Topics Map > DNS Basics
Topics Map > DDI Pilot

DNS: $ORIGIN and the use of the 'dot'

DNS: $ORIGIN and the use of the 'dot'

Based heavily on:

http://zytrax.com/books/dns/apa/dot.html
http://zytrax.com/books/dns/ch8/origin.html
http://zytrax.com/books/dns/apa/origin.html

$ORIGIN

$ORIGIN defines a base value from which 'unqualified' name substitutions are made when processing the zone file. $ORIGIN values must be 'qualified' (they end with a 'dot'). If an $ORIGIN directive is not defined, BIND synthesizes one from the zone name in the named.conf file
zone "doit.wisc.edu" {
	type master;
	file "myfilefor.doit.wisc.edu";
};
In the above example, the initial value of $ORIGIN is 'doit.wisc.edu' [the zone name], not 'myfilefor.doit.wisc.edu' [the file name].

$ORIGIN is used in two contexts during zone file processing:

  • The symbol @ is used in BIND to denote 'zone root'. The current value of $ORIGIN is substituted for (replaces) the symbol @.
  • The current value of $ORIGIN is added to any 'unqualified' name (any name which does not end in a 'dot').

Use of the 'dot'

The 'dot' at the end of a DNS record is sometimes optional, sometimes not. The rule is simple and is called the ORIGIN substitution rule.

If there is a dot at the end of a name in a resource record or directive, the name is qualified and if it contains the whole name including the host. This is called a Fully Qualified Domain Name, or FQDN. In this case the the name as it appears in the RR is used unchanged.

If there is NO dot at the end of the name, the name is unqualified and DNS software adds the value of the last $ORIGIN directive.

Forward zone example

Note that the filename does NOT have to match the zone name but it should for simplicity sake. Reverses are a different story and are discussed later in this KB.
; zone file fragment for example.com
; the named.conf file contains 'zone "example.com"'
; there is no $ORIGIN statement
; name in the line below is expanded to joe.example.com.
joe               IN      A      192.168.254.3

;this is the same as
joe.example.com.  IN      A      192.168.254.3

;
;
;

;another example
www               IN      CNAME  joe 

; next line is functionally the same as line above
www.example.com. IN      CNAME  joe.example.com.

; and so is this line
www               IN      CNAME  joe.example.com.

;
;
;
; also

example.com.      IN      A      192.168.254.3

; can be written as
                  IN      A      192.168.254.3
; OR even
@                 IN      A      192.168.254.3

Reverse Zone Example

Consider the following reverse zone declaration from named.conf
zone "16.104.128.in-addr.arpa" {
        type master;
        file "master/128.104.16";
};
Note that the zone name [16.104.128.in-addr.arpa] and filename [128.104.16] do not match. Operators are generally more adept at reading IPs in the second format.

This distinction is important. Let's look at an example PTR declaration.

1                       IN      PTR     vlan-645-gw.net.wisc.edu.       

; what this really means is
1.16.104.128.in-addr.arpa.    IN    PTR  vlan-645-gw.net.wisc.edu.

; note that in this case, the ORIGIN is 16.104.128.in-addr.arpa

; while the following is syntactically correct, it is probably not what you want.
; notice that there is a 'DOT' missing at the end of vlan-645-gw

1                       IN      PTR     vlan-645-gw

; this will expand out to       
1                       IN      PTR     vlan-645-gw.16.104.128.in-addr.arpa.

; the following is also probably not what you want
; notice that there is a 'DOT' missing from vlan-645-gw.net.wisc.edu

1                       IN      PTR     vlan-645-gw.net.wisc.edu

; this will expand out to
1                       IN      PTR     vlan-645-gw.net.wisc.edu.16.104.128.in-addr.arpa.




Keywords:DNS: $ORIGIN and the use of the 'dot'   Doc ID:8954
Owner:Tim C.Group:DNS, DHCP, and IPAM
Created:2009-01-29 19:00 CDTUpdated:2020-08-04 11:12 CDT
Sites:DNS, DHCP, and IPAM, Network Services, Systems & Network Control Center, University of Wisconsin System Network
Feedback:  1   0