A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into different zones, distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another; however, a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.

The domain namespace of the Internet is organized into a hierarchical layout of subdomains below the DNS root domain. The individual domains of this tree may serve as delegation points for administrative authority and management. However, it is usually desirable to implement fine-grained delegation boundaries so that multiple sub-levels of a domain may be managed independently. Therefore, the domain name space is partitioned into areas (zones) for this purpose. A zone starts at a domain and extends downward in the tree to the leaf nodes or to the top-level of subdomains where other zones start.

A DNS zone is implemented in the configuration system of a domain name server. Historically, it is defined in the zone file, an operating system text file that starts with the special DNS record type Start of Authority (SOA) and contains all records for the resources described within the zone. This format was originally used by the Berkeley Internet Name Domain Server (BIND) software package and is defined in RFC 1034 and RFC 1035.

Most top-level domain name registry operators offer their namespaces to the public or entities with the mandated geographic or otherwise scoped purpose for registering second-level domains. Similarly, an organization in charge of a lower-level domain may operate its namespace and subdivide its space.

Each registration or allocation of subdomain space obligates the registrant to maintain an administrative and technical infrastructure to manage the responsibility for its zone, including sub-delegation to lower-level domains. Each delegation confers essentially unrestricted technical autonomy over the allocated space. An area of one or more subdomains that have been delegated for management is called a DNS zone. A zone always starts at a domain boundary to include all leaf nodes (hosts) in the domain or ends at the boundary of another independently managed zone.

As each domain is further divided into sub-domains, each becoming a DNS zone with its own set of administrators and DNS servers, the tree grows with the largest number of leaf nodes at the bottom. At this lowest level, in the end-nodes or leaves of the tree, the term DNS zone becomes essentially synonymous with the term "domain", both in terms of use and administration. The term domain is used in the business functions of the entity assigned to it, and the term zone is usually used for the configuration of DNS services.

DNS zones contain the records for mapping domain names to IP addresses or other information. The resolution of a domain name to its assigned information is also referred to as forward resolution, and the DNS zones associated with such processes are often referred to as forward zones. The term arose as the opposite of reverse zones, which are used for the reverse process: finding the DNS name associated with an IP address. Such reverse zones are maintained in the Internet Address and Routing Parameter Area (domain arpa).

Another common use of the term forward zone refers to a specific configuration of DNS name servers, particularly caching name servers, in which resolution of a domain name is forwarded to another name server that is authoritative for the domain in question, rather than being answered from the established cache memory.