdomain is delegated to its own zone). The zone is defined by a zone file that contains SOA, NS, A, AAAA, MX, TXT, CNAME, and other records.

Why DNS Zone Matters

Understanding DNS zones helps you manage complex domain configurations. Your primary zone (example.com) typically contains records for the apex domain and all subdomains. If you delegate a subdomain to different nameservers (like delegating api.example.com to a separate DNS provider), that creates a separate zone.

Zone management is where DNS security configurations live. SPF, DKIM, DMARC, and CAA records all exist within your DNS zone. A well-organized zone with proper records is essential for email deliverability, certificate management, and security header policies that reference DNS.

When migrating DNS providers, you are transferring the entire zone. This means every record must be recreated at the new provider. Missing even one record during migration - like an obscure TXT record for a third-party service verification - can cause service disruptions. Always export a full zone dump before migrating.

How to Check

A DNS health checker queries your zone and validates its configuration. Export your zone file periodically as a backup. Before DNS migrations, compare the zone at both old and new providers to verify all records are present.

Check DNS Health

Frequently Asked Questions

What is the difference between a zone and a domain?
A domain is a name in the DNS hierarchy (like example.com). A zone is the administrative boundary for managing DNS records. They often align, but a zone can contain multiple subdomains, and subdomains can be delegated to their own zones.
How do I back up my DNS zone?
Most DNS providers offer zone export in BIND format. Download this regularly as a backup. For Cloudflare, use the Export DNS Records feature. For Route 53, use the AWS CLI. This backup is essential for disaster recovery and migration.

Related Terms

Domain Name System SOA Record (Start of Authority) NS Record (Nameserver Record) Nameserver TXT Record (Text Record)
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.