DNS and DNS Records
The Domain Name System (DNS) is the Internet’s address book. DNS directs web traffic to your Server and email to your inbox by mapping memorable domain names like example.com to IP addresses like 192.0.2.8 or 0123:4567:89ab:cdef:0123:4567:89ab:cdef. This guide introduces basic DNS concepts and the different types of DNS records.
Basics of DNS
Domain Names
Domain names areread from right to left. The broad domain classifier is on the right i.e. the .com, .net, .org or .in also known as TLDs, moving towards left they become more and more specific to the purpose as an examples below, the top-level domain, or TLD, is .com
example.com pop.mail.example.com
To the left of the TLD every term is separated by a period and considered a more specific subdomain, first-level subdomains + the TLDs (example.com) will be referred to as domain name. Moving to the left, mail and pop are the second- and third-level subdomains, respectively. Subdomains are usually used to uniquely identify specific servers or services within the domain.
Name Servers
Nameserver is a server in the DNS that translates domain names into IP addresses. Nameservers store and organize DNS records, each of which pairs a domain with one or more IP addresses. These servers act as the bridge between domain names, which we humans can remember, with IP addresses, which computers can process
name servers is essential of domain ownership. If you don’t, connecting client devices won’t know where to find your DNS information so your domain won’t resolve. Name servers host a domain’s DNS information in a text file called a zone file. They’re are also known as Start of Authority (SOA) records. You can host your DNS information on name servers in one of several locations:
Using cloudflare’s name servers is the easiest approach, because cloudflare provides a default zone file with all the right IP addresses for your website and email along with its vast CDN Netw. Cloudflare’s name servers will work well for both basic and advanced setups. However, you can also look into the options offered by your registrar and third-party DNS hosts, or host your own DNS if you want control over as much of the DNS process as possible. You’ll need to specify name servers on your domain registrar’s website and will take around 24 to 48 hours of time, depending upon the region you are in.
DNS Records and Zone Files
The next aspect of DNS management is specifying DNS records, which match domain names to IP addresses. The DNS records are then automatically bundled up into a zone file, which is what allows connecting devices to look up the correct IP address for your domain. It contains records similar to the following:
Note: You can also use trailing dots in domain names (for example, example.com.), which will make the name fully-qualified.
; example.com [448369]
@ MX 10 mail.example.com.
@ A 12.34.56.78
mail A 12.34.56.78
www A 12.34.56.78
Every domain’s zone file contains the domain administrator’s email address, the name servers, and the DNS records. Of course, you are not limited to these default entries. Many subdomains can be created for a domainname.
DNS Resolution
The domain name needs to get translated into your Servers’s IP address. DNS matches human-friendly domain names like example.com to computer-friendly IP addresses like 192.0.2.8. This happens in a special text file called a zone file, which lists domains and their corresponding IP addresses. A zone file is like a phone book that matches names with street addresses.
Here’s how the DNS lookup process works:
In the above case the ISP has no current information about the requested domain. ISPs usually cache a lot of DNS information after they’ve looked it up the first time. This results in faster lookups and less strain on DNS servers.
Most of the time caching is a good thing, but if you’ve recently made a change to your DNS information, like when you move to AWS from local or a different hosting provider in such a case, caching can cause dela you want to pay attention to your zone file’s time to live (TTL) so that your DNS change happens as quickly as possible.
DNS Records
A and AAAA
An A record points your domain or subdomain to your server’s IP address, which allows web traffic to reach your server. This is the core function of DNS. A typical A record looks like either of the following:
example.com A 12.34.56.78 hello.example.com A 12.34.56.78
You can point different subdomains to different IP addresses. If you want to point every subdomain of example.com to your server’s IP, you can use an asterisk (*) as your subdomain:
*.example.com A 12.34.56.78
An AAAA record is just like an A record, but for IPv6 IP addresses. A typical AAAA record looks like the following:
example.com AAAA 0123:4567:89ab:cdef:0123:4567:89ab:cdef
AXFR
An AXFR record is a type of DNS record used for DNS replication, although there are more modern ways to do DNS replication. AXFR records are not used in ordinary zone files. Rather, they are used on a slave DNS server to replicate the zone file from a master DNS server.
CAA
DNS Certification Authority Authorization uses DNS to allow the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.
CNAME
A CNAME record or Canonical Name record matches a domain or subdomain to a different domain. With a CNAME record, DNS lookups use the target domain’s DNS resolution as the alias’s resolution. Here’s an example:
alias.com CNAME example.com. example.com A 12.34.56.78
With this setup, when alias.com is requested, the initial DNS lookup will find the CNAME entry with the target of example.com. A new DNS lookup will be started for example.com, which will find the IP address 12.34.56.78. Finally, visitors to alias.com will be directed to 12.34.56.78.
CNAME records exist so that domains can have aliases. Some mail servers handle mail oddly for domains with CNAME records, so you should not use a CNAME record for a domain that gets email. Likewise, MX records cannot reference CNAME-defined hostnames. The target domain for a CNAME record should also have a normal A-record resolution. Chaining or looping CNAME records is not recommended.
DKIM
A DKIM record or DomainKeys Identified Mail record displays the public key for authenticating messages that have been signed with the DKIM protocol. This practice increases the capability to check mail authenticity. A typical DKIM record looks like the following:
selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK
DKIM records are implemented as text records. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then _domainkey.example.com. The type is TXT, and the value includes the type of key, followed by the actual key.
Recommended by LinkedIn
MX
An MX record or mail exchanger record sets the mail delivery destination for a domain or subdomain. A typical MX record looks like the following:
example.com MX 10 mail.example.com. mail.example.com A 12.34.56.78
The above records direct mail for example.com to the mail.example.com server. The target domain (mail.example.com above) needs to have its own A record that resolves to your Server. An MX record should ideally point to a domain that is also the hostname for its server.
Your MX records can point to any server you choose to use as your mail server. If you’re using a third-party mail service like Google Workspace or mailgun or any other mail service provider, you should use the MX records they provide.
Priority is another component of MX records. This is the number written between the record type and the target server (10 in the example above). Priority allows you to designate a fallback server (or servers) for mail for a particular domain. Lower numbers have a higher priority. Here’s an example of a domain that has two fallback mail servers:
example.com MX 10 mail_1.example.com example.com MX 20 mail_2.example.com example.com MX 30 mail_3.example.com
In this example, if mail_1.example.com is down, mail will be delivered to mail_2.example.com. If mail_2.example.com is also down, mail will be delivered to mail_3.example.com.
NS
NS records or name server records set the nameservers for a domain or subdomain. The primary nameserver records for your domain are set both at your registrar and in your zone file. Typical nameserver records look like this:
example.com NS ns1.namecheap.com.
example.com NS ns2.namecheap.com.
example.com NS ns3.namecheap.com.
example.com NS ns4.namecheap.com.
example.com NS ns5.namecheap.com.
The nameservers you designate at your registrar that carries the zone file for your domain.
You can also set up different nameservers for any of your subdomains. Subdomain NS records get configured in your primary domain’s zone file the entries in the zone file will look something like this
mail.example.com NS ns1.cloudflare.com
mail.example.com NS ns2.cloudflare.com
Primary nameservers get configured at your registrar and secondary subdomain nameservers get configured in the primary domain’s zone file. The order of NS records does not matter. DNS requests are sent randomly to the different servers, and if one host fails to respond, another one will be queried.
PTR
A PTR record or pointer record matches up an IP address to a domain or subdomain, allowing reverse DNS queries to function. It performs the opposite service an A record does, in that it allows you to look up the domain associated with a particular IP address, instead of vice versa.
PTR records are usually set with your hosting provider. They are not part of your domain’s zone file.
As a prerequisite for adding a PTR record, you need to create a valid, live A or AAAA record that points the desired domain to that IP. If you want an IPv4 PTR record, point the domain or subdomain to your server’s IPv4 address. If you want an IPv6 PTR record, point the domain to your server’s IPv6 address. Beyond that, IPv4 and IPv6 PTR records work the same way.
Note: you can have multiple IP address for the same domain for reverse DNS. you will have to configure multiple A or AAAA records for that domain that point to the various IPs.
SOA
An SOA record or Start of Authority record labels a zone file with the name of the host where it was originally created. Next, it lists the contact email address for the person responsible for the domain. There are also various numbers, which we’ll get into in detail in a moment. First, here’s a typical SOA record:
@ IN SOA ns1.namecheap.com. admin.example.com. 2013062147 14400 14400 1209600 86400
Note: The administrative email address is written with a period (.) instead of an @ symbol.
Here’s what the numbers mean:
The single nameserver mentioned in the SOA record is considered the primary master for the purposes of Dynamic DNS and is the server where zone file changes get made before they are propagated to all other nameservers.
SPF
An SPF record or Sender Policy Framework record lists the designated mail servers for a domain or subdomain. It helps establish the legitimacy of your mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though it did not. Spammers sometimes try to do this to get around filters.
An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email so they can reject spoofed mail from your domain that has originated from unauthorized servers. A very basic SPF record looks like the following:
example.com TXT "v=spf1 a ~all"
Note: you should list all the mail servers from which you send mail, you can exclude the others. Your SPF record will have a domain or subdomain, type (which is TXT, or SPF if your name server supports it), and text (which starts with “v=spf1” and contains the SPF record settings).
With the SPF record, the receiving server will check the IP addresses of both the sending server and the IP address of example.com. If the IPs match, the check passes. If not, the check will soft fail (i.e., the message will be marked but will not automatically be rejected for failing the SPF check).
Note: Don't make your SPF records too strict. accidentally excluding a legitimate mail server, its messages could get marked as spam. To learn how SPF records work and how to construct one that works for your setup - dmarcanalyzer.com
SRV
An SRV record or service record matches up a specific service that runs on your domain or subdomain to a target domain. This allows you to direct traffic for specific services, like instant messaging, to another server. A typical SRV record looks like the following:
_service._protocol.example.com SRV 10 0 5060 service.example.com
Here’s a breakdown of the elements in an SRV record:
An example use of SRV records would be to set up Federated VoIP.
TXT
A TXT record or text record provides information about the domain in question to other resources on the internet. It’s a flexible type of DNS record that can serve many different purposes depending on the specific contents. One common use of the TXT record is to create an SPF record on nameservers that don’t natively support SPF. Another use is to create a DKIM record for mail signing.
Note: In common DNS Configurations using TXT records, quotation marks " are applied.
PMP, Head-IT Infrastructure at HDFC Credila Financial Services Limited
1yVery crisp and to the point. Thanks for sharing this OP !