Sometimes you need it sometimes you don't. At first glance, and even at the fourth glance, it seems confusing.
It is not. The rule is simple and we call it the ORIGIN substitution rule.
If there is a dot at the end of a name in a resource record or directive, the name is qualified and if it contains the whole name including the host then it is a Fully Qualified Domain Name - FQDN. In this case the the name as it appears in the RR is used unchanged.
If there is NO dot at the end of the name (a.k.a. label in DNS jargon), the name is unqualified and DNS software adds the value of the last or only $ORIGIN directive. In the absence of an $ORIGIN directive the zone name from the named.conf file for this zone is used to synthesize an $ORIGIN directive. The fragment below illustrates this using A records and CNAME records.
With implicit $ORIGIN statement: In the zone fragment below an implicit $ORIGIN directive is created from the zone file name as noted. In general this is bad practise for two reasons. First, the file is not self-referencing - you need to know information from another source - in this case the zone name for which this file is being used which is defined in the named.conf file (for BIND). Second, it is not readily apparent what value is being substituted. At 3 A.M.when working under stress to bring back service it may not be so apparent. All to save typing a few characters.
; zone file fragment for example.com ; the named.conf file contains 'zone "example.com"' ; there is no $ORIGIN statement and therefore one is synthesized ; name in the line below is expanded to joe.example.com. joe IN A 192.168.254.3 ; line below - www.example.com. aliased to joe.example.com. www IN CNAME joe ; next line is functionally the same as line above www.example.com. IN CNAME joe.example.com. ; and so is this line www IN CNAME joe.example.com. ; the name in this is record defaults to example.com ; assuming it was placed at the zone apex IN A 192.168.254.3 ; and could have been written as example.com. IN A 192.168.254.3 ; OR @ IN A 192.168.254.3
With explicit $ORIGIN statement: In general we always suggest that you use an $ORIGIN directive in every zone file because it makes understanding the effects of the above substitution rule much simpler to understand. Here are the same examples as above with an explicit $ORIGIN directive in the zone file.
; zone file fragment for example.com $ORIGIN example.com. .... ; name in the line below is expanded to joe.example.com. by adding $ORIGIN joe IN A 192.168.254.3 ; line below - www.example.com. aliased to joe.example.com. www IN CNAME joe ; next line is functionally the same as line above www.example.com. IN CNAME joe.example.com. ; and so is this line www IN CNAME joe.example.com. ; the name in this is record defaults to example.com ; assuming it was placed at the zone apex IN A 192.168.254.3 ; and could have been written as example.com. IN A 192.168.254.3 ; OR @ IN A 192.168.254.3
Dots before the eyes: Some more examples:; zone file fragment for example.com $ $ORIGIN must terminate with a DOT ALWAYS $ORIGIN example.com ; in the above case the dot is missing from the $ORIGIN ; using the expansion rule this will give a substitution value of ; example.com.example.com. ; In A RR's the right hand expression is an address not a label ; thus expansion will on be applied to the left hand label joe IN A 192.168.254.3 ; line above expands to - joe.example.com. IN A 192.168.254.3
Reverse Mapping Zone Files: A tad messier:; zone file fragment for 2.168.192.IN-ADDR.ARPA $ORIGIN 2.168.192.IN-ADDR.ARPA. .... 1 IN PTR joe.example.com. ; In the above case the left hand value is a name (or label) not an address ; and therefore subsitution is applied giving ; 184.108.40.206.IN-ADDR.ARPA. IN PTR joe.example.com. ; which maps 192.168.2.1 to the host name joe.example.com ; and if you wrote the above PTR like this 1 IN PTR joe ; it will expand to ; 220.127.116.11.IN-ADDR.ARPA. IN PTR joe.2.168.192.IN-ADDR.ARPA. ; which is probably not what you intended
3 reverse map
4 dns types
5 install bind
8 dns records
12 bind api's
13 dns security
bits & bytes
notes & tips