DNS and DNS Records

The Domain Name System (DNS) is the Internet’s address book. DNS directs web traffic to your Server and email to your inbox by mapping memorable domain names like example.com to IP addresses like 192.0.2.8 or 0123:4567:89ab:cdef:0123:4567:89ab:cdef. This guide introduces basic DNS concepts and the different types of DNS records.

Basics of DNS

Domain Names

Domain names areread from right to left. The broad domain classifier is on the right i.e. the .com, .net, .org or .in also known as TLDs, moving towards left they become more and more specific to the purpose as an examples below, the top-level domain, or TLD, is .com

example.com pop.mail.example.com         

To the left of the TLD every term is separated by a period and considered a more specific subdomain, first-level subdomains + the TLDs (example.com) will be referred to as domain name. Moving to the left, mail and pop are the second- and third-level subdomains, respectively. Subdomains are usually used to uniquely identify specific servers or services within the domain.

Name Servers

Nameserver is a server in the DNS that translates domain names into IP addresses. Nameservers store and organize DNS records, each of which pairs a domain with one or more IP addresses. These servers act as the bridge between domain names, which we humans can remember, with IP addresses, which computers can process

name servers is essential of domain ownership. If you don’t, connecting client devices won’t know where to find your DNS information so your domain won’t resolve. Name servers host a domain’s DNS information in a text file called a zone file. They’re are also known as Start of Authority (SOA) records. You can host your DNS information on name servers in one of several locations:

  • cloudflare (it's really nice)
  • Your domain registrar
  • Your own DNS server
  • Third-party DNS hosting

Using cloudflare’s name servers is the easiest approach, because cloudflare provides a default zone file with all the right IP addresses for your website and email along with its vast CDN Netw. Cloudflare’s name servers will work well for both basic and advanced setups. However, you can also look into the options offered by your registrar and third-party DNS hosts, or host your own DNS if you want control over as much of the DNS process as possible. You’ll need to specify name servers on your domain registrar’s website and will take around 24 to 48 hours of time, depending upon the region you are in.

DNS Records and Zone Files

The next aspect of DNS management is specifying DNS records, which match domain names to IP addresses. The DNS records are then automatically bundled up into a zone file, which is what allows connecting devices to look up the correct IP address for your domain. It contains records similar to the following:

Note: You can also use trailing dots in domain names (for example, example.com.), which will make the name fully-qualified.

; example.com [448369] 
@ MX 10 mail.example.com. 
@ A 12.34.56.78 
mail A 12.34.56.78 
www A 12.34.56.78        

Every domain’s zone file contains the domain administrator’s email address, the name servers, and the DNS records. Of course, you are not limited to these default entries. Many subdomains can be created for a domainname.

DNS Resolution

The domain name needs to get translated into your Servers’s IP address. DNS matches human-friendly domain names like example.com to computer-friendly IP addresses like 192.0.2.8. This happens in a special text file called a zone file, which lists domains and their corresponding IP addresses. A zone file is like a phone book that matches names with street addresses.

Here’s how the DNS lookup process works:

  1. You type a domain name like example.com into your browser’s address bar.
  2. Your computer is connected to the internet through an internet service provider (ISP). Your ISP’s DNS resolver queries a root nameserver for the proper TLD nameserver. In other words, it asks the root nameserver, Where can I find the nameserver for .com domains?
  3. The root nameserver responds with the IP address for the .com nameserver.
  4. The ISP’s DNS resolver uses the IP address it got from the root nameserver to ask the .com nameserver, *Where can I find the nameserver for example.com?
  5. The .com nameserver responds with the IP address for the example.com nameserver.
  6. The ISP’s DNS resolver reads the zone file from your domain’s nameserver.
  7. The zone file shows which IP address goes with the domain.
  8. Now that the ISP has the IP address for example.com, it (in short) returns this to your browser which then accesses the site’s web server.

In the above case the ISP has no current information about the requested domain. ISPs usually cache a lot of DNS information after they’ve looked it up the first time. This results in faster lookups and less strain on DNS servers.

Most of the time caching is a good thing, but if you’ve recently made a change to your DNS information, like when you move to AWS from local or a different hosting provider in such a case, caching can cause dela you want to pay attention to your zone file’s time to live (TTL) so that your DNS change happens as quickly as possible.

DNS Records

A and AAAA

An A record points your domain or subdomain to your server’s IP address, which allows web traffic to reach your server. This is the core function of DNS. A typical A record looks like either of the following:

example.com A 12.34.56.78 hello.example.com A 12.34.56.78         

You can point different subdomains to different IP addresses. If you want to point every subdomain of example.com to your server’s IP, you can use an asterisk (*) as your subdomain:

*.example.com A 12.34.56.78         

An AAAA record is just like an A record, but for IPv6 IP addresses. A typical AAAA record looks like the following:

example.com AAAA 0123:4567:89ab:cdef:0123:4567:89ab:cdef         


AXFR

An AXFR record is a type of DNS record used for DNS replication, although there are more modern ways to do DNS replication. AXFR records are not used in ordinary zone files. Rather, they are used on a slave DNS server to replicate the zone file from a master DNS server.

CAA

DNS Certification Authority Authorization uses DNS to allow the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

CNAME

CNAME record or Canonical Name record matches a domain or subdomain to a different domain. With a CNAME record, DNS lookups use the target domain’s DNS resolution as the alias’s resolution. Here’s an example:

alias.com CNAME example.com. example.com A 12.34.56.78         

With this setup, when alias.com is requested, the initial DNS lookup will find the CNAME entry with the target of example.com. A new DNS lookup will be started for example.com, which will find the IP address 12.34.56.78. Finally, visitors to alias.com will be directed to 12.34.56.78.

CNAME records exist so that domains can have aliases. Some mail servers handle mail oddly for domains with CNAME records, so you should not use a CNAME record for a domain that gets email. Likewise, MX records cannot reference CNAME-defined hostnames. The target domain for a CNAME record should also have a normal A-record resolution. Chaining or looping CNAME records is not recommended.

DKIM

DKIM record or DomainKeys Identified Mail record displays the public key for authenticating messages that have been signed with the DKIM protocol. This practice increases the capability to check mail authenticity. A typical DKIM record looks like the following:

selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK         

DKIM records are implemented as text records. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then _domainkey.example.com. The type is TXT, and the value includes the type of key, followed by the actual key.

MX

An MX record or mail exchanger record sets the mail delivery destination for a domain or subdomain. A typical MX record looks like the following:

example.com MX 10 mail.example.com. mail.example.com A 12.34.56.78         

The above records direct mail for example.com to the mail.example.com server. The target domain (mail.example.com above) needs to have its own A record that resolves to your Server. An MX record should ideally point to a domain that is also the hostname for its server.

Your MX records can point to any server you choose to use as your mail server. If you’re using a third-party mail service like Google Workspace or mailgun or any other mail service provider, you should use the MX records they provide.

Priority is another component of MX records. This is the number written between the record type and the target server (10 in the example above). Priority allows you to designate a fallback server (or servers) for mail for a particular domain. Lower numbers have a higher priority. Here’s an example of a domain that has two fallback mail servers:

example.com MX 10 mail_1.example.com example.com MX 20 mail_2.example.com example.com MX 30 mail_3.example.com         

In this example, if mail_1.example.com is down, mail will be delivered to mail_2.example.com. If mail_2.example.com is also down, mail will be delivered to mail_3.example.com.

NS

NS records or name server records set the nameservers for a domain or subdomain. The primary nameserver records for your domain are set both at your registrar and in your zone file. Typical nameserver records look like this:

example.com NS ns1.namecheap.com. 
example.com NS ns2.namecheap.com. 
example.com NS ns3.namecheap.com. 
example.com NS ns4.namecheap.com. 
example.com NS ns5.namecheap.com.         

The nameservers you designate at your registrar that carries the zone file for your domain.

You can also set up different nameservers for any of your subdomains. Subdomain NS records get configured in your primary domain’s zone file the entries in the zone file will look something like this

mail.example.com NS ns1.cloudflare.com 
mail.example.com NS ns2.cloudflare.com         

Primary nameservers get configured at your registrar and secondary subdomain nameservers get configured in the primary domain’s zone file. The order of NS records does not matter. DNS requests are sent randomly to the different servers, and if one host fails to respond, another one will be queried.

PTR

PTR record or pointer record matches up an IP address to a domain or subdomain, allowing reverse DNS queries to function. It performs the opposite service an A record does, in that it allows you to look up the domain associated with a particular IP address, instead of vice versa.

PTR records are usually set with your hosting provider. They are not part of your domain’s zone file.

As a prerequisite for adding a PTR record, you need to create a valid, live A or AAAA record that points the desired domain to that IP. If you want an IPv4 PTR record, point the domain or subdomain to your server’s IPv4 address. If you want an IPv6 PTR record, point the domain to your server’s IPv6 address. Beyond that, IPv4 and IPv6 PTR records work the same way.

Note: you can have multiple IP address for the same domain for reverse DNS. you will have to configure multiple A or AAAA records for that domain that point to the various IPs.

SOA

An SOA record or Start of Authority record labels a zone file with the name of the host where it was originally created. Next, it lists the contact email address for the person responsible for the domain. There are also various numbers, which we’ll get into in detail in a moment. First, here’s a typical SOA record:

@ IN SOA ns1.namecheap.com. admin.example.com. 2013062147 14400 14400 1209600 86400         

Note: The administrative email address is written with a period (.) instead of an @ symbol.

Here’s what the numbers mean:

  • Serial number: The revision number for this domain’s zone file. It changes when the file gets updated.
  • Refresh time: The amount of time (in seconds) a secondary DNS server will keep the zone file before it checks for changes.
  • Retry time: The amount of time a secondary DNS server will wait before retrying a failed zone file transfer.
  • Expire time: The amount of time a secondary DNS server will wait before expiring its current zone file copy if it cannot update itself.
  • Minimum TTL: The minimum amount of time other servers should keep data cached from this zone file.

The single nameserver mentioned in the SOA record is considered the primary master for the purposes of Dynamic DNS and is the server where zone file changes get made before they are propagated to all other nameservers.

SPF

An SPF record or Sender Policy Framework record lists the designated mail servers for a domain or subdomain. It helps establish the legitimacy of your mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though it did not. Spammers sometimes try to do this to get around filters.

An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email so they can reject spoofed mail from your domain that has originated from unauthorized servers. A very basic SPF record looks like the following:

example.com TXT "v=spf1 a ~all"         

Note: you should list all the mail servers from which you send mail, you can exclude the others. Your SPF record will have a domain or subdomain, type (which is TXT, or SPF if your name server supports it), and text (which starts with “v=spf1” and contains the SPF record settings).

With the SPF record, the receiving server will check the IP addresses of both the sending server and the IP address of example.com. If the IPs match, the check passes. If not, the check will soft fail (i.e., the message will be marked but will not automatically be rejected for failing the SPF check).

Note: Don't make your SPF records too strict. accidentally excluding a legitimate mail server, its messages could get marked as spam. To learn how SPF records work and how to construct one that works for your setup - dmarcanalyzer.com

SRV

An SRV record or service record matches up a specific service that runs on your domain or subdomain to a target domain. This allows you to direct traffic for specific services, like instant messaging, to another server. A typical SRV record looks like the following:

_service._protocol.example.com SRV 10 0 5060 service.example.com         

Here’s a breakdown of the elements in an SRV record:

  • Service: The name of the service must be preceded by an underscore (_) and followed by a period (.). The service could be something like _xmpp.
  • Protocol: The name of the protocol must be proceeded by an underscore (_) and followed by a period (.). The protocol could be something like _tcp.
  • Domain: The name of the domain that will receive the original traffic for this service.
  • Priority: The first number (10 in the example above) allows you to set the priority for the target server. You can set different targets with different priorities, which allows you to have a fallback server (or servers) for that service. Lower numbers have a higher priority.
  • Weight: If two records have the same priority, weight is used instead.
  • Port: The TCP or UDP port on which the service runs.
  • Target: The target domain or subdomain. This domain must have an A or AAAA record that resolves to an IP address.

An example use of SRV records would be to set up Federated VoIP.

TXT

TXT record or text record provides information about the domain in question to other resources on the internet. It’s a flexible type of DNS record that can serve many different purposes depending on the specific contents. One common use of the TXT record is to create an SPF record on nameservers that don’t natively support SPF. Another use is to create a DKIM record for mail signing.

Note: In common DNS Configurations using TXT records, quotation marks " are applied.

#technotes

Dinesh Kumar

PMP, Head-IT Infrastructure at HDFC Credila Financial Services Limited

1y

Very crisp and to the point. Thanks for sharing this OP !

Like
Reply

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics