DNS and DNS-Records

What is DNS?

DNS (Domain Name System), is the service which translates between Internet names and Internet addresses.Internet names are the names which we use to refer to hosts on the Internet, such as http://www.wordpress.com.Internet addresses are the numbers which routers use to move traffic across the Internet, such as 74.200.243.251.

Important DNS Records:
A
AAAA
CNAME
MX
PTR
NS
SOA
SRV
TXT
NAPTR

The above given DNS records are mostly used in all DNS Configurations. Now we will see each one with examples.
A Record
An A record or address record.(Maps a hostname to a 32bit IPv4 Address)
Address Record, assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address.
Example:
example.com. IN A 69.9.64.11

AAAA Record
An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
Example:
linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c

CNAME Record
A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
Example:
mail.example.com IN CNAME mail.example.net

MX Record
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
Example:
mydomain.com. 14400 IN MX 0 mydomain.com.

PTR Record
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup
for that address. For example http://www.name.net has the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in-addr.arpa.
Example:
16.3.0.122.in-addr.arpa. IN PTR name.net

NS Record

An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.

Example:
example.com. IN NS ns1.live.secure.com.

SOA Record
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
Example:
Here is the SOA record. Notice the starting bracket “(“. This has to be on the same line, otherwise the record gets broken.

; name TTL class rr Nameserver email-address
mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
2004123001 ; Serial number
86000 ; Refresh rate in seconds
7200 ; Update Retry in seconds
3600000 ; Expiry in seconds
600 ; minimum in seconds )

name – mydomain.com is the main name in this zone.

TTL – 14400 – TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached. The range is defined to be between 0 to 2147483647 (close to 68 years !) .

Class – IN – The class shows the type of record. IN equates to Internet. Other options are all historic. So as long as your DNS is on the Internet or Intranet, you must use IN.

Nameserver – ns.nameserver.com. – The nameserver is the server which holds the zone files. It can be either an external server in which case, the entire domain name must be specified followed by a dot. In case it is defined in this zone file, then it can be written as “ns” .

Email address – root.ns.nameserver.com. – This is the email of the domain name administrator. Now, this is really confusing, because people expect an @ to be in an email address. However in this case, email is sent to root@ns.nameserver.com, but written as root.ns.nameserver.com . And yes, remember to put the dot behind the domain name.

Serial number – 2004123001 – This is a sort of a revision numbering system to show the changes made to the DNS Zone. This number has to increment , whenever any change is made to the Zone file. The standard convention is to use the date of update YYYYMMDDnn, where nn is a revision number in case more than one updates are done in a day. So if the first update done today would be 2005301200 and second update would be 2005301201.

Refresh – 86000 – This is time(in seconds) when the slave DNS server will refresh from the master. This value represents how often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone). It can be written as “23h88M” indicating 23 hours and 88 minutes. If you have a regular Internet server, you can keep it between 6 to 24 hours.

Retry – 7200 – Now assume that a slave tried to contact the master server and failed to contact it because it was down. The Retry value (time in seconds) will tell it when to get back. This value is not very important and can be a fraction of the refresh value.

Expiry – 3600000 – This is the time (in seconds) that a slave server will keep a cached zone file as valid, if it can’t contact the primary server. If this value were set to say 2 weeks ( in seconds), what it means is that a slave would still be able to give out domain information from its cached zone file for 2 weeks, without anyone knowing the difference. The recommended value is between 2 to 4 weeks.

Minimum – 600 – This is the default time(in seconds) that the slave servers should cache the Zone file. This is the most important time field in the SOA Record. If your DNS information keeps changing, keep it down to a day or less. Otherwise if your DNS record doesn’t change regularly, step it up between 1 to 5 days. The benefit of keeping this value high, is that your website speeds increase drastically as a result of reduced lookups. Caching servers around the globe would cache your records and this improves site performance

SRV Record
The theory behind SRV is that given a known domain name e.g. example.com, a given service e.g. web (http) which runs on tcp in this case, a DNS query may be issued to find the host name that provides such on behalf of the domain – and which may or may not be within the domain.

Example:
srvce.prot.name ttl class rr pri weight port target
_http._tcp.example.com. IN SRV 0 5 80 http://www.example.com.

srvce
Defines the symbolic service name (see IANA port-numbers) prepended with a ‘_’ (underscore). Case insensitive. Common values are:
_http – web service
_ftp – file transfer service
_ldap – LDAP service

prot
Defines the protocol name (see IANA service-names) prepended with a ‘_’ (underscore). Case insensitive. Common values are
_tcp – TCP protocol
_udp – UDP protocol

name
Incomprehensible description in RFC 2782. Leaving the entry blank (without a dot) will substitute the current zone root (the $ORIGIN), or you can explicitly add it as in the above _http._tcp.example.com. (with a dot).

ttl
Standard TTL parameter. For more information about TTL values.

pri
The relative Priority of this service (range 0 – 65535). Lowest is highest priority.

weight
Used when more than one service with same priority. A 16 bit unsigned integer in the range 0 – 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater it is a relative number in which the highest is most frequently delivered i.e. given two SRV records both with Priority = 0, one with weight = 1 the other weight = 6, the one with weight 6 will have its RR delivered first 6 times out of 7 by the name server.

port
Normally the port number assigned to the symbolic service but does this is not a requirement e.g. it is permissible to define a _http service with a port number of 8100 rather than the more normal port 80.

target
The name of the host that will provide this service. Does not have to be in the same zone (domain).

TXT Record
A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.

Example:

SPF domains have to publish at least two directives: a version identifier and a default mechanism.

mydomain.com. TXT “v=spf1 -all”
This is the simplest possible SPF record: it means your domain mydomain.com never sends mail.

It makes sense to do this when a domain is only used for web services and doesn’t do email.
MX servers send mail, designate them.
mydomain.com. TXT “v=spf1 mx -all”

Let’s pretend mydomain.com has two MX servers, mx01 and mx02. They would both be allowed to send mail from mydomain.com.
other machines in the domain also send mail, designate them.
mydomain.com. TXT “v=spf1 mx ptr -all”

This designates all the hosts whose PTR hostname match mydomain.com.
any other machines not in the domain also send mail from that domain, designate them.
mydomain.com. TXT “v=spf1 a:mydomain.com mx ptr -all”

mydomain.com’s IP address doesn’t show up in its list of MX servers. So we add an “a” mechanism to the directive set to match it.
mydomain.com. TXT “v=spf1 a mx ptr -all”

This is shorthand for the same thing.
Each of your mail servers should have an SPF record also.When your mail servers create a bounce message, they will send it using a blank envelope sender: <>. When an SPF MTA sees a blank envelope sender, it will perform the lookup using the HELO domain name instead. These records take care of that scenario.
amx.mail.net. TXT “v=spf1 a -all”
mx.mail.net. TXT “v=spf1 a -all”

NAPTR Record

NAPTR records (NAPTR stands for “Naming Authority Pointer”) are a newer type of DNS record that support regular expression based rewriting.

Example of NAPTR Record with syntax

$ORIGIN 3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.

NAPTR 10 100 “u” “E2U+sip” “!^.*$!sip:info@example.com!” .
NAPTR 10 101 “u” “E2U+h323” “!^.*$!h323:info@example.com!” .
NAPTR 10 102 “u” “E2U+msg” “!^.*$!mailto:info@example.com!” .

This record set maps the phone number +441632960083 onto three possible identically ordered URIs, with a preference for SIP, then H323, and finally email. In each case, the regular expression matches the full AUS (^.$), and replaces it with a URI (e.g., sip:info@example.com). As this is a terminal record, this URI is returned to the client.Though most NAPTR records replace the full AUS, it is possible for the regular expression to back-reference part of the AUS, to grab an extension number, say:

$ORIGIN 0.6.9.2.3.6.1.4.4.e164.arpa. *

NAPTR 10 100 “u” “E2U+sip””!^+441632960(.*)$!sip:\1@example.com!” .

Once the client has the URI it must be resolved using DNS, but this is no longer part of the DDDS algorithm..

wildcard DNS record
A wildcard DNS record is a record in a DNS zone file that will match all requests for non-existent domain names, i.e. domain names for which there are no records at all.

– Jayachandran Palanisamy.

chandranjoy@gmail.com

+91 98944 97649

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: