All About DNS

8/20/2019 All About DNS

1/33

http://www2.isupportyou.net/2010/07/understanding-dns-domain-naming-server.html

Hi Friends,

First of all thans for visiting my !log. " added #$ear%h& option for my !log, you %an easily

sear%h for a parti%ular topi% using 'oogle $ear%h. "f you are fa%ing any issues, or if you have any

(uestions please mail me at %haran)isupportyou.net *hans.

+oming into the *opi%.

What is DNS?

$ stands for omain aming $erver, it is a standard of naming domains in any operational

environment indows,inu,$olaris,3ny environment4. "t is a server whi%h %ontains a data!ase

of all the domains and all the servers whi%h are asso%iated with those domains.

Why it is Used?

"ts a servi%e dedi%ated to identify all the ma%hines domains 5 mem!er servers4 in a networ. *o

mae this possi!le, every ma%hine has to !e registered in the authoritative $ server of that

networ. *hat means every operational networ should have a dedi%ated $ server to ena!le

identifi%ation and %ommuni%ation !etween the ma%hines.

How it works?

3s i said, it is dedi%atedly used for identifi%ation, in te%hni%al words for “name resolution”.

6very ma%hine in a networ has a dedi%ated " address 5 hostname as its identity. henever a

ma%hine tries to %ommuni%ate with another ma%hine on the networ it should first identify the

se%ond ma%hine, that means it should now the ip address of that parti%ular ma%hine. 3fter

nowing the identity i.e ip address4, it will dire%tly %ommuni%ates with the se%ond ma%hine. $o

to spea, a ma%hine should now the ip address of the another ma%hine, with whi%h its going to

%ommuni%ate !efore it starts. 3nother (uestion hy the hostnames are used, if the ma%hine

already have an identity in the terms of " address8 Hostname is an 6nglish word whi%h is useful

for Human remem!ran%e. "t is impossi!le for a human !eing to remem!er lots of " addresses,

!ut it is possi!le to remem!er 6nglish names of the same hosts as we %onfigure the hostnames

generally with employee name or department name or lo%ation name et%4. For eample we %an

remem!er www.yahoo.%om !ut not its ip address, !e%ause we are not having only one we!site on

the internet. *o sum up Hostnames and " addresses !oth are used to identifi%ation and

%ommuni%ation !etween two ma%hines in a networ. 9ut ma%hines are only a!le to %ommuni%ate

with the " addresses and whi%h are impossi!le to remem!er for Humans eep in mind

mailto:[email protected]://www.yahoo.com/http://www.yahoo.com/mailto:[email protected]


2/33

ma%hines never %ommuni%ate with hostnames4. *o solve this situation $ was implemented. "t

!asi%ally %ontains a data!ase of host re%ords in a networ. 3 host re%ord %ontains #Hostname :

IP address&, see the image !elow for !etter under standing. ;ut "nternet is purely depended on

$, when we a%%ess a parti%ular we!site we will give its 6nglish name, when we press 6*6


3/33

A. 6very $ server %ontains a roothint file asso%iated with it, and the same will !e used to

identify the responsi!le $ server.


4/33

• +3B6


5/33

like12.34.56.78 or0123:4567:89ab:cdef:0123:4567:89ab:cdef . This guide introduces

basic DNS concepts and the different types of DNS records.

How DNS Works

Before adding any DNS records, you should learn the basics of DNS. You’ll start by

dissecting a domain name, and then you’ll learn about the mechanics of DNS resolution,

including name servers, zone files, and individual DNS records.

Domain Names

Domain names are best understood by reading from right to left. The broadest domain

classification is on the right, and become more specific as you move to the left. In the

examples below, the top-level domain, orTLD, is.com.

12example.commail.hello.example.com

Every term to the left of the TLD and separated by a period is considered a more

specific subdomain, although conventionally, first-level subdomains plus their TLDs

(example.com) are referred to as “domains.” Moving to the left,hello andmail are the

second- and third-level subdomains, respectively. Typically, subdomains are used to

uniquely identify specific machines or services, but this is left up to the domain owner.

Name Servers

Choosing and specifyingname servers is an essential part of domain ownership. If you

don’t, the Internet won’t know where to find your DNS information, and your domain

won’t resolve. Name servers host a domain’s DNS information in a text file called

the zone file. They’re are also known as Servers of Authority (SOAs). You can host your

DNS information on name servers in one of several locations:

• Linode (recommended)

• Your registrar

• Your own DNS server


6/33

• Third-party DNS hosting

Using Linode’s free name servers is the easiest approach, because Linode provides a

default zone file with all the right IP addresses for your website and email. For basic

DNS setups and many advanced ones, Linode’s name servers will work beautifully.However, you can also look into the options offered by your registrar and third-party

DNS hosts, or host your own DNS if you want to take control of as much of the DNS

process as possible.

You’ll specify name servers on your domain registrar’s website. They’ll take care of

publishing that information to the higher-level name servers. You’ll want to specify at

least two name servers. That way, if one of them is down, the next one can continue to

serve your DNS information.

DNS Records and Zone Files

The next aspect of DNS management is specifying DNS records, which actually match

domain names to IP addresses. The DNS records are then automatically bundled up

into a zone file, which is what allows the Internet to look up the correct IP address for

your domain. If you decide to use Linode’s name servers, our DNS Manager will help

you create a default zone file. It contains records similar to the following:

123456789101

112

; example.com [448369]$! 86400" # %&' ()1.li(ode.com. admi(.example.com. 2013062147 14400 14400 120960086400" % ()1.li(ode.com." % ()2.li(ode.com." % ()3.li(ode.com." % ()4.li(ode.com." % ()5.li(ode.com." *+ 10 mail.example.com." ' 12.34.56.78

mail ' 12.34.56.78,,, ' 12.34.56.78

Every domain’s zone file contains the admin’s email address, the name servers, and the

DNS records. Of course, you are not limited to these default entries. You can create a


7/33

variety of DNS records for as many different subdomains as you wish. To learn how to

add individual DNS records using the DNS Manager, readthis article.

DNS Resolution

So how does DNS actually work? First, the domain name needs to get translated into

your Linode’s IP address. DNS matches human-friendly domain names

likeexample.com to computer-friendly IP addresses like12.34.56.78. This happens in a

special text file called a zone file, which lists domains and their corresponding IP

addresses (and a few other things). A zone file is a lot like a phone book that matches

names with street addresses.

Here’s how the DNS lookup process works:

1.You type a domain name likeexample.com in to the address bar.

2.Your computer connects to the Internet through an Internet Service Provider (ISP).

3.The ISP’sDNS resolver queries aroot nameserver for the proper TLD nameserver. In

other words, it asks the root nameserver, “Where can I find the nameserver

for.com domains?”

4.The root nameserver responds with the IP address for the.com nameserver.

5.The ISP’s DNS resolver visits the.com nameserver, using the IP address it got from the

root nameserver. It asks the.com nameserver, “Where can I find the nameserver

forexample.com?”

6.The.com nameserver responds with the IP address for theexample.com nameserver.

7.The ISP’s DNS resolver visits your domain’s nameserver and reads the zone file.

8.The zone file shows which IP address goes with the domain.

9.Now that the ISP has the IP address forexample.com, it connects you to your Linode.

10.Apache handles everything after that, ensuring that the correct files and folders

get displayed in your visitor’s browser.

https://www.linode.com/docs/networking/dns/dns-managerhttps://www.linode.com/docs/networking/dns/dns-manager


8/33

The scenario described above is what happens if the ISP has no current information

about the requested domain. In actuality, ISPs cache a lot of DNS information after

they’ve looked it up the first time. This results in faster lookups and less strain on DNS

servers. Usually caching is a good thing, but it can be a problem if you’ve recently made

a change to your DNS information, like when you move to Linode from a different


9/33

hosting provider. In those cases, you’ll want to pay attention to your zone file’stime to

live (TTL) so that your DNS change happens as quickly as possible.

Types of DNS Records

A and AAAA

An A record matches up a domain (or subdomain) to an IP address. In other words, it

points your domain name to your Linode’s IP address, which allows web traffic to reach

your Linode. This is the core functionality of DNS. A typical A record looks like the

following:

1example.com ' 12.34.56.78

You can also make A records for subdomains you want to direct to your server:

1hello.example.com ' 12.34.56.78

You can point different subdomains to different IP addresses.

If you want to pointevery subdomain ofexample.com to your Linode’s IP, you can use

an asterisk (***) as your subdomain:

1-.example.com ' 12.34.56.78

An AAAA record is just like an A record, but for IPv6 IP addresses. A typical AAAA

record looks like the following:

1example.com '''' 0123:4567:89ab:cdef:0123:4567:89ab:cdef

AFR

An AXFR record is a type of DNS record used for DNS replication, although there are

also more modern ways to do DNS replication. AXFR records are not used in ordinary

zone files. Rather, they are used on aslave DNS server to replicate the zone file from

amaster DNS server. For an example of how to configure Linode’s nameservers as

slave DNS servers using AXFR, visit thisguide about configuring DNS on cPanel.

https://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/web-applications/control-panels/cpanel/dns-on-cpanel#sph_using-linode-s-dns-manager-as-a-slavehttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/web-applications/control-panels/cpanel/dns-on-cpanel#sph_using-linode-s-dns-manager-as-a-slave


10/33

!NA"#

ACNAME record orCanonical Name record matches up a domain (or subdomain) to a

different domain. With a CNAME record, DNS lookups use the target domain’s DNS

resolution as the alias’s resolution. Here’s an example:

12alia).com '*/ example.com.example.com ' 12.34.56.78

With this setup, whenalia).com is requested, the initial DNS lookup will find the CNAME

entry with the target ofexample.com. A new DNS lookup will be started

forexample.com, which will find the IP address12.34.56.78. Finally, visitors

toalia).com will be directed to12.34.56.78.

CNAME records exist so that domains can have aliases. You should not use a CNAME

record for a domain that gets email, because some mail servers handle mail oddly for

domains with CNAME records. Likewise, MX records cannot reference CNAME-defined

hostnames. Also, the target domain for a CNAME record should have a normal A-record

resolution. Chaining or looping CNAME records is not recommended.

In some cases, a CNAME record can be an effective way to redirect traffic from one

domain to another while keeping the same URL. However, keep in mind that a CNAME

record does not function the same way as a URL redirect. A CNAME record directs web

traffic for a particular domain to the target domain’s IP address. Once the visitor reaches

that IP address, the local Apache (or other web server) configuration will determine how

the domain is handled. If that domain is not configured on the server, the server will

simply display its default web page (if any). This may or may not be the web page for the

target domain in the CNAME record, depending on how the server is configured.

D$I"

ADKIM record ordomain keys identified mail record displays the public key for

authenticating messages that have been signed with the DKIM protocol. This practice

increases the capability to check mail authenticity. A typical DKIM record looks like the

following:


11/33

1)eleco1._domai(e.example.com + )a;p8e224i086i

DKIM records are implemented as text records. The record must be created for a

subdomain, which has a unique selector for that key, then a period (.), and

then _domai(e.example.com. The type is TXT, and the value includes the type of key,

followed by the actual key.

"

AnMX record ormail exchange record sets the mail delivery destination for a domain

(or subdomain). A typical MX record looks like the following:

12example.com *+ 10 mail.example.com.mail.example.com ' 12.34.56.78

The above records direct mail forexample.com to themail.example.com server. The

target domain (mail.example.com above) needs to have its own A record that resolves

to your Linode. Ideally, an MX record should point to a domain that is also

thehostname for its server.

Your MX records don’t necessarily have to point to your Linode. If you’re using a third-

party mail service, likeGoogle Apps, you should use the MX records they provide.

Priority is another component of MX records. This is the number written between the

record type and the target server (10 in the example above). Priority allows you to

designate a fallback server (or servers) for mail for a particular domain. Lower numbers

have a higher priority. Here’s an example of a domain that has two fallback mail servers:

123

example.com *+ 10 mail_1.example.comexample.com *+ 20 mail_2.example.comexample.com *+ 30 mail_3.example.com

In this example, ifmail_1.example.com is down, mail will be delivered

tomail_2.example.com. Ifmail_2.example.com is also down, mail will be delivered

tomail_3.example.com.

NS

https://www.linode.com/docs/getting-started#xsetting-the-hostnamehttps://www.linode.com/docs/email/google-mailhttps://www.linode.com/docs/getting-started#xsetting-the-hostnamehttps://www.linode.com/docs/email/google-mail


12/33

NS records orname server records set the nameservers for a domain (or subdomain).

The primary nameserver records for your domain are set both at your registrar and in

your zone file. Typical nameserver records (you need at least two) look like this:

12345

example.com % ()1.li(ode.com.example.com % ()2.li(ode.com.example.com % ()3.li(ode.com.example.com % ()4.li(ode.com.example.com % ()5.li(ode.com.

The nameservers you designate at your registrar then carry the zone file for your

domain.

You can also set up different nameservers for any of your subdomains. Subdomain NS

records get configured in your primary domain’s zone file. For example, if you’re using

Linode’s nameservers, you could configure separate NS records in your Linode zone file

for the subdomainmail.example.com as shown below:

12mail.example.com % ()1.(ame)ee.commail.example.com % ()2.(ame)ee.com

Primary nameservers get configured at your registrar; secondary subdomain

nameservers get configured in the primary domain’s zone file. The order of NS recordsdoes not matter; DNS requests are sent randomly to the different servers, and if one

host fails to respond, another one will be queried.

%TR

APTR record or pointer record matches up an IP address to a domain (or subdomain),

allowing reverse DNS queries to function. It performs the opposite service an A record

does, in that it allows you to look up the domain associated with a particular IP address,

instead of vice versa.

PTR records are usually set with your hosting provider. They are not part of your

domain’s zone file. This means that you’ll always set reverse DNS for your Linodes in

the Linode Manager, even if your nameservers are elsewhere. Likewise, if you have


13/33

servers somewhere else but are using Linode’s nameservers, you will still have to set up

your PTR records with your hosting provider.

As a prerequisite for adding a PTR record, you need to create a valid, live A or AAAA

record that points the desired domain to that IP. If you want an IPv4 PTR record, pointthe domain (or subdomain) to your Linode’s IPv4 address. If you want an IPv6 PTR

record, point the domain to your Linode’s IPv6 address. Beyond that, IPv4 and IPv6

PTR records work the same way.

For instructions on setting up reverse DNS on your Linode, see ourReverse DNS guide.

It’s possible to have different IPs (including both IPv4 and IPv6 addresses) that have the

same domain set for reverse DNS. To do this, you will have to configure multiple A or

AAAA records for that domain that point to the various IPs.

S&A

AnSOA record orStart of Authority record labels a zone file with the name of the host

where it was originally created. Next, it lists the contact email address for the person

responsible for the domain. There are also various numbers, which we’ll get into in detail

in a moment. First, here’s a typical SOA record:

1" # %&' ()1.li(ode.com. admi(.example.com. 2013062147 14400 14400 120960086400

The administrative email address is written with a period (.) instead of an at symbol

().

Here’s what the numbers mean:

• Serial number: The revision number for this domain’s zone file. It changes when the file

gets updated.

• Refresh time: The amount of time (in seconds) a secondary DNS server will keep the

zone file before it checks for changes.

• Retry time: The amount of time a secondary DNS server will wait before retrying a failed

zone file transfer.

https://www.linode.com/docs/networking/dns/setting-reverse-dnshttps://www.linode.com/docs/networking/dns/setting-reverse-dns


14/33

• Expire time: The amount of time a secondary DNS server will wait before expiring its

current zone file copy if it cannot update itself.

• Minimum TTL: The minimum amount of time other servers should keep data cached

from this zone file.

The single nameserver mentioned in the SOA record is considered the primary master

for the purposes of Dynamic DNS and is the server where zone file changes get made

before they are propagated to all other nameservers.

S%F

AnSPF record orSender Policy Framework record lists the designated mail servers for

a domain (or subdomain). It helps establish the legitimacy of your mail server and

reduces the chances of spoofing, which occurs when someone fakes the headers on an

email to make it look like it’s coming from your domain, even though the message did

not originate from your Linode. Spammers sometimes try to do this to get around spam

filters. An SPF record for your domain tells other receiving mail servers which outgoing

server(s) are valid sources of email, so they can reject spoofed email from your domain

that has originated from unauthorized servers. A very basic SPF record looks like the

following:

1example.com + )pf1 a all

In your SPF record, you should list all the mail servers from which you send mail, and

then exclude all the others. Your SPF record will have a domain or subdomain, type

(which is TXT, or SPF if your name server supports it), and text (which starts with

“v=spf1” and contains the SPF record settings).

If your Linode is the only mail server you use, you should be able to use the example

record above. With this SPF record, the receiving server will check the IP addresses of

both the sending server and the IP address of example.com. If the IPs match, the check

passes. If not, the check will “soft fail” (i.e., the message will be marked but will not

automatically be rejected for failing the SPF check).

Make sure your SPF records are not too strict. If you accidentally exclude a legitimate

mail server, its messages could get marked as spam. We strongly recommend visiting


15/33

openspf.org to learn how SPF records work and how to construct one that works for

your setup. Theirexamples are also helpful.

SR'

AnSRV record orservice record matches up a specific service that runs on your

domain (or subdomain) to a target domain. This allows you to direct traffic for specific

services, like instant messaging, to another server. A typical SRV record looks like the

following:

1 _)eice._poocol.example.com %


16/33

purposes depending on the specific contents. One common use of the TXT record is to

create anSPF record on nameservers that don’t natively support SPF. Another use is to

create aDKIM record for mail signing.

_______________________________________________________________________

DNS Records Explained with Examples

DNS (Domain Name System), is the service which translates between Internet names and

Internet addresses.

Internet names are the names which we use to refer to hosts on the Internet, such as

www.debianhelp.co.uk.

Internet addresses are the numbers which routers use to move traffic across the Internet,

such as 2..!." and

What are DNS Records ?

DNS records or #one files are used for mappin$ %&'s to an Is. 'ocated on servers called

the DNS servers, these records are typically the connection of your website with the outside

world. &euests for your website are forwarded to your DNS servers and then $et pointed to

the *ebServers that serve the website or to +mail servers that handle the incomin$ email.

Different Types of DNS Records With Syntax and Examples

Types of DNS Records

-N+

/

0&

NS

S1

S&

0/0

N0&

0he above DNS records are mostly used in all DNS -onfi$urations. Now we will see each one

with e3amples.

A Record

n record or address record.

ddress &ecord, assi$ns an I address to a domain or subdomain name. *hen the domain

name system was desi$ned it was recommended that no two records refer to the same I

address.

https://www.linode.com/docs/networking/dns/introduction-to-dns-records#spfhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#dkimhttp://www.debianhelp.co.uk/dnsrecords.htmhttp://www.debianhelp.co.uk/dnsrecords.htmhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#spfhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#dkimhttp://www.debianhelp.co.uk/dnsrecords.htmhttp://www.debianhelp.co.uk/dnsrecords.htm


17/33

Suppose you have the somedomain.tld domain and want to assi$n 4.4.4. I address to

your web server, then you should create an record with 5www.somedomain.tld5 as 6ully

7ualified Domain Name and 54.4.4.5 in the value field.

6rom now on, all the reuests for www.somedomain.tld will be sent to a server with that I.

8asically is useful to use an record when you have subdomains residin$ on varioussystems.

%sefultip9 you mi$ht use a 5:.somedomain.tld5 record to allow

*;0++&.somedomain.tld to be resolved to your I, thou$h a wildcard -N+ record is

often better than a wildcard record.

Example of A Record with Syntax

e3ample.com. IN address. 0he record is structured in very much the same way as the record in

both binary and master file formats it is Eust much lar$er. 0he DNS resource record 0ype

value for is 2?.

Example of AAAA Record with Syntax

0he record is to help transition and coe3istence between Iv> and Iv< networks.n

Iv> nameserver can provide Iv< addresses9

linu3 aaaa !ffe9=449>">"92942d494=ff9fefF9


18/33

already e3istin$ record i.e. you can make 5www.somedomain.tld5 to 5somedomain.tld5,

which should already have been assi$ned an I with an record.

0his allows you to have as many subdomains as you wish without havin$ to specify the I

for every record. %se a -N+ if you have more services pointin$ to the same I. 0his way

you will have to update only one record in the convenience of a chan$e of I address.

+3ample of a -N+ record9 5stuff.everybo3.com -N+ www.everybo3.com5 where

Hwww.everybo3.comH is an record listin$ an I address, and Hstuff.everybo3.comH points to

Hwww.everybo3.comH. It will N10 allow you to foward a domain to a specific web pa$e. %se a

webhop for that. ort numbers can be chan$ed with webhops, as well -N+s cannot

chan$e the ;00 default of ?4 to any other port number.

Do not use -N+ defined hostnames in / records. 6or e3ample, this is not recommended

Example Of CNAME With syntax

mail.e3ample.com IN -N+ mail.e3ample.net

where

IN indicates Internet

-N+ indicates -N+ record.

M Record

n / record or mail e3chan$e record maps a domain name to a list of mail e3chan$e

servers for that domain.

Example with M Record Syntax ! Sin"le mail ser#ers

mydomain.com. >>44 IN / 4 mydomain.com.

0he / record shows that all emails mydomain.com should be routed to the mail server

at mydomain.com. 0he DNS record shows that mydomain.com is located at 2.=.>. 0his

means that email meant for testmydomain.com will be routed to the email server at

2.=.>. 0his finishes the task of the / record. 0he email server on that server then

takes over, collects the email and then proceeds to distribute it to the user JJtestHH.

It is important that there be a dot(JJ.HH) after the domain name in the / record. If the dot

is absent, it routes to JJmydomain.com.mydomain.comHH. 0he number 4, indicatesreferance number. ail is always routed to the server which has the lowest referance

number. If there is only one mail server, it is safe to mark it 4.

%sin$ ultiple mail servers

If you want to use multiple mail servers you have to use / record preferences.0he /

record preference values indicate which mail server to use and in which order to try them


19/33

when they fail or donHt respond. lar$er preference number is less preferred. 0hus, a mail

e3chan$er with a preference of Cero (4) is always preferred over all other mail e3chan$ers.

Settin$ preference values to eual numbers makes mail servers eually preferred.

Example with M Record Syntax ! M$ltiple mail ser#ers

mydomain.com. >>44 IN / 4 mydomain.com.mydomain.com. >>44 IN / !4 server2.mydomain.com

Gou can have unlimited / entries for 6allback or backup purpose.If all the / records are

eual reference numbers, the client simply attempts all eual reference servers in random

order, and then $oes to / record with the ne3t hi$hest reference number.

%TR Record

0& record or pointer record maps an Iv> address to the canonical name for that host.

Settin$ up a 0& record for a hostname in the [email protected] domain that corresponds to an

I address implements reverse DNS lookup for that address. 6or e3ample www.name.net

has the I address 22.4.!.


20/33

Stealth Name Servers.

Example of NS Record With syntax

e3ample.com. IN NS ns.live.secure.com.

where

IN indicates the Internet

NS indicates the type of record which Name Server record

0he above indicates that the ns.live.secure.com is the authoritative server for the domain

e3ample.com

SOA Record

n S1 record or start of authority record specifies the DNS server providin$ authoritative

information about an Internet domain, the email of the domain administrator, the domain

serial number, and several timers relatin$ to refreshin$ the Cone.

n S1(State of uthority) &ecord is the most essential part of a #one file. 0he S1 record

is a way for the Domain dministrator to $ive out simple information about the domain like,

how often it is updated, when it was last updated, when to check back for more info, what is

the admins email address and so on. #one file can contain only one S1 &ecord.

properly optimiCed and updated S1 record can reduce bandwidth between nameservers,

increase the speed of website access and ensure the site is alive even when the primary

DNS server is down.

Example of SOA Record with syntax

;ere is the S1 record. Notice the startin$ bracket JJ(JJ. 0his has to be on the same line,

otherwise the record $ets broken.

name 00' class rr Nameserver email@address

mydomain.com. >>44 IN S1 ns.mynameserver.com. root.ns.mynameserver.com. (

244>2!44 Serial number

?F>?!F (close to


21/33

-lass @ IN @ 0he class shows the type of record. IN euates to Internet. 1ther options are all

historic. So as lon$ as your DNS is on the Internet or Intranet, you must use IN.

Nameserver @ ns.nameserver.com. @ 0he nameserver is the server which holds the Cone

files. It can be either an e3ternal server in which case, the entire domain name must be

specified followed by a dot. In case it is defined in this Cone file, then it can be written as

JJnsHH .

+mail address @ root.ns.nameserver.com. @ 0his is the email of the domain name

administrator. Now, this is really confusin$, because people e3pect an to be in an email

address. ;owever in this case, email is sent to rootns.nameserver.com, but written as

root.ns.nameserver.com . nd yes, remember to put the dot behind the domain name.

Serial number @ 244>2!44 @ 0his is a sort of a revision numberin$ system to show the

chan$es made to the DNS #one. 0his number has to increment , whenever any chan$e is

made to the #one file. 0he standard convention is to use the date of update GGGGDDnn,

where nn is a revision number in case more than one updates are done in a day. So if the

first update done today would be 244"!4244 and second update would be 244"!424.

&efresh @ ? hours.

&etry @ F244 @ Now assume that a slave tried to contact the master server and failed to

contact it because it was down. 0he &etry value (time in seconds) will tell it when to $et

back. 0his value is not very important and can be a fraction of the refresh value.

+3piry @ ! weeks.

inimum @


22/33

Example of SR& Record with syntax

srvce.prot.name ttl class rr pri wei$ht port tar$et

Mhttp.Mtcp.e3ample.com. IN S& 4 " ?4 www.e3ample.com.

srvce

Defines the symbolic service name (see IN port@numbers) prepended with a HMH

(underscore). -ase insensitive. -ommon values are9

Mhttp @ web service

Mftp @ file transfer service

Mldap @ 'D service

prot

Defines the protocol name (see IN service@names) prepended with a HMH (underscore).

-ase insensitive. -ommon values are

Mtcp @ 0- protocol

Mudp @ %D protocol

name

Incomprehensible description in &6- 2F?2. 'eavin$ the entry blank (without a dot) will

substitute the current Cone root (the 1&IOIN), or you can e3plicitly add it as in the above

Mhttp.Mtcp.e3ample.com. (with a dot).

ttl

Standard 00' parameter. 6or more information about 00' values.

pri

0he relative riority of this service (ran$e 4 @


23/33

tar$et

0he name of the host that will provide this service. Does not have to be in the same Cone

(domain).

TT Record

0/0 record allows an administrator to insert arbitrary te3t into a DNS record. 6or e3ample,

this record is used to implement the Sender olicy 6ramework specification.

Example of TT Record with syntax

S6 domains have to publish at least two directives9 a version identifier and a default

mechanism.

mydomain.com. 0/0 5vPspf @all5

0his is the simplest possible S6 record9 it means your domain mydomain.com never sends

mail.

It makes sense to do this when a domain is only used for web services and doesnHt do

email.

/ servers send mail, desi$nate them.

mydomain.com. 0/0 5vPspf m3 @all5

'etHs pretend mydomain.com has two / servers, m34 and m342. 0hey would both be

allowed to send mail from mydomain.com.

other machines in the domain also send mail, desi$nate them.

mydomain.com. 0/0 5vPspf m3 ptr @all5

0his desi$nates all the hosts whose 0& hostname match mydomain.com.

any other machines not in the domain also send mail from that domain, desi$nate them.

mydomain.com. 0/0 5vPspf a9mydomain.com m3 ptr @all5

mydomain.comHs I address doesnHt show up in its list of / servers. So we add an 5a5mechanism to the directive set to match it.

mydomain.com. 0/0 5vPspf a m3 ptr @all5

0his is shorthand for the same thin$.

+ach of your mail servers should have an S6 record also.*hen your mail servers create a


24/33

bounce messa$e, they will send it usin$ a blank envelope sender9 QR. *hen an S6 0

sees a blank envelope sender, it will perform the lookup usin$ the ;+'1 domain name

instead. 0hese records take care of that scenario.

am3.mail.net. 0/0 5vPspf a @all5

m3.mail.net. 0/0 5vPspf a @all5

NA%TR Record

N0& records (N0& stands for 5Namin$ uthority ointer5) are a newer type of DNS

record that support re$ular e3pression based rewritin$.

Example of NA%TR Record with syntax

1&IOIN !.?.4.4..e.arpa.

N0& 4 44 5u5 5+2%sip5 5LT.:Lsip9infoe3ample.comL5 .

N0& 4 4 5u5 5+2%h!2!5 5LT.:Lh!2!9infoe3ample.comL5 .

N0& 4 42 5u5 5+2%ms$5 5LT.:Lmailto9infoe3ample.comL5 .

0his record set maps the phone number >>

ordered %&Is, with a preference for SI, then ;!2!, and finally email. In each case, the

re$ular e3pression matches the full %S (T.), and replaces it with a %&I (e.$.,

sip9infoe3ample.com). s this is a terminal record, this %&I is returned to the

client.0hou$h most N0& records replace the full %S, it is possible for the re$ular

e3pression to back@reference part of the %S, to $rab an e3tension number, say9

1&IOIN 4..e.arpa. :

N0& 4 44 5u5 5+2%sip55LT>>

1nce the client has the %&I it must be resolved usin$ DNS, but this is no lon$er part of the

DDDS al$orithm..

wildcard DNS record

wildcard DNS record is a record in a DNS Cone file that will match all reuests for non@

e3istent domain names, i.e. domain names for which there are no records at all.

______________________________________________________________________________

-onfi$ure / &ecords for Incomin$ S0 +@ail0raffic


25/33

osted on Vanuary F, 244= by Daniel %etri in +3chan$e Server with 4

-omments

;ow do I confi$ure and test the / &ecord for my Internet Domain nameW

Sponsored

/xcha(>e *o(ioi(> ?a)hboad

onitor vital messa$in$ components with a one@look dashboard X avoid costly downtime.ailscape makes your Eob easier by providin$ +3chan$e monitorin$ and reportin$ in a concise,

easy@to@use solution.

0est Drive ailscape 0odayL

*hen you want to run your own mail server, and it does not matter what

version and make of mail server youYre usin$ Z as lon$ as the mail server is

usin$ S0 as the e@mail transfer mechanism Z youYll need to confi$ure the

/ &ecords for your domain.

/ is an acronym for ail e/chan$e. / is defined in &6- 4!". It specifies

the name and relative preference of mail servers for the Cone. / is a DNS

record used to define the host(s) willin$ to accept mail for a $iven domain.

I.e. an / record indicates which computer is responsible for handlin$ the

mail for a particular domain.

*ithout proper / &ecords for your domain, only internal e@mail will be

delivered to your users. +3ternal e@mail from other mail servers in the world

will not be able to reach your server simply because these forei$n servers

cannot tell to which server they need to AtalkB (or open a connection to) in

order to send the mail destined for that domain.

https://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffichttps://www.petri.com/author/daniel-petrihttps://www.petri.com/exchangehttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttp://www.faqs.org/rfcs/rfc1035.htmlhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffichttps://www.petri.com/author/daniel-petrihttps://www.petri.com/exchangehttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttp://www.faqs.org/rfcs/rfc1035.html


26/33

Gou can have multiple / records for a sin$le domain name, ranked in

preference order. If a host has three / records, a mailer will try to deliver

to all three before ueuin$ the mail.

/ &ecords must be in the followin$ format9

domain.com. IN MX 10 mail.domain.com.

0he reference field is relative to any other / &ecord for the Cone and can

be on any value between 4 and


27/33

In the above e3ample you need to $ive the mail serverYs I address as your

/ &ecord.

Domain name9 dpetri.net

&ecord 67DN &ecord 0ype &ecord alue / ref

mail.dpetri.net 22.>!.>!.!4

dpetri.net / mail.dpetri.net 4

Gou should make sure the IS has had all the necessary routin$ tables

updated in order to provide Internet availability to your internal I network

ran$e.

Note( It doesnYt matter if the real host name of the mail server is N10

AmailB. Internet hosts donYt mind that, they Eust need to know whatYs the

name of the mail server, and whatYs the I address for that name.

When NAT is )ein" $sed


28/33

In cases where N0 (Network ddress 0ranslation) is bein$ used you will

need to provide them with the I address of your e3ternal N0 interface, and

confi$ure your N0 device with Static appin$ for 0- ort 2", and have all

0- ort 2" traffic forwarded to the internal I address of your mail server.

'etYs say you have the followin$ 'N confi$uration9

In the above e3ample you need to $ive the N0Ys I address as your /

&ecord.



mail.dpetri.net =2.=4..


Note( ake sure you properly confi$ure the N0 device to forward all 0-

ort 2" traffic to =2.


29/33

When a Mail Relay is )ein" $sed

In cases where you have a D# (DemilitariCed #one) with a ail &elay host

(i.e. 'inu3, *indows 2444K244! IIS and S0, a dedicated appliance and

so on) you will need to provide the 67DN and I address of your ail &elaymachine, and confi$ure the 6irewall to only allow 0- ort 2" traffic to be

sent to the ail &elayYs I address, not to your real mail server.

Gou should then confi$ure the ail &elay to forward the incomin$ e@mail

traffic to the real mail server (after scannin$ it for spam, viruses and so on).

'etYs say you have the followin$ 'N confi$uration9

Sponsored


30/33

Instantly monitor vital messaging components. Get the Exchange

Dashboard Trial

Sponsored

In the above e3ample you need to $ive the ail &elayYs I address as your /&ecord.



mail.dpetri.net =2.=4..F


Note( ake sure you properly confi$ure the 6irewall device to forward all

0- ort 2" traffic to =2.=4..F, and to allow =2.=4..F to send 0-

ort 2" traffic to your internal mail server at =2.


31/33

*hile these / &ecords will $enerally not cause any harm even if you

confi$ure them without actually needin$ them, you must pay close attention

to various confi$uration issues, especially when ail@&elays and Smart@;osts

are involved. 0herefore I cannot say for sure if confi$urin$ non@necessary

/ &ecords will cause any problems to your local network. If you do notknow for sure (and this mi$ht be the case since youYve bothered to read this

article in the first place) I su$$est you consult a network specialist before

doin$ any chan$es.

6ault 0olerance

In case your mail server fails youYd like to still be able to receive incomin$ e@

mail messa$es. ost small to medium siCed companies will pay their ISs

some monthly fee and that will buy them stora$e space on the ISs mail

servers. 6or that to happen, a new / &ecord will be added to their DNS

information, pointin$ to the ISs mail server with a hi$her priority. 6or

e3ample9


mail.dpetri.net =2.=4..F

mail.isp.com 22.>!.2".


dpetri.net / mail.isp.com 44

'oad 8alancin$

edium to lar$e siCed companies will want to confi$ure some load balancin$

features for their incomin$ mail servers. 6or that to happen, the company

must set up a number of mail servers, each one with a different I address

(actually, one can use Network 'oad 8alancin$ Z N'8, or even clusterin$ but

thatYs a topic for a different article). 0hen new / &ecords will be added to


32/33

their DNS information, pointin$ to the mail servers, all with the same

priority. 6or e3ample9


maila.dpetri.net =2.=4..F

mailb.dpetri.net =2.=4..?

mailc.dpetri.net =2.=4..=

mail.isp.com 22.>!.2".

dpetri.net / maila.dpetri.net 4

dpetri.net / mailb.dpetri.net 4

dpetri.net / mailc.dpetri.net 4

dpetri.net / mail.isp.com 44

0estin$ the / &ecord confi$uration

0estin$ the / &ecord confi$uration is critical especially when confi$urin$ it

for the first time with a new IS you donYt know that well and so on. %se

NS'11\% or DIO or any other DNS ueryin$ tool to make sure your

records are set strai$ht.

Sample screenshot is of an NS'11\% test to icrosoftYs / &ecords9

lso, make sure you can connect to the mail server by usin$ the / &ecord

information. Gou can do so by usin$ 0elnet, as described in the S0, 1!

https://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/smtp_pop3_and_telnet.htm


33/33

and 0elnet in +3chan$e 2444K244! and 0est S0 Service in IIS and

+3chan$e articles.
https://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/test_smtp_service.htm

Date post:	07-Aug-2018
Category:	Documents
Upload:	mahesh-shri
View:	213 times
Download:	0 times

All About DNS

Documents