Understanding the “IN” Class in DNS Zone Files: When and Why to Use It


2 views

In DNS zone files, the IN specifies the record class, which stands for Internet - indicating these records are for standard Internet use. While often omitted in modern configurations, understanding its purpose is crucial for DNS administrators.

; Fully qualified record with class
example.com.    IN    A    192.0.2.1

; Short form (class omitted)
example.com.    A    192.0.2.1

Originally, DNS supported multiple record classes:

  • IN - Internet (most common)
  • CH - Chaosnet
  • HS - Hesiod

Today, IN is implied when omitted, making it optional in most DNS software like BIND:

; These are equivalent in modern implementations
www     IN    A    203.0.113.45
www          A    203.0.113.45

Some special cases require explicit class specification:

; Required in $ORIGIN directives
$ORIGIN example.com. IN

; Needed when mixing different record classes
@       IN    SOA   ns1 admin 2023081501 7200 3600 1209600 3600
@       CH    TXT   "Chaosnet record example"

For consistency in zone files:

  1. Pick one style (with or without IN) and stick to it
  2. Always include IN when mixing record classes
  3. Be aware that some older DNS tools may require explicit IN

Example of clean zone file formatting:

$TTL 86400
@       IN    SOA     ns1.example.com. hostmaster.example.com. (
                        2023081501 ; serial
                        7200       ; refresh
                        3600       ; retry
                        1209600    ; expire
                        3600       ; minimum TTL
                    )

        IN    NS      ns1.example.com.
        IN    NS      ns2.example.com.
        IN    MX      10 mail.example.com.

www     IN    A       192.0.2.1
        IN    AAAA    2001:db8::1
api     IN    CNAME   loadbalancer.example.net.

In DNS zone files, the IN specifies the record class, standing for "Internet". This is one of three historical DNS classes:

www    IN  A     192.168.1.1  ; Explicit class
www        A     192.168.1.1  ; Implicit class

While current implementations primarily use IN, the class field remains part of the DNS specification (RFC 1035). The other classes - CH (Chaosnet) and HS (Hesiod) - are now obsolete.

Modern DNS servers and tools handle class specification differently:

  • Required: When using mixed record classes in experimental setups (extremely rare)
  • Optional: In 99.9% of real-world deployments where only IN class is used

Most DNS software today assumes IN when the class is omitted:

; These are equivalent in BIND 9+
example.com.      A       203.0.113.1
example.com. IN   A       203.0.113.1

Behavior varies slightly between implementations:

# BIND 9 (most common) - Accepts both forms
$TTL 3600
@       SOA ns1 admin ( 2023081501 7200 3600 1209600 3600 )
@       NS  ns1
ns1     A   192.0.2.1

# Windows DNS - Also accepts both but recommends explicit IN
; Recommended format for Windows DNS
@   IN  SOA ns1 admin ( 2023081501 7200 3600 1209600 3600 )
@   IN  NS  ns1

Consider these guidelines:

  1. For readability in shared environments, include IN
  2. In automated tools/scripts, omitting IN reduces parsing complexity
  3. When using $INCLUDE directives, be consistent within each file

Example of a well-formatted modern zone file:

$ORIGIN example.com.
$TTL 1h
@       IN  SOA   ns1 admin. (
                    2023081501 ; serial
                    2h         ; refresh
                    30m        ; retry
                    2w         ; expire
                    1h         ; minimum
                )
        IN  NS    ns1
        IN  MX    10 mail
ns1     IN  A     192.0.2.1
www     IN  CNAME @