«

»

Aug 14

DNS explained

Categories:

Other

by admin

dns

DNS (Domain Name System) allow us to use names instead of IP addresses which is more human friendly way of naming network resources like web sites.

How does DNS resolve?

Let’s imagine you want to open a web site called www.website.com so make a DNS request on the browser by typing www.website.com into address bar.

The browser checks the local DNS name server setup on the machine to find an entry for www.website.com. The local DNS server is usually the ISP cache NameServer.
(The browser will first check the host file located on the local system)

If the users local name server does not have an entry for www.rwebsite.com it requests the next name server in the chain until it goes all the way back to the root name server.
The root name servers are currently 13 name servers (a through m). These will store the records pointing to the GTLD(Generic Top Level Domain) Name servers.

Authoritative Name Servers

Authoritative Name Servers are the ultimate authority for a domain.  All other DNS servers on the Internet should go to it for information about the domain.  Authoritative name servers usually only have one job, to be authoritative.  When you register a domain name, you set the DNS for your domain to point to authoritative name server.  Not only does it hand out resource records for a domain, but also tells caching servers how long to cache a particular response.

Caching Name Servers

Caching Name Servers also called “DNS Caches” query authoritative name servers (or other caching DNS servers) and return the results based on the answer of an authoritative name server.  Caching servers are what all end-users point their DNS to when they configure their machines. This is because authoritative name servers will not give you the address of Google or Yahoo; they only know about the domains for which they are authoritative.

DNS query flow

dns_example

Anatomy of a DNS zone

A record – This is a name to IP address mapping (Address Record).

AAAA record – This is a name to IP address mapping (Address Record) for IPv6.

CNAME record– This record maps an alias to the records canonical name, in this example the CNAME is mapping www to the canonical name of foo.net.

MX record – (Mail exchanger) This record specifies a host that will either process or forward mail for a domain.

NS records – This record delegates authority for the domain, these can also be used to delegate authority for sub domains within the zone.

PTR record – Pointer records are used to map a network interface (IP) to a host name. These are primarily used for reverse DNS.

TXT record – A text record that can contain any type of information. SPF records are created as a TXT record.

SPF record – is used to help prevent email spoofing. It allows you to specify all of the IP addresses that you would send mail from in one simple TXT record, and to tell the receiving server to only allow the outbound servers you listed.


A Record (Address Record), assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address.
Suppose you have the somedomain.tld domain and want to assign 10.10.0.1 IP address to your web server, then you should create an A record with “www.somedomain.tld” as Fully Qualified Domain Name and “10.10.0.1” in the value field. From now on, all the requests for www.somedomain.tld will be sent to a server with that IP.

Useful tip: you might use a “*.somedomain.tld” A record to allow WHATEVER.somedomain.tld to be resolved to your IP, though a wildcard CNAME record is often better than a wildcard A record.

Example: 

example.com. IN A 69.9.64.11



An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.

The regular DNS Address resource record is defined for a 32-bit IPv4 address, so a new one was created to allow a domain name to be associated with a 128-bit IPv6 address. The four “A”s (“AAAA”) are a mnemonic to indicate that the IPv6 address is four times the size of the IPv4 address. The AAAA record is structured in very much the same way as the A record in both binary and master file formats; it is just much larger. The DNS resource record Type value for AAAA is 28.

Example: 

linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c


A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
You should use a CNAME record whenever you want associate a new subdomain to an already existing A record; i.e. you can make “www.somedomain.tld” to “somedomain.tld”, which should already have been assigned an IP with an A record. This allows you to have as many subdomains as you wish without having to specify the IP for every record. Use a CNAME if you have more services pointing to the same IP. This way you will have to update only one record in the convenience of a change of IP address.

Do not use CNAME defined hostnames in MX records. For example, this is not recommended.

Example: 

mail.example.com IN CNAME mail.example.net



An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 26.34.9.14. This means that email meant for test@mydomain.com will be routed to the email server at 26.34.9.14. This finishes the task of the MX record. The email server on that server then takes over, collects the email and then proceeds to distribute it to the user “test”.
It is important that there be a dot(“.”) after the domain name in the MX record. If the dot is absent, it routes to “mydomain.com.mydomain.com”.
If you want to use multiple mail servers you have to use MX record preferences.The MX record preference values indicate which mail server to use and in which order to try them when they fail or don’t respond. A larger preference number is less preferred.

Example: 

mydomain.com. 14400 IN MX 0 mydomain.com.


An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
NS Record Name Server Record which indicates the Authoritative Name Servers for a particular Domain. The NS records of the Authoritative Name Server for any given Domain will be listed on the Parent Server. These are called as the Delegation Records as these records on the Parent Server indicates the delegation of the domain to the Authoritative servers.
The NS record will also be listed in the Zone records of the Authoritative Name Server itself. These records are called as the Authoritative Records.
The NS records found on the Parent Server should match the NS records on the Authoritative Server as well. However, you can have NS records listed on the Authoritative server that is not listed in the Parent Server. This arrangement is normally used to configure Stealth Name Servers.

Example: 

example.com. IN NS ns1.live.secure.com.


A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example www.name.net has the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in-addr.arpa.
Here as you see the IP Address is reversed and added with in-addr.arpa and this has come to the left side while the actual domain name has gone to right side of IN PTR.
This is mostly used as a security and an anti-spam measure wherein most of the webservers or the email servers do a reverse DNS lookup to check if the host is actually coming from where it claims to come from. It is always advisable to have a proper reverse DNS record (PTR) is been setup for your servers especially when you are running a mail / smtp server.

Example:

16.3.0.122.in-addr.arpa. IN PTR name.net


A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.

SPF domains have to publish at least two directives: a version identifier and a default mechanism.

This is the simplest possible SPF record: it means your domain mydomain.com never sends mail.
It makes sense to do this when a domain is only used for web services and doesn’t do email.

Example of TXT Record :

mydomain.com. TXT "v=spf1 -all"

Follow me!

This post has no tag

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>