What is a DNS Records
When a computer attempts to access any resource on the Internet, it uses a an IP address. When browsing the web, we usually type in a domain name like http://www.google.com into our browser. This is better than trying to remember an IP address linked to a Google server. The DNS system maintains a mapping of names to IP addresses, so that a request for http://www.google.com in a user’s web browser can be automatically changed into a request for a numerical IP, and vice versa.
How DNS Works
Here’s an example of how the DNS lookup process work when a user request google.com
- A user types a domain google.com into the address bar.
- Users computer will then look for the IP address associated with the domain name in its local DNS cache.
- If the information is not in your computer’s local cache, then it will query another server. Recursive DNS servers have their local cache, much like your computer
- If a recursive DNS server or servers do not have information stored in its cache memory, it looks elsewhere. The query then continues up the chain of authoritative DNS servers.
- The Recursive DNS server has the information and returns the A record to your computer. Our computer then stores the record in its local cache.
DNS Record Types
- A: This matches up a domain or subdomain to an IP address. This is the core functionality of DNS.
- AAAA: This is just like an A record, but for IPv6 IP addresses. A typical AAAA record looks like the following.
- AXFR: This is used for DNS replication. There are more modern ways to do DNS replication. AXFR records are not utilized for ordinary zone files.
- CNAME: This is when the Canonical name record matches up a domain (or subdomain) to a different domain. With a CNAME record, DNS lookups use the target domain’s DNS resolution as the aliases resolution.
- DKIM: This displays the public key for authenticating messages that have been signed with the DKIM protocol. This practice increases the quality of mail authenticity verification. DKIM records are implemented as text records.
- MX: This stands for Mail Exchange. MX resolve to text, not IP records. These records forward emails sent to a domain name to the correct server, where they are then sent to the specified email address. Email providers share relevant MX records with their users.
- NS: This is the nameserver records that determine the nameservers for a domain or a subdomain. The main nameserver records for a domain are set at both the registrar and in the zone file.
- SOA: This stands for Start of Authority. This record defines a zone file with the name of the host file where it was originally created. After this, it names the contact email address assigned to the person responsible for the domain.
- SPF: This stands for “sender policy framework”, and it lists the designated mail servers for a domain or subdomain. It helps determine the legitimacy of the mail server and lowers any chances of spoofing. An SPF record for a domain tells additional receiving mail servers which outgoing server is a valid source of email, so it can reject spoofed email from the unauthorized servers.
- SRV: This stands for “service record”. This DNS type matches a specific service that runs on a domain or subdomain with a target domain. This allows traffic to be directed from specific services, such as instant messaging, to a separate server.
- TXT: This stands for Text. These DNS records do not change anything on the domain, but they can be searched for to match the domain. These records are frequently used by services like Google, which will ask the user to add or change a character string to a TXT record, which can be searched to verify that the domain’s owners have access to the domain’s DNS records.
Recursive DNS server
When you type a website address into your browser address bar, it might seem like magic happens. In reality, the DNS system makes effortless internet browsing possible. First, your browser connects to a recursive DNS server.
Authoritative DNS Server
The second type of DNS server holds a copy of the regional phone book that matches IP addresses with domain names. These are called authoritative DNS servers. Authoritative DNS nameservers are responsible for providing answers to recursive DNS nameservers about where specific websites can be found. These answers contain important information for each domain, like IP addresses.