02 February 2023
What is DNS:
DNS is the system that translates domain names into IP addresses. This allows you to use a human-readable domain name (such as www.example.com) instead of a machine-readable IP address (such as 192.0.2.1).
How DNS Works:
When an end-user sends a request to the webserver using the domain name, it will first send to the DNS server where the record of the webserver is entered and mapped with the IP address of the Machine.
Take the below diagram.
- The end user types in www.example.com into a browser
- The DNS server responds with the IP address 18.104.22.168
- After that, User’s browser will use the IP address (22.214.171.124) provided by the DNS server to request to access the website to the Web server
- Then, the web server will respond to the content which is requested by End-user.
The DNS Resolution Process
When you enter a website’s name into your web browser, your computer needs to find out where the website is located on the internet. It does this by using something called the Domain Name System (DNS). The DNS is like a phone book for the internet – it translates domain names (like www.example.com) into IP addresses (like 192.0.2.1) that computers can understand.
Here’s how the DNS resolution process works:
- Local cache: When you visit a website for the first time, your computer sends a request to your ISP’s DNS server, which then queries other DNS servers to find the IP address of the website. Once your computer receives the IP address, it stores it in its local cache so that it can access the website more quickly in the future.
- Recursive DNS servers: If the ISP’s DNS server does not have the IP address of the website in its cache, it will contact a recursive DNS server to perform the lookup. A recursive DNS server is responsible for finding the IP address of the website by querying other DNS servers in a step-by-step process, starting from the root DNS servers.
- Root DNS servers: The root DNS servers are the first stop in the recursive DNS server’s search for the IP address of the website. There are only 13 root DNS servers in the world, and they are managed by various organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN). These servers store information about the top-level domains (such as .com, .org, .net, etc.) and the authoritative DNS servers responsible for each domain.
- Top-level DNS servers: Once the root DNS servers have identified the authoritative DNS server for the website’s top-level domain (such as .com), the recursive DNS server will contact the top-level DNS server for that domain. The top-level DNS server will then provide the recursive DNS server with the IP address of the authoritative DNS server responsible for the specific domain (such as example.com).
- Authoritative DNS servers: The recursive DNS server will finally contact the authoritative DNS server for the domain (such as example.com) and request the IP address of the website. The authoritative DNS server will provide the IP address, which is then sent back to your computer, allowing you to access the website.
So, in summary, the DNS resolution process involves your computer, your ISP’s DNS server, recursive DNS servers, root DNS servers, top-level DNS servers, and authoritative DNS servers. These servers work together to translate domain names into IP addresses so that your computer can access the websites you want to visit.
Types of DNS Records
|DNS Record Type||Function||Example||Scenarios for Use|
|A||Maps a domain name to an IPv4 address||example.com A 192.0.2.1||Used to map a hostname to an IP address, mainly for connecting to web servers.|
|AAAA||Maps a domain name to an IPv6 address||example.com AAAA 2001:db8::1||Used to map a hostname to an IP address, mainly for connecting to web servers over IPv6 network.|
|MX||Specifies the mail server for a domain||example.com MX mail.example.com||Used for email routing. The MX record specifies the server responsible for accepting email messages for the domain.|
|CNAME||Maps an alias name to a true or canonical domain name||alias.example.com CNAME example.com||Used to create an alias for a hostname, allowing multiple hostnames to resolve to a single IP address.|
|NS||Specifies the name servers for a domain||example.com NS ns1.example.com ns2.example.com||Specifies the servers responsible for resolving the domain name to an IP address.|
|TXT||Stores text-based information for a domain||example.com TXT “v=spf1 a mx ip4:192.0.2.0/24 ~all”||Used to store various types of text-based information, including SPF (Sender Policy Framework) records and human-readable data.|
|SRV||Specifies the location of a specific service for a domain||_service._protocol.example.com SRV priority weight port target||Used to specify the location of a service (such as a SIP or XMPP server) for a domain, allowing clients to discover the location of services dynamically.|
The A Record: The website (A)ddress record
The A record maps a hostname to a IPv4 address. It is the most basic and essential record in DNS.
Example: example.com. IN A 192.0.2.1
When you want to operate a website, you buy a hosting package. The host will ask you for the domain name for the website. They will then issue you an IP address, which is the address of where all of your website files, images and web stuff exist. The A record connects the domain name “example.com” with the IP address: 192.0.2.1, so when someone types in example.com they get connected to right IP address.
There are several elements to an A Record:
- Host/Name: The can be blank or have the @ symbol as is it refers to the domain name itself or it can be a sub domain, such as www
- TTL: Time-To-Live is a value in a DNS record that specifies the length of time, in seconds, that a resolver server should cache the record before it expires and must be refreshed from the authoritative DNS server. **See below for more information.
- Record Type: To specify the DNS record
- Record data (Value): In the case of an A record the IP address of a website.
Common A Record use cases include:
- Hosting a website: A record is used to map a domain name to the IP address of the server hosting the website. For example, you can create an A record for the domain name example.com that points to the IP address of your web server.
- Setting up a subdomain: A record is used to map a subdomain to a specific IP address. For example, you can create an A record for the subdomain blog.example.com that points to the IP address of your blog server. Note, www.example.com would be considered a subdomain.
- Running a mail server: An A record is used to map the hostname of a mail server to its IP address. For example, you can create an A record for the hostname mail.example.com that points to the IP address of your mail server. For example, mail.example.com point to 192.0.2.13
note: There is also an AAAA record that maps a domain name to an IPv6 address. This is likely to be more common in the future as we get through all of our IP4 addresses.
A (TTL) value is commonly used values that represent the length of time a DNS record should be cached by resolver servers before it expires and must be refreshed. TTL values are specified in seconds, and the standard values typically used in the DNS system range from a few seconds to several days.The TTL value is like a timer that tells the computer how long to keep the information in its memory before it needs to refresh it.
Here are some common standard TTL values and their equivalent time in minutes and hours:
- 300 seconds (5 minutes)
- 3600 seconds (1 hour)
- 7200 seconds (2 hours)
- 86400 seconds (24 hours or 1 day)
- 604800 seconds (7 days or 1 week)
- 2592000 seconds (30 days or 1 month)
TTL is very important when transferring DNS records. You want to ensure that the losing DNS provider set the TTL low so if anything goes wrong, you can quickly roll back.
MX (Mail Exchange) Record
The MX record specifies the mail server responsible for accepting email messages on behalf of a domain.
Example: example.com. IN MX 10 mail.example.com.
We need MX records because they provide a way to route email messages to the correct mail server, even if the recipient’s email address is not hosted on the same mail server as the sender’s email address. This enables email communication between different domains and ensures that email messages are delivered to the correct recipient.
An analogy for an MX record could be a post office. The MX record is like the post office directory that tells you where to send mail for a specific address. The domain name is like the street address, and the mail server is like the mailbox where the mail is delivered. The priority value is like the order in which post offices should be tried if more than one is available for a specific address.
Brandsec uses outlook for our mail servers, and you can see the configuration below:
There are several elements to an MX Record:
- Host/Name: The can be blank or have the @ symbol as is it refers to the domain name itself.
- TTL: Time-To-Live as explained above.
- Record Type: Need to specify the MX Record.
- Priority: Each MX record has a priority, or a number (in brandsec’s case it is “5”) to designate the order in which your domain name’s incoming mail servers receive your email messages. This is important if you have multiple mail servers.
- Record Data / Exchange (Value): In this case, it is the mail server Outlook.
An example of multiple MX records is below:
Why do you need an A ‘mail’ record and an MX record?
An A record maps a domain name to an IP address, while an MX record specifies the server that handles email for that domain. Some zone files have both because they need to specify the specific IP address for their email server. Others only have an MX record because they only need to specify the email server, and the IP address can be found using another lookup. In general, it’s best to have both if you need to specify a specific IP address for email, otherwise, just an MX record is fine.
CNAME (Canonical Name) Record: The redirect record
The CNAME record is what we call the DNS redirect record. It maps an alias name to the real or canonical name of a host.
Example: www.example.com. IN CNAME example.com.
We need CNAME records because they provide a way to associate multiple domain names with a single IP address, which can be useful in a variety of scenarios. For example, you might use a CNAME record to map a subdomain, such as “www.example.com,” to the root domain, “example.com.” This can help simplify the management of your DNS records and make it easier to move a site to a different IP address.
A CNAME record can also be used to link a custom domain name (such as yourbrand.com) to a website hosted by a third-party link, such as Amazon S3. When someone types in the custom domain name, the CNAME record redirects the request to Amazon. This allows the website owner to have their own custom domain name while still using a third-party platform to host their website.
Imagine your customers having to type in: rubicon-bucket.s3-website-us-west-2.amazonaws.com. A Cname allows you to use your domain “yourbrand.com” and just redirects people to the site above.
Key Elements of a Cname record, include:
- Host/Name: This is the address of the domain name that you want to redirect.
- TTL: Time-To-Live as explained above.
- Record Type: Need to specify the CNAME Record.
- Record Data (Value): This is the address where you want the host/name pointed to.
NS (Name Server) Record: The DNS Cupboard
The NS record specifies the authoritative name servers for a domain.
Example: example.com. IN NS ns1.example.com.
Think of an NS record like the cupboard that contains all of the other DNS records. If for example, a client was using Brandshelter DNS, the NS records would be: ns1.brandshelter.com etc, if they were using UltraDNS DNS, the NS records would be .ns1.ultaDNS.com, ns2.ultraDNS.com etc. Often their are multiple nameservers and therefore NS records.
Technically, An NS record (or nameserver record) is a DNS record that contains the name of the authoritative name server within a domain or DNS zone. When a client queries for an IP address, it can find the IP address of their intended destination from an NS record via a DNS lookup.
NS records also usually contain the ‘start of authority’ (SOA) record, which stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.
TXT (Text) Record: The Verify Record
The TXT record can be used to store any textual information, such as SPF or DKIM records.
Example: example.com. IN TXT “v=spf1 a mx ip4:192.0.2.0/24 -all”
A TXT (Text) record is a type of DNS (Domain Name System) record that allows domain owners to associate arbitrary text with a domain or hostname. This text can be used for a variety of purposes, such as:
- Verification: TXT records can be used to verify ownership of a domain. This is commonly used by email providers, such as Google, to verify the authenticity of a domain when setting up email services.
- SPF (Sender Policy Framework): TXT records can be used to specify which mail servers are authorized to send email on behalf of a domain. This helps to reduce the risk of email spoofing and improves email security.
- DKIM (DomainKeys Identified Mail): TXT records can be used to associate a cryptographic signature with an email, allowing the recipient to verify that the email was sent by an authorized sender..
- TXT records are a flexible and useful tool for domain owners and administrators, allowing them to associate various types of information and metadata with a domain or hostname.
PTR Record (the Who are you record?)
126.96.36.199.in-addr.arpa. IN PTR mail.example.com.
Most DNS records allows a users to lookup IP addresses and verify information of a domain name, but the PTR record reverses that looks up the end user.
A PTR record is a type of DNS record that helps map an IP address to a hostname. It is the opposite of a regular DNS record, which maps a hostname to an IP address.
Think of a PTR record as a phone book for the internet. When you visit a website, the IP address is looked up using a DNS A record, just like you would look up a phone number using someone’s name. But if you want to find out the name of the website using just the IP address, a PTR record can be used, just like looking up someone’s name using their phone number.
PTR records are useful for a variety of purposes, such as security, email authentication, and troubleshooting. They help identify the source of incoming connections and can also be used to help diagnose issues with network connectivity.
Here are some common use cases for PTR records:
- Email authentication: PTR records can be used by email servers to verify the authenticity of incoming email messages. If the email server receives a message from an IP address with a matching PTR record, it can be more confident that the message is legitimate.
- Network security: PTR records can be used to detect and prevent malicious activity on a network. For example, if an IP address with a suspicious PTR record attempts to connect to a network, it can be blocked by security systems.
- Troubleshooting: PTR records can help diagnose network connectivity issues by providing information about the source of incoming connections.
- Reputation management: PTR records can be used to manage the reputation of an IP address, as well as to track the use of IP addresses for marketing purposes.
- Compliance: PTR records can be used to demonstrate compliance with regulations and industry standards that require proper documentation of network infrastructure.
SRV records are commonly used for global enterprise networks to provide load balancing and failover support for critical services, such as email, voice and video conferencing, and instant messaging. By specifying the target host for a specific service in an SRV record, client software can dynamically discover the location of the service, allowing for efficient use of network resources and improved reliability and availability of services.
An SRV record has the following format:
_service._protocol.domain.tld. IN SRV priority weight port target
- _service is the symbolic name of the service being provided.
- _protocol is the transport protocol used by the service (e.g., TCP or UDP).
- domain.tld is the domain name being queried.
- priority is a value that determines the priority of the target host when there are multiple SRV records for the same service. A lower priority value indicates a higher priority.
- weight is a value used to distribute load between multiple target hosts with the same priority.
- port is the port number on the target host that provides the service.
- target is the fully qualified domain name (FQDN) of the host providing the service.
SRV records are less common in Australia, but worth noting. Here’s an example of what an SRV record for a SIP server might look like:
_sip._tcp.example.com. 3600 IN SRV 0 10 5060 sip.example.com.
In this example, the SRV record specifies that there is a SIP service available on the host “sip.example.com”, using the TCP protocol on port 5060, with a priority of 0 and a weight of 10. Clients looking for a SIP service can use this SRV record to locate the appropriate server.
Example zone file for example.com
This is what a standard DNS record looks like in a bind file. There are 16 records below, including two NS records, eight A records, one Cname record, two TXT records and two PTR records.
Comment: Note the IN just means internet
@ IN SOA ns1.example.com. hostmaster.example.com. (
2021050300 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum)
Comment: An SOA (Start of Authority) record is a type of DNS record that is used to define the authoritative information for a DNS zone. It is usually the first NS record.
; NS records
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
; A records
ns1 IN A 192.168.1.1
ns2 IN A 192.168.1.2
www IN A 192.168.1.3
mail IN A 192.168.1.4
ftp IN A 192.168.1.5
; CNAME records
blog IN CNAME www.example.com.
; MX records
@ IN MX 10 mail.example.com.
; TXT records
@ IN TXT “v=spf1 a mx -all”
_dmarc IN TXT “v=DMARC1; p=reject; sp=quarantine; rua=mailto:firstname.lastname@example.org”
; A records for subdomains
sub1 IN A 192.168.1.6
sub2 IN A 192.168.1.7
sub3 IN A 192.168.1.8
; PTR records
1 IN PTR ns1.example.com.
2 IN PTR ns2.example.com.
DNS (Domain Name System) is a system that translates domain names into IP addresses, allowing users to use human-readable domain names rather than machine-readable IP addresses. The process works when a user sends a request to the web server using a domain name, which is then sent to the DNS server where the record of the webserver is mapped to the machine’s IP address. There are several types of DNS records, including A (maps a domain name to an IPv4 address), AAAA (maps a domain name to an IPv6 address), MX (specifies the mail server for a domain), CNAME (maps an alias name to a true domain name), NS (specifies the name servers for a domain), TXT (stores text-based information for a domain), and SRV (specifies the location of a specific service for a domain). The A record maps a hostname to an IPv4 address and is commonly used for hosting a website, setting up a subdomain, and running a mail server. The TTL (Time-To-Live) value specifies the length of time a record should be cached before it needs to be refreshed from the authoritative DNS server.
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.