Zones

This page provides options to manage your domain names by creating and modifying zones. A zone refers to a portion of the domain name space for which a domain name server is authoritative and possesses complete information. With DNS Server, zone files can be created, stored, and managed on your Synology NAS.

Create zones

Zones are divided into three types: primary zones, secondary zones, and forwarding zones. Primary zones possess all information required for zone files. Secondary zones copy zone files from primary zones (i.e., "zone transfer"). Forwarding zones forward DNS queries to specific forwarders.

To create a new primary zone:

Click Create.
Select Primary zone.
Edit the following settings:
- Domain type: To perform normal resolution services, select Forward zone. (If you want to configure a PTR record, select Reverse zone.)
- Domain name: Enter your registered domain name.
- Primary DNS server: Enter a public static IP address. Clients will be directed to this IP address when querying your DNS Server for the domain name entered above.
- Serial format: Choose a format for the serial number of zone records. There are two formats: Integer (0 - 4294967295) or Date (YYYYMMDDNN; e.g., 2013110501).
  Note: The "NN" part of the date format (YYYYMMDDNN) represents the revision number of that day. This number will be reset to "00" after the record is updated more than 99 times in one day. If you need to update more than 99 times per day, the integer serial format is recommended.
- Limit zone transfer: Enable this option to limit which hosts are allowed to transfer zone files from the new primary zone. When this feature is enabled, only hosts or subnets specified in Zone Transfer Rule can transfer zone files (using the DNS zone transfer protocol, i.e., AXFR) from the primary zone.
- Limit source IP service: Enable this option to limit which hosts can send queries regarding the zone. When this feature is enabled, only hosts or subnets specified on the Source IP List can send queries without being blocked.
- Enable secondary zone notifications: Enable this option to specify which secondary zones to be notified when the primary zone of this DNS server changes. When this feature is enabled, only hosts specified in Secondary Zone IP List will receive notifications.
- Limit zone updates: Enable this option to specify which clients are allowed to request zone updates from this primary zone. When this feature is enabled, only hosts or subnets specified in Zone Update Rule can create, delete, or modify records in specified zones using the DNS update protocol.
Click Save to save the settings.

Domain Naming Rules:

Domain names consist of one or more sections separated with dots called labels, such as the "john" in "john.synology.com". Domain names can include 253 Unicode characters, including letters, numbers, as well as dashes (-) and dots (.) (except for at the beginning). A domain name allows 127 labels. Each label can include 63 characters.

To allow clients to find your server over the Internet, please enter a registered domain name.

Reverse Domains and PTR Resource Records:

PTR records translate IP addresses into the FQDN (fully qualified domain name) of the corresponding host. To reduce spam messages, some email providers authenticate sender IP addresses. If a sender IP address contains no PTR record or the results of forward and reverse resolutions are different, the email provider will block messages sent from this IP address. If you want to implement reverse domain resolution, please inquire with your Internet service provider.

To create a new secondary zone:

Click Create.
Select Secondary zone.
Edit the following settings:
- Domain type: To perform normal resolution services, select Forward zone. If you want to configure a PTR record, select Reverse zone.
- Domain name: Enter a registered domain name.
- Primary DNS server: Enter the IP address of the domain's primary server. The new secondary zone synchronizes zone files from the primary server.
- Enable TSIG (Transfer Signature): If the primary server you specify uses a TSIG key to authenticate zone file transfers, the key must be selected from the Key name drop-down menu. Key files can be imported on the Keys page.
- Limit source IP service: Enable this option to limit which hosts can send queries regarding the zone. Once the option is enabled, only hosts or subnets you specify on the Source IP List can send queries.
Click Save to save the settings.

To create a new forwarding zone:

Click Create.
Select Forwarding zone.
Edit the following settings:
- Domain name: When the DNS query matches the domain name specified here, the query will be forwarded.
- Forwarder: Enter the forwarder IP address to which DNS queries shall be forwarded.
- Forward policy: Select a policy for forwarding queries. If you select Forward first, root servers will be queried when forwarders do not respond. If you select Forward only, the queries will be not be resolved even if forwarders do not respond.
Click Save to save the settings.

Note:

The resolution service needs to be enabled to make forwarding zones work. You can specify which hosts are allowed to query forwarding zones by limiting source IP addresses on the Resolution page.

Import and export zones

Existing zones can be exported to the local computer and then imported with DNS Server, allowing you to create zones on separate devices with existing zone files.

To export resource record:

Select a zone.
Click Export Zone.
Select Resource record.

Note:

If the zone file does not exist (e.g., a forwarding zone or secondary zone that has not finished synchronizing with the primary zone), the resource record cannot be exported.

To export complete zone settings:

Select the zone you wish to export.
Click Export Zone.
Select Complete zone settings.

To import resource record:

Click Create.
Select Import zone.
Select Resource record from the File type menu.
Enter zone details and choose a zone file from the local computer.
Click Save to finish.

Note:

The imported zone file must contain an SOA record. In addition, the owner of the SOA record must be the same as the domain name you enter.

To import complete zone settings:

Click Create.
Select Import zone.
Select Complete zone settings from the File type menu.
Click Save to finish.

Manage zones

This section explains how to edit zone details, enable or disable zones, or create SOA records and resource records.

To edit zone settings:

Select a zone and click Edit.
Click Zone settings.
Edit the following settings:
- Enable zone transfer rules and edit the source IP service list.
- Configure the primary server IP address and TSIG key.
- Enable or disable the zone.
Click Save to save the settings.

Note:

If you select the zone named "domain name@Active Directory" or "_msdcs.domain name@Active Directory" (automatically created when a domain is set up via Synology Directory Server), you can click Edit > Zone settings to enable the option of Listen on IP address changes of your Synology NAS. With this option enabled, the system can listen on IPv4/IPv6 address changes of network interfaces of your Synology NAS to update DNS host records in this zone automatically. Kindly note that only the network interface on the Listen-On List will be listened on.

To edit SOA records:

Select a zone and click Edit.
Click SOA record.
Edit the follow settings:
- Hostname: The name of the name server which is authoritative for the zone file. The name must include a complete domain name (FQDN).
- Email: Email address of the zone administrator.
- Serial: The zone serial number differentiates versions of the zone resource records. When a zone record is updated, the serial number will increase by one. The serial number can be set from 0 to 4294967295.
- Refresh time: Choose how often each secondary server synchronizes zone files from the primary server. Refresh time can be set from 1 to 2147483647 (seconds).
- Retry time: When a secondary server fails to synchronize zone files from the primary server, it waits for the period specified here before trying again. Retry time can be set from 1 to 2147483647 (seconds).
- Expiry time: If a secondary server fails to synchronize zone files from the primary server for a period longer than the one specified here, it stops synchronization attempts. Expiry time can be set from 1 to 2147483647 (seconds).
- Negative cache TTL (Time-to-live): Choose how long the zone keeps negative cache files. Negative cache TTL can be set from 1 to 2147483647 (seconds).
Click Save to save the settings.

Note:

You can only edit the SOA records of primary zones.

To create resource records:

Select a zone and click Edit.
Click Resource record.
Click Create to add a new resource record.
Select a resource record type, such as A, AAAA, CNAME, MX, NS, PTR, SPF, SRV, TXT, CAA, etc.
Enter the following resource record details:
- Name: Enter a name for the resource record.
- TTL: Choose how long the resource record remains in the cache of other name servers. If the resource record is not frequently updated, TTL should be set higher to consume fewer system resources. If the resource record is frequently changed, TTL should be set lower to reduce instances where the resource record changes, but the cache of other name servers does not update to the new version. TTL can be set from 1 to 2147483647 (seconds).
- IP address: Enter the IP address into which your DNS server should translate. For example, "www.synology.com" is translated into the IP address "120.89.71.100".
- Priority: (For MX records) If multiple mail exchanger (MX) resource records exist, the DNS client server will attempt to contact mail servers in the order of preference from the lowest value (highest priority) to the highest value (lowest priority).
- Host/Domain: (For NS and MX records) Enter the host into which your DNS server should translate and route email messages.
- Canonical name: (For CNAME records) Enter the host into which your DNS server should translate. For example, "wrpc.service.mirror-image.net" is the CNAME of "www.synology.com".
- Information: (For TXT records) Enter a value enclosed by double quotation marks ("), and the subsequent input must also be enclosed by them. That is, to enter additional information, you can either insert in the existing value enclosed by double quotation marks or enter a new value enclosed by double quotation marks after it. Double quotation marks can be escaped by the backslash (\), which can also be escaped by backslash itself.
Click Save to save the settings.

Note:

You can only edit the resource records of primary zones.

Resource Records

Host (A) resource records are used to map a domain name to the IP address of a computer. You can create a host (A) resource records in a zone to associate the domain name with your computer (i.e., host) to its IP address.
Alias (CNAME) resource records are used to map an alias of a domain name to another primary or canonical name.
Mail exchanger (MX) resource records are used to map a domain name to the name of a host that exchanges or forwards mail.

To edit resource records:

Select a zone and click Edit.
Click Resource record.
Select the resource records you wish to edit, and click Edit.

Note:

You can press and hold Ctrl or Shift to select multiple resource records of the same type (A or AAAA). Only the IP address of the selected resource records can be batch edited.

To change secondary zones into primary zones:

Secondary zones can be changed into primary zones. Therefore, you can create a secondary zone on your Synology NAS, synchronize zone files from another name server, and subsequently change the zone to a primary zone in order to manage it from your Synology NAS.

Select a secondary zone.
Click Change to primary zone.

Note:

A secondary zone cannot be changed into a primary zone until zone files have been successfully synchronized.
Primary zones cannot be changed to secondary zones.

To delete a zone:

Select the zone you wish to delete.
Click Delete.
Click Delete again to confirm the deletion.
Note: The deletion of zones is irreversible.

Was this article helpful?

Yes ／ No