DNS Glossary

additional section
additional information provided in a response, such as glue. A resolver or client may choose to ignore the additional section. A resolver or client should ignore unrelated data.
answer
the TTL and resource record data provided for the query. Note that the response includes the original query too (domain name and type).
apex
the SOA and NS records are located at the apex, the top-level of a zone. (Commonly the "@" a-sign is used to represent the apex domain name or current origin in a zone file.)
authoritative
The server that is responsible to provide the data. The data that came from a responsible server. (The flag that indicates the answer was authoritative.)
authority section
response section to provide SOA record for no answer responses or provide the referral NS delegations to query next.
AXFR
full zone transfer; always uses TCP instead of UDP.
bailiwick
the scope of authority, responses should only be trusted when come from server with its bailiwick.
caching
Stores the record up to the time-to-live time. The resolver doesn't have to lookup the same query frequently for long TTLs.
ccTLD
country-code TLD, like DE and NZ.
class
Defines the schema for the record types and resource record data. For common DNS it is the Internet (IN) class.
CNAME
The Canonical Name or alias resource record type. Its target (resource record data) is the new domain name to lookup using the original resource record type in the new query. (A CNAME cannot be at an apex as it cannot be at same name as another record type other than RRSIG.)
delegation
The zone uses a NS (name server) record to identify what authoritative server is next responsible for the domain. Basically an answer says "look here instead". This is provided in the authority section.
DNSKEY
a resource record type containing the public part of a cryptographic key used to verify a digital signature record (RRSIG).
DNSSEC
Additional records included with DNS responses to provide a chain of trust and signatures to help validate where the data comes from and wasn't modified.
domain
is a subtree of the DNS which defines who is responsible and lists all its immediate delegated subdomains or non-delegated leaf names. (Normally, for example for "www.example.org" the domain is just "example.org.")
domain name
a complete fully qualified name with all labels (separated by periods). Also called a fully qualified domain name (FQDN).
DoS
DNS via UDP can be used with spoofed sender address with queries that send back large responses to a targeted device to cause a Denial of Service.
dot
Single period as the domain name is the top-level root-domain. Domain names end with a dot.
dynamic update
Method to make updates to a DNS zone.
EDNS
Extension mechanisms for DNS helps provide further parameters and features to DNS.
EDNS client subnet (ECS)
A client can provide an IP address subnet which is sent to a server which may use it to provide custom information based on that, such as geo-located content.
empty non-terminal
a domain name without a resource record, but has a subdomain with a resource record. These are the in-between labels.
Expire timer
If a SOA polling failed, keep trying until this amount of time. (Contained in SOA record.) After it expires, do not serve the zone data anymore.
flags
attributes (or bits) that identify the query or what the iterative client can accept; or the attributes sent back from the responding server. Such as authoritative answer (AA bit), truncated, recursion desired bit, and recursion available.
forwarder
Accepts a query and asks a recursive server to provide a response which the forwarder returns back to its client.
FQDN
The fully qualified domain name includes the hostname and the domain name. It is the complete and usually unique name.
glue
The address record provided in the additional section which is associated with a NS (name server) delegation record. Allows providing an address to find the next server in a single transaction.
gTLD
generic TLD, such as AERO, BANK, CLUB, and WORK.
id
16-bit transaction identifier number provided in the query and returned in the response to help match it with the original question. Answers can be spoofed.
inverse queries
obsolete feature to get the query by providing its value; this is not reverse lookups which are normal in-addr.arpa PTR lookups.
iterative query
the client chases down the answer, one query at a time.
IXFR
incremental zone transfer; only transfers changed records.
label
A label is a single part of a domain name between the periods; for example, www.example.net, has three labels.
lame delegation
Delegated name servers aren't really available or provide non-authoritative data.
LDH
letters, digits, hyphens, but note that the DNS does not restrict labels to LDH.
master
also known as the "primary" server is the main authoritative server where secondaries may poll and do zone transfers from.
master file
The plain text zone file loaded by the authoritative server.
MX (mail exchange)
Records that provide names of mail servers which will handle incoming email for a domain. The records have a priority number where lower numbers are tried first.
negative answers
failed DNS lookups
negative cache TTL
Last SOA field, previously called the "minimum" used to set the TTL for caching that no answer was authoritatively provided. So a resolver doesn't repeated send queries for a NXDOMAIN, for example.
NOTIFY
An authoritative server tells a secondary server that there is an updated zone to check for.
NS
the name server record creates a subzone or delegation by defining multiple name servers that are responsible for the domain. (The NS is in the parent zone and in the its own zone.)
NXDOMAIN
Status result for no such domain when there is no domain name or the domain name doesn't exist. Note if the domain name exists but with a different type, then there will be a "No error" response with no answer instead.
poison
DNS server accepts zone updates from a malicious source, or DNS resolver accepts DNS answer from non-authoritative source.
PTR (pointer)
The pointer record is used to map an IP address, written in reverse IP octet order, and commonly within the IN-ADDR.ARPA. domain, to provide the name for that address. Used for reverse name mapping.
qname
the query name is the domain name in the question.
query
client asking a DNS server a question with a domain name and the record type (and class).
record
The record contains the domain name, the TTL, the record type, and the resource record data. There may be multiple record types and/or multiple (even different) datas for the same domain name.
record type
The data type, for example: an IPv6 address (AAAA) or a pointer to a mail server (MX)
recursive service
A server that will do iterative queries on behalf of a client.
referral
a response without answer section but includes at least one authoritative name servers (that are closer) and additional section has the glue (IP for them).
Refresh timer
The wait before asking master for current SOA (to get serial number to see if should do a zone transfer). (Contained in SOA record.)
Registrar
The company that manages registrations and fees for domain names (by registrants), such as Godaddy and Joker.
Registry
The organization which operates a top-level domain. (For example, Verisign is the operator or registry for COM.)
resource record data (rrdata)
The data associated with a record type for a domain name.
Retry timer
Try polling again for SOA record after this amount of time after a refresh failed. (Contained in SOA record.)
root
Is the top of the DNS domains tree. The root-servers know about all the nameservers for the top-level domains (TLDs), but not the record data for subdomains.
round-robin
When multiple resource record data is provided for a single query, only a single data is randomly used. (Called a poor-man's load balancer when used with address records for example.)
secondary
also known as "slave" is another authoritative server hosting the same zone data.
serial number
Used by secondary authoritative servers to know if there is a new copy of the zone to transfer in.
SPF
Sender Policy Framework record to define authorized IP addresses for sending email for a domain. (Used a proposed record type, SPF, but now commonly provided in TXT records.)
start of authority (SOA)
Identifying record type for a domain. The resource record data provides seven attributes: main server name, contact email address, serial number, zone transfer refresh, retry, and expire timers, and cache timer for negative responses. As an answer this is used for secondary server polling. It is also returned in the authority section for when the domain name or domain name plus type pair doesn't exist.
status
The error code returned with the response, such as format error, server failure, no such name error, and refused. "No error" implies that a valid response is provided even if an answer is not provided.
stealth
servers or data not seen in public records
stub
A client that can do a single query. Normally a stub forwards a question to a full featured caching recursive server.
TLD
The top level or first label (from right hand side) of a domain name, such as COM or GOV, UK or US (ccTLDs), and NYC or NEWS (gTLD).
truncated
the response is larger than supported, indicates that the client should query again using TCP to get the full response.
TSIG
A DNS technique using shared secrets to authenticate DNS end-points (generally between servers).
TTL
The time-to-live is the time that a server may cache the answer (resource record data)
TXT
A record containing free-form textual data. It is commonly used to provide SPF.
validator
A resolver that fetches and understands DNSSEC records and verifies that the chain of trust is correct and the data isn't modified and is within a valid time period.
wildcard
An asterisk used as a left-hand-side label name in a zone file configuration will match any undefined name (at that record type).
zone
A single configuration of DNS records hosted on an authoritative server. This can contain subdomains or can delegate subdomains in another zone which are commonly hosted on a different server.
zone transfer
The act of transferring a zone file (using AXFR or IXFR) from one authoritative server to another for synchronized redundancy. Commonly, a secondary server will poll the other server for its SOA every REFRESH interval and uses serial number.