Off the top of my head (haven't had to do zone files for ~2 years):

* hostmaster@example.com -> hostmaster.example.com

* NS records are usually hostnames (not sure if IPs are even valid)

* Ditto for MX records ; also add a period to the end, otherwise example.net will get appended

* Also appending with the www record

See also:

* https://linux.die.net/man/8/named-checkzone

To add —

You can do delegated zones by specifying NS records for a subdomain within the parent zone. If you’re talking about NS for a second level domain (“example” in example.com) you would want glue records which are essentially a “lookaside” to prevent circular dependencies. Glue records are really just A records with clout, returned with the IP of your name server. This glue is maintained by the higher level authoritative zone. So you query for example.org and the nameserver for .org returns ns1.example.org as the name server for your zone, as well as the IP address for that server.

This is why you could run a DNS server at ns1.example.org as your authoritative DNS.

Pretty good! :)

Besides what was mentioned by others, there are two more mistakes in the SOA and one in each NS.

> mistakes in the SOA

I figured there was since (e.g.) the numbers looked 'off' (regular TTL vs. negative TTL), but couldn't be arsed to look up the exact SOA format.

Also the CNAME if you have a cname you don't want any other records with the same name. It ends up being a confusing and ambiguous situation to be if. You are supposed to use the cname to jump the the actual record. but now there is also a MX record here are we supposed to do anything with it?

Indeed, a semi-common footgun that is allowed by BIND and I think many other servers.