DNS (Domain Name System)
- a protocol, part of the Internet Protocol (IP) Suite
- hierarchical and distributed naming system for computers, services, and other resources in the Internet
- naming database in which internet domain names are located and translated into Internet Protocol (IP) addresses
- translates domain names to IP addresses so browsers can load Internet resources
- helps Internet users and network devices discover websites using human-readable host names, instead of numeric IP addresses; For humans, domain names are a lot easier to remember than a sequence of numbers.
- DNS configuration settings of some website are what allows visitors to still access that website even after it gets moved to a new hosting provider (its IP address will change but domain name will not)
For a hosted web site we need to specify (usually 2) DNS servers. These could be provided by hosting provider but we can specify custom ones e.g. Cloudflare DNS servers. These DNS servers will be nodes in DNS distributed database system which will be providing DNS records about our domains for whoever queries about them. Let's see which DNS records we can set.
Common DNS Records
- A (A record, Address record, IPv4 address record)
- maps from an IPv4 address to a domain name
- used to point the domain name at one or multiple IP addresses
- also referred to as a host or hostname
- AAAA (IPv6 address record) maps domain name to IPv6 address
- CNAME (Canonical Name record)
- used to create an alias from one hostname to another
- maps one domain name (an alias) to another (the canonical name)
- Example: example.com has an A record which points to the IP address. If we say "www.example.com is a CNAME to example.com" and "ftp.example.com is a CNAME to example.com" that means that someone accessing www.example.com or ftp.example.com will be pointed to the same IP address that example.com points to. This is useful so that when your IP address changes, you only have to update example.com’s entry (DNS A record for example.com), and www.example.com and ftp.example.com automatically point to the right place.
- If you already have an A record, you will not use a CNAME
- CNAME record tells anyone visiting a subdomain to also use the same DNS records as another domain or subdomain.
- This sort of thing is convenient when running multiple services from a single IP address (e.g. FTP server and web server share the same IP address but different port)
- CNAME records only work for subdomains and must always point to another domain or subdomain and never directly to an IP address.
- When a DNS resolver encounters a CNAME record while looking for a regular resource record, it will restart the query using the canonical name instead of the original name.
- MX (Mail eXchanger)
- allows you to control the delivery of mail for a given domain or subdomain. In our context, MX records can be set on a host-by-host basis to point to other hosts on the Internet (usually with permanent connections) that are set up to accept and/or route mail for your hostname(s). Setting a backup MX makes the entry you specify a secondary mail exchanger. This means that delivery will be attempted to your host first, and then to the backup host you specify if that fails.
- TXT (TXT records)
- used to store information. Common uses include SPF, DKIM, etc.
DNS records for bojankomazec.com, my domain registered with GoDaddy:
=========================================================
Type Name Data TTL Delete Edit
=========================================================
A @ 216.58.213.115 600 seconds
NS @ ns31.domaincontrol.com. 1 Hour Can't delete Can't edit
NS @ ns32.domaincontrol.com. 1 Hour Can't delete Can't edit
CNAME email email.secureserver.net. 1 Hour
CNAME ftp bojankomazec.com. 1 Hour
CNAME ihXXXXXXXX6i gv-7sXXXXXXXXv3xr.dv.googlehosted.com. 1 Hour
CNAME www ghs.google.com. 1 Hour
CNAME _domainconnect _domainconnect.gd.domaincontrol.com. 1 Hour
SOA @ Primary nameserver: ns31.domaincontrol.com. 600 secs
MX @ smtp.secureserver.net. (Priority: 0) 1 Hour
MX @ mailstore1.secureserver.net. (Priority: 10) 1 Hour
=========================================================
CNAME records in blue are those that I had manually to set so that my bojan-komazec.blogspot.com gets redirected to bojankomazec.com. See Set up a custom domain - Blogger Help. Also, look at https://www.nslookup.io/domains/bojankomazec.com/webservers/.
Linux offers a DNS lookup tool which can be used to find out the nameservers and e.g. IP address of the domain:
$ host -t ns bojankomazec.com
bojankomazec.com name server ns31.domaincontrol.com.
bojankomazec.com name server ns32.domaincontrol.com.
$ host bojankomazec.com
bojankomazec.com has address 216.58.213.115
bojankomazec.com mail is handled by 10 mailstore1.secureserver.net.
bojankomazec.com mail is handled by 0 smtp.secureserver.net.
It can take up to 72 hours for setting new DNS records to take effect - while change is replicated across all DNS servers on the internet. (see DNS Propagation)
The network of DNS servers is hierarchical. Types of DNS servers are:
- Recursive resolvers (DNS recursors)
- clients first send to them DNS queries
- they are assigned by ISP but can be set manually:
- Cloudflare 1.1.1.1
- Google (8.8.8.8 and 8.8.4.4)
- they respond either with cached data or send the request to root, TDL and finally to Authoritative nameserver from which they receive IP address
- every recursive resolver knows about 13 (types of) DNS root nameservers
- Root nameservers
- when receive query about some domain name e.g. example.com they return the address of the TLD nameserver which contains information about the domain extension e.g. .com
- there are over 600 root nameservers which sync among themselves (anycast routing) and all contain the same data
- TLD (Top-Level Domain) nameservers
- they are domain extension-specific - each of them contains the list of authoritative servers for only a single domain e.g. .com or .ai.
- they return the address of authoritative servers
- Larger TLDs and registrars (like GoDaddy, Namcheap etc...) use an API call to notify the TLD operator of any new registrations and changes
- Authoritative nameserver
- resolver’s last step in the journey for an IP address
- they are domain-specific - each of them contains the list of IP addresses for a particular doman e.g. ftp.example.com or www.example.com
- they return the IP address for a given hostname or, if domain has a CNAME (alias domain name), resolver needs to repeat the whole process in order to get the IP address for that alias host name.
- when you register your web site, name servers you set for it are authoritative nameservers
To manage DNS records of domain e.g. example.com means setting DNS records for its root and subdomains. For each record we set:
- Type: A, CNAME, MX, ...
- Name: e.g. ftp (for ftp.example.com)
- Content: this is the value which depends on the type e.g. IPv4 address if A record, alias if CNAME etc....
- Proxy status: DNS only (proxy disabled) or Proxied (proxy enabled)
- TTL (Time to Live) - in minutes
Resources:
How are DNS name-servers for a TLD updated when a new domain is registered? - Server Fault
DNS Lookup: How a Domain Name is Translated to an IP Address
DNS Lookup: How a Domain Name is Translated to an IP Address
No comments:
Post a Comment