8/20/2019 All About DNS
1/33
http://www2.isupportyou.net/2010/07/understanding-dns-domain-naming-server.html
Hi Friends,
First of all thans for visiting my !log. " added #$ear%h& option for my !log, you %an easily
sear%h for a parti%ular topi% using 'oogle $ear%h. "f you are fa%ing any issues, or if you have any
(uestions please mail me at %haran)isupportyou.net *hans.
+oming into the *opi%.
What is DNS?
$ stands for omain aming $erver, it is a standard of naming domains in any operational
environment indows,inu,$olaris,3ny environment4. "t is a server whi%h %ontains a data!ase
of all the domains and all the servers whi%h are asso%iated with those domains.
Why it is Used?
"ts a servi%e dedi%ated to identify all the ma%hines domains 5 mem!er servers4 in a networ. *o
mae this possi!le, every ma%hine has to !e registered in the authoritative $ server of that
networ. *hat means every operational networ should have a dedi%ated $ server to ena!le
identifi%ation and %ommuni%ation !etween the ma%hines.
How it works?
3s i said, it is dedi%atedly used for identifi%ation, in te%hni%al words for “name resolution”.
6very ma%hine in a networ has a dedi%ated " address 5 hostname as its identity. henever a
ma%hine tries to %ommuni%ate with another ma%hine on the networ it should first identify the
se%ond ma%hine, that means it should now the ip address of that parti%ular ma%hine. 3fter
nowing the identity i.e ip address4, it will dire%tly %ommuni%ates with the se%ond ma%hine. $o
to spea, a ma%hine should now the ip address of the another ma%hine, with whi%h its going to
%ommuni%ate !efore it starts. 3nother (uestion hy the hostnames are used, if the ma%hine
already have an identity in the terms of " address8 Hostname is an 6nglish word whi%h is useful
for Human remem!ran%e. "t is impossi!le for a human !eing to remem!er lots of " addresses,
!ut it is possi!le to remem!er 6nglish names of the same hosts as we %onfigure the hostnames
generally with employee name or department name or lo%ation name et%4. For eample we %an
remem!er www.yahoo.%om !ut not its ip address, !e%ause we are not having only one we!site on
the internet. *o sum up Hostnames and " addresses !oth are used to identifi%ation and
%ommuni%ation !etween two ma%hines in a networ. 9ut ma%hines are only a!le to %ommuni%ate
with the " addresses and whi%h are impossi!le to remem!er for Humans eep in mind
mailto:[email protected]://www.yahoo.com/http://www.yahoo.com/mailto:[email protected]
8/20/2019 All About DNS
2/33
ma%hines never %ommuni%ate with hostnames4. *o solve this situation $ was implemented. "t
!asi%ally %ontains a data!ase of host re%ords in a networ. 3 host re%ord %ontains #Hostname :
IP address&, see the image !elow for !etter under standing. ;ut "nternet is purely depended on
$, when we a%%ess a parti%ular we!site we will give its 6nglish name, when we press 6*6
8/20/2019 All About DNS
3/33
A. 6very $ server %ontains a roothint file asso%iated with it, and the same will !e used to
identify the responsi!le $ server.
8/20/2019 All About DNS
4/33
• +3B6
8/20/2019 All About DNS
5/33
like12.34.56.78 or0123:4567:89ab:cdef:0123:4567:89ab:cdef . This guide introduces
basic DNS concepts and the different types of DNS records.
How DNS Works
Before adding any DNS records, you should learn the basics of DNS. You’ll start by
dissecting a domain name, and then you’ll learn about the mechanics of DNS resolution,
including name servers, zone files, and individual DNS records.
Domain Names
Domain names are best understood by reading from right to left. The broadest domain
classification is on the right, and become more specific as you move to the left. In the
examples below, the top-level domain, orTLD, is.com.
12example.commail.hello.example.com
Every term to the left of the TLD and separated by a period is considered a more
specific subdomain, although conventionally, first-level subdomains plus their TLDs
(example.com) are referred to as “domains.” Moving to the left,hello andmail are the
second- and third-level subdomains, respectively. Typically, subdomains are used to
uniquely identify specific machines or services, but this is left up to the domain owner.
Name Servers
Choosing and specifyingname servers is an essential part of domain ownership. If you
don’t, the Internet won’t know where to find your DNS information, and your domain
won’t resolve. Name servers host a domain’s DNS information in a text file called
the zone file. They’re are also known as Servers of Authority (SOAs). You can host your
DNS information on name servers in one of several locations:
• Linode (recommended)
• Your registrar
• Your own DNS server
8/20/2019 All About DNS
6/33
• Third-party DNS hosting
Using Linode’s free name servers is the easiest approach, because Linode provides a
default zone file with all the right IP addresses for your website and email. For basic
DNS setups and many advanced ones, Linode’s name servers will work beautifully.However, you can also look into the options offered by your registrar and third-party
DNS hosts, or host your own DNS if you want to take control of as much of the DNS
process as possible.
You’ll specify name servers on your domain registrar’s website. They’ll take care of
publishing that information to the higher-level name servers. You’ll want to specify at
least two name servers. That way, if one of them is down, the next one can continue to
serve your DNS information.
DNS Records and Zone Files
The next aspect of DNS management is specifying DNS records, which actually match
domain names to IP addresses. The DNS records are then automatically bundled up
into a zone file, which is what allows the Internet to look up the correct IP address for
your domain. If you decide to use Linode’s name servers, our DNS Manager will help
you create a default zone file. It contains records similar to the following:
123456789101
112
; example.com [448369]$! 86400" # %&' ()1.li(ode.com. admi(.example.com. 2013062147 14400 14400 120960086400" % ()1.li(ode.com." % ()2.li(ode.com." % ()3.li(ode.com." % ()4.li(ode.com." % ()5.li(ode.com." *+ 10 mail.example.com." ' 12.34.56.78
mail ' 12.34.56.78,,, ' 12.34.56.78
Every domain’s zone file contains the admin’s email address, the name servers, and the
DNS records. Of course, you are not limited to these default entries. You can create a
8/20/2019 All About DNS
7/33
variety of DNS records for as many different subdomains as you wish. To learn how to
add individual DNS records using the DNS Manager, readthis article.
DNS Resolution
So how does DNS actually work? First, the domain name needs to get translated into
your Linode’s IP address. DNS matches human-friendly domain names
likeexample.com to computer-friendly IP addresses like12.34.56.78. This happens in a
special text file called a zone file, which lists domains and their corresponding IP
addresses (and a few other things). A zone file is a lot like a phone book that matches
names with street addresses.
Here’s how the DNS lookup process works:
1.You type a domain name likeexample.com in to the address bar.
2.Your computer connects to the Internet through an Internet Service Provider (ISP).
3.The ISP’sDNS resolver queries aroot nameserver for the proper TLD nameserver. In
other words, it asks the root nameserver, “Where can I find the nameserver
for.com domains?”
4.The root nameserver responds with the IP address for the.com nameserver.
5.The ISP’s DNS resolver visits the.com nameserver, using the IP address it got from the
root nameserver. It asks the.com nameserver, “Where can I find the nameserver
forexample.com?”
6.The.com nameserver responds with the IP address for theexample.com nameserver.
7.The ISP’s DNS resolver visits your domain’s nameserver and reads the zone file.
8.The zone file shows which IP address goes with the domain.
9.Now that the ISP has the IP address forexample.com, it connects you to your Linode.
10.Apache handles everything after that, ensuring that the correct files and folders
get displayed in your visitor’s browser.
https://www.linode.com/docs/networking/dns/dns-managerhttps://www.linode.com/docs/networking/dns/dns-manager
8/20/2019 All About DNS
8/33
The scenario described above is what happens if the ISP has no current information
about the requested domain. In actuality, ISPs cache a lot of DNS information after
they’ve looked it up the first time. This results in faster lookups and less strain on DNS
servers. Usually caching is a good thing, but it can be a problem if you’ve recently made
a change to your DNS information, like when you move to Linode from a different
8/20/2019 All About DNS
9/33
hosting provider. In those cases, you’ll want to pay attention to your zone file’stime to
live (TTL) so that your DNS change happens as quickly as possible.
Types of DNS Records
A and AAAA
An A record matches up a domain (or subdomain) to an IP address. In other words, it
points your domain name to your Linode’s IP address, which allows web traffic to reach
your Linode. This is the core functionality of DNS. A typical A record looks like the
following:
1example.com ' 12.34.56.78
You can also make A records for subdomains you want to direct to your server:
1hello.example.com ' 12.34.56.78
You can point different subdomains to different IP addresses.
If you want to pointevery subdomain ofexample.com to your Linode’s IP, you can use
an asterisk (***) as your subdomain:
1-.example.com ' 12.34.56.78
An AAAA record is just like an A record, but for IPv6 IP addresses. A typical AAAA
record looks like the following:
1example.com '''' 0123:4567:89ab:cdef:0123:4567:89ab:cdef
AFR
An AXFR record is a type of DNS record used for DNS replication, although there are
also more modern ways to do DNS replication. AXFR records are not used in ordinary
zone files. Rather, they are used on aslave DNS server to replicate the zone file from
amaster DNS server. For an example of how to configure Linode’s nameservers as
slave DNS servers using AXFR, visit thisguide about configuring DNS on cPanel.
https://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/web-applications/control-panels/cpanel/dns-on-cpanel#sph_using-linode-s-dns-manager-as-a-slavehttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/networking/dns/dns-manager#setting-the-time-to-live-or-ttlhttps://www.linode.com/docs/web-applications/control-panels/cpanel/dns-on-cpanel#sph_using-linode-s-dns-manager-as-a-slave
8/20/2019 All About DNS
10/33
!NA"#
ACNAME record orCanonical Name record matches up a domain (or subdomain) to a
different domain. With a CNAME record, DNS lookups use the target domain’s DNS
resolution as the alias’s resolution. Here’s an example:
12alia).com '*/ example.com.example.com ' 12.34.56.78
With this setup, whenalia).com is requested, the initial DNS lookup will find the CNAME
entry with the target ofexample.com. A new DNS lookup will be started
forexample.com, which will find the IP address12.34.56.78. Finally, visitors
toalia).com will be directed to12.34.56.78.
CNAME records exist so that domains can have aliases. You should not use a CNAME
record for a domain that gets email, because some mail servers handle mail oddly for
domains with CNAME records. Likewise, MX records cannot reference CNAME-defined
hostnames. Also, the target domain for a CNAME record should have a normal A-record
resolution. Chaining or looping CNAME records is not recommended.
In some cases, a CNAME record can be an effective way to redirect traffic from one
domain to another while keeping the same URL. However, keep in mind that a CNAME
record does not function the same way as a URL redirect. A CNAME record directs web
traffic for a particular domain to the target domain’s IP address. Once the visitor reaches
that IP address, the local Apache (or other web server) configuration will determine how
the domain is handled. If that domain is not configured on the server, the server will
simply display its default web page (if any). This may or may not be the web page for the
target domain in the CNAME record, depending on how the server is configured.
D$I"
ADKIM record ordomain keys identified mail record displays the public key for
authenticating messages that have been signed with the DKIM protocol. This practice
increases the capability to check mail authenticity. A typical DKIM record looks like the
following:
8/20/2019 All About DNS
11/33
1)eleco1._domai(e.example.com + )a;p8e224i086i
DKIM records are implemented as text records. The record must be created for a
subdomain, which has a unique selector for that key, then a period (.), and
then _domai(e.example.com. The type is TXT, and the value includes the type of key,
followed by the actual key.
"
AnMX record ormail exchange record sets the mail delivery destination for a domain
(or subdomain). A typical MX record looks like the following:
12example.com *+ 10 mail.example.com.mail.example.com ' 12.34.56.78
The above records direct mail forexample.com to themail.example.com server. The
target domain (mail.example.com above) needs to have its own A record that resolves
to your Linode. Ideally, an MX record should point to a domain that is also
thehostname for its server.
Your MX records don’t necessarily have to point to your Linode. If you’re using a third-
party mail service, likeGoogle Apps, you should use the MX records they provide.
Priority is another component of MX records. This is the number written between the
record type and the target server (10 in the example above). Priority allows you to
designate a fallback server (or servers) for mail for a particular domain. Lower numbers
have a higher priority. Here’s an example of a domain that has two fallback mail servers:
123
example.com *+ 10 mail_1.example.comexample.com *+ 20 mail_2.example.comexample.com *+ 30 mail_3.example.com
In this example, ifmail_1.example.com is down, mail will be delivered
tomail_2.example.com. Ifmail_2.example.com is also down, mail will be delivered
tomail_3.example.com.
NS
https://www.linode.com/docs/getting-started#xsetting-the-hostnamehttps://www.linode.com/docs/email/google-mailhttps://www.linode.com/docs/getting-started#xsetting-the-hostnamehttps://www.linode.com/docs/email/google-mail
8/20/2019 All About DNS
12/33
NS records orname server records set the nameservers for a domain (or subdomain).
The primary nameserver records for your domain are set both at your registrar and in
your zone file. Typical nameserver records (you need at least two) look like this:
12345
example.com % ()1.li(ode.com.example.com % ()2.li(ode.com.example.com % ()3.li(ode.com.example.com % ()4.li(ode.com.example.com % ()5.li(ode.com.
The nameservers you designate at your registrar then carry the zone file for your
domain.
You can also set up different nameservers for any of your subdomains. Subdomain NS
records get configured in your primary domain’s zone file. For example, if you’re using
Linode’s nameservers, you could configure separate NS records in your Linode zone file
for the subdomainmail.example.com as shown below:
12mail.example.com % ()1.(ame)ee.commail.example.com % ()2.(ame)ee.com
Primary nameservers get configured at your registrar; secondary subdomain
nameservers get configured in the primary domain’s zone file. The order of NS recordsdoes not matter; DNS requests are sent randomly to the different servers, and if one
host fails to respond, another one will be queried.
%TR
APTR record or pointer record matches up an IP address to a domain (or subdomain),
allowing reverse DNS queries to function. It performs the opposite service an A record
does, in that it allows you to look up the domain associated with a particular IP address,
instead of vice versa.
PTR records are usually set with your hosting provider. They are not part of your
domain’s zone file. This means that you’ll always set reverse DNS for your Linodes in
the Linode Manager, even if your nameservers are elsewhere. Likewise, if you have
8/20/2019 All About DNS
13/33
servers somewhere else but are using Linode’s nameservers, you will still have to set up
your PTR records with your hosting provider.
As a prerequisite for adding a PTR record, you need to create a valid, live A or AAAA
record that points the desired domain to that IP. If you want an IPv4 PTR record, pointthe domain (or subdomain) to your Linode’s IPv4 address. If you want an IPv6 PTR
record, point the domain to your Linode’s IPv6 address. Beyond that, IPv4 and IPv6
PTR records work the same way.
For instructions on setting up reverse DNS on your Linode, see ourReverse DNS guide.
It’s possible to have different IPs (including both IPv4 and IPv6 addresses) that have the
same domain set for reverse DNS. To do this, you will have to configure multiple A or
AAAA records for that domain that point to the various IPs.
S&A
AnSOA record orStart of Authority record labels a zone file with the name of the host
where it was originally created. Next, it lists the contact email address for the person
responsible for the domain. There are also various numbers, which we’ll get into in detail
in a moment. First, here’s a typical SOA record:
1" # %&' ()1.li(ode.com. admi(.example.com. 2013062147 14400 14400 120960086400
The administrative email address is written with a period (.) instead of an at symbol
().
Here’s what the numbers mean:
• Serial number: The revision number for this domain’s zone file. It changes when the file
gets updated.
• Refresh time: The amount of time (in seconds) a secondary DNS server will keep the
zone file before it checks for changes.
• Retry time: The amount of time a secondary DNS server will wait before retrying a failed
zone file transfer.
https://www.linode.com/docs/networking/dns/setting-reverse-dnshttps://www.linode.com/docs/networking/dns/setting-reverse-dns
8/20/2019 All About DNS
14/33
• Expire time: The amount of time a secondary DNS server will wait before expiring its
current zone file copy if it cannot update itself.
• Minimum TTL: The minimum amount of time other servers should keep data cached
from this zone file.
The single nameserver mentioned in the SOA record is considered the primary master
for the purposes of Dynamic DNS and is the server where zone file changes get made
before they are propagated to all other nameservers.
S%F
AnSPF record orSender Policy Framework record lists the designated mail servers for
a domain (or subdomain). It helps establish the legitimacy of your mail server and
reduces the chances of spoofing, which occurs when someone fakes the headers on an
email to make it look like it’s coming from your domain, even though the message did
not originate from your Linode. Spammers sometimes try to do this to get around spam
filters. An SPF record for your domain tells other receiving mail servers which outgoing
server(s) are valid sources of email, so they can reject spoofed email from your domain
that has originated from unauthorized servers. A very basic SPF record looks like the
following:
1example.com + )pf1 a all
In your SPF record, you should list all the mail servers from which you send mail, and
then exclude all the others. Your SPF record will have a domain or subdomain, type
(which is TXT, or SPF if your name server supports it), and text (which starts with
“v=spf1” and contains the SPF record settings).
If your Linode is the only mail server you use, you should be able to use the example
record above. With this SPF record, the receiving server will check the IP addresses of
both the sending server and the IP address of example.com. If the IPs match, the check
passes. If not, the check will “soft fail” (i.e., the message will be marked but will not
automatically be rejected for failing the SPF check).
Make sure your SPF records are not too strict. If you accidentally exclude a legitimate
mail server, its messages could get marked as spam. We strongly recommend visiting
8/20/2019 All About DNS
15/33
openspf.org to learn how SPF records work and how to construct one that works for
your setup. Theirexamples are also helpful.
SR'
AnSRV record orservice record matches up a specific service that runs on your
domain (or subdomain) to a target domain. This allows you to direct traffic for specific
services, like instant messaging, to another server. A typical SRV record looks like the
following:
1 _)eice._poocol.example.com %
8/20/2019 All About DNS
16/33
purposes depending on the specific contents. One common use of the TXT record is to
create anSPF record on nameservers that don’t natively support SPF. Another use is to
create aDKIM record for mail signing.
_______________________________________________________________________
DNS Records Explained with Examples
DNS (Domain Name System), is the service which translates between Internet names and
Internet addresses.
Internet names are the names which we use to refer to hosts on the Internet, such as
www.debianhelp.co.uk.
Internet addresses are the numbers which routers use to move traffic across the Internet,
such as 2..!." and
What are DNS Records ?
DNS records or #one files are used for mappin$ %&'s to an Is. 'ocated on servers called
the DNS servers, these records are typically the connection of your website with the outside
world. &euests for your website are forwarded to your DNS servers and then $et pointed to
the *ebServers that serve the website or to +mail servers that handle the incomin$ email.
Different Types of DNS Records With Syntax and Examples
Types of DNS Records
-N+
/
0&
NS
S1
S&
0/0
N0&
0he above DNS records are mostly used in all DNS -onfi$urations. Now we will see each one
with e3amples.
A Record
n record or address record.
ddress &ecord, assi$ns an I address to a domain or subdomain name. *hen the domain
name system was desi$ned it was recommended that no two records refer to the same I
address.
https://www.linode.com/docs/networking/dns/introduction-to-dns-records#spfhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#dkimhttp://www.debianhelp.co.uk/dnsrecords.htmhttp://www.debianhelp.co.uk/dnsrecords.htmhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#spfhttps://www.linode.com/docs/networking/dns/introduction-to-dns-records#dkimhttp://www.debianhelp.co.uk/dnsrecords.htmhttp://www.debianhelp.co.uk/dnsrecords.htm
8/20/2019 All About DNS
17/33
Suppose you have the somedomain.tld domain and want to assi$n 4.4.4. I address to
your web server, then you should create an record with 5www.somedomain.tld5 as 6ully
7ualified Domain Name and 54.4.4.5 in the value field.
6rom now on, all the reuests for www.somedomain.tld will be sent to a server with that I.
8asically is useful to use an record when you have subdomains residin$ on varioussystems.
%sefultip9 you mi$ht use a 5:.somedomain.tld5 record to allow
*;0++&.somedomain.tld to be resolved to your I, thou$h a wildcard -N+ record is
often better than a wildcard record.
Example of A Record with Syntax
e3ample.com. IN address. 0he record is structured in very much the same way as the record in
both binary and master file formats it is Eust much lar$er. 0he DNS resource record 0ype
value for is 2?.
Example of AAAA Record with Syntax
0he record is to help transition and coe3istence between Iv> and Iv< networks.n
Iv> nameserver can provide Iv< addresses9
linu3 aaaa !ffe9=449>">"92942d494=ff9fefF9
8/20/2019 All About DNS
18/33
already e3istin$ record i.e. you can make 5www.somedomain.tld5 to 5somedomain.tld5,
which should already have been assi$ned an I with an record.
0his allows you to have as many subdomains as you wish without havin$ to specify the I
for every record. %se a -N+ if you have more services pointin$ to the same I. 0his way
you will have to update only one record in the convenience of a chan$e of I address.
+3ample of a -N+ record9 5stuff.everybo3.com -N+ www.everybo3.com5 where
Hwww.everybo3.comH is an record listin$ an I address, and Hstuff.everybo3.comH points to
Hwww.everybo3.comH. It will N10 allow you to foward a domain to a specific web pa$e. %se a
webhop for that. ort numbers can be chan$ed with webhops, as well -N+s cannot
chan$e the ;00 default of ?4 to any other port number.
Do not use -N+ defined hostnames in / records. 6or e3ample, this is not recommended
Example Of CNAME With syntax
mail.e3ample.com IN -N+ mail.e3ample.net
where
IN indicates Internet
-N+ indicates -N+ record.
M Record
n / record or mail e3chan$e record maps a domain name to a list of mail e3chan$e
servers for that domain.
Example with M Record Syntax ! Sin"le mail ser#ers
mydomain.com. >>44 IN / 4 mydomain.com.
0he / record shows that all emails mydomain.com should be routed to the mail server
at mydomain.com. 0he DNS record shows that mydomain.com is located at 2.=.>. 0his
means that email meant for testmydomain.com will be routed to the email server at
2.=.>. 0his finishes the task of the / record. 0he email server on that server then
takes over, collects the email and then proceeds to distribute it to the user JJtestHH.
It is important that there be a dot(JJ.HH) after the domain name in the / record. If the dot
is absent, it routes to JJmydomain.com.mydomain.comHH. 0he number 4, indicatesreferance number. ail is always routed to the server which has the lowest referance
number. If there is only one mail server, it is safe to mark it 4.
%sin$ ultiple mail servers
If you want to use multiple mail servers you have to use / record preferences.0he /
record preference values indicate which mail server to use and in which order to try them
8/20/2019 All About DNS
19/33
when they fail or donHt respond. lar$er preference number is less preferred. 0hus, a mail
e3chan$er with a preference of Cero (4) is always preferred over all other mail e3chan$ers.
Settin$ preference values to eual numbers makes mail servers eually preferred.
Example with M Record Syntax ! M$ltiple mail ser#ers
mydomain.com. >>44 IN / 4 mydomain.com.mydomain.com. >>44 IN / !4 server2.mydomain.com
Gou can have unlimited / entries for 6allback or backup purpose.If all the / records are
eual reference numbers, the client simply attempts all eual reference servers in random
order, and then $oes to / record with the ne3t hi$hest reference number.
%TR Record
0& record or pointer record maps an Iv> address to the canonical name for that host.
Settin$ up a 0& record for a hostname in the [email protected] domain that corresponds to an
I address implements reverse DNS lookup for that address. 6or e3ample www.name.net
has the I address 22.4.!.
8/20/2019 All About DNS
20/33
Stealth Name Servers.
Example of NS Record With syntax
e3ample.com. IN NS ns.live.secure.com.
where
IN indicates the Internet
NS indicates the type of record which Name Server record
0he above indicates that the ns.live.secure.com is the authoritative server for the domain
e3ample.com
SOA Record
n S1 record or start of authority record specifies the DNS server providin$ authoritative
information about an Internet domain, the email of the domain administrator, the domain
serial number, and several timers relatin$ to refreshin$ the Cone.
n S1(State of uthority) &ecord is the most essential part of a #one file. 0he S1 record
is a way for the Domain dministrator to $ive out simple information about the domain like,
how often it is updated, when it was last updated, when to check back for more info, what is
the admins email address and so on. #one file can contain only one S1 &ecord.
properly optimiCed and updated S1 record can reduce bandwidth between nameservers,
increase the speed of website access and ensure the site is alive even when the primary
DNS server is down.
Example of SOA Record with syntax
;ere is the S1 record. Notice the startin$ bracket JJ(JJ. 0his has to be on the same line,
otherwise the record $ets broken.
name 00' class rr Nameserver email@address
mydomain.com. >>44 IN S1 ns.mynameserver.com. root.ns.mynameserver.com. (
244>2!44 Serial number
?F>?!F (close to
8/20/2019 All About DNS
21/33
-lass @ IN @ 0he class shows the type of record. IN euates to Internet. 1ther options are all
historic. So as lon$ as your DNS is on the Internet or Intranet, you must use IN.
Nameserver @ ns.nameserver.com. @ 0he nameserver is the server which holds the Cone
files. It can be either an e3ternal server in which case, the entire domain name must be
specified followed by a dot. In case it is defined in this Cone file, then it can be written as
JJnsHH .
+mail address @ root.ns.nameserver.com. @ 0his is the email of the domain name
administrator. Now, this is really confusin$, because people e3pect an to be in an email
address. ;owever in this case, email is sent to rootns.nameserver.com, but written as
root.ns.nameserver.com . nd yes, remember to put the dot behind the domain name.
Serial number @ 244>2!44 @ 0his is a sort of a revision numberin$ system to show the
chan$es made to the DNS #one. 0his number has to increment , whenever any chan$e is
made to the #one file. 0he standard convention is to use the date of update GGGGDDnn,
where nn is a revision number in case more than one updates are done in a day. So if the
first update done today would be 244"!4244 and second update would be 244"!424.
&efresh @ ? hours.
&etry @ F244 @ Now assume that a slave tried to contact the master server and failed to
contact it because it was down. 0he &etry value (time in seconds) will tell it when to $et
back. 0his value is not very important and can be a fraction of the refresh value.
+3piry @ ! weeks.
inimum @
8/20/2019 All About DNS
22/33
Example of SR& Record with syntax
srvce.prot.name ttl class rr pri wei$ht port tar$et
Mhttp.Mtcp.e3ample.com. IN S& 4 " ?4 www.e3ample.com.
srvce
Defines the symbolic service name (see IN port@numbers) prepended with a HMH
(underscore). -ase insensitive. -ommon values are9
Mhttp @ web service
Mftp @ file transfer service
Mldap @ 'D service
prot
Defines the protocol name (see IN service@names) prepended with a HMH (underscore).
-ase insensitive. -ommon values are
Mtcp @ 0- protocol
Mudp @ %D protocol
name
Incomprehensible description in &6- 2F?2. 'eavin$ the entry blank (without a dot) will
substitute the current Cone root (the 1&IOIN), or you can e3plicitly add it as in the above
Mhttp.Mtcp.e3ample.com. (with a dot).
ttl
Standard 00' parameter. 6or more information about 00' values.
pri
0he relative riority of this service (ran$e 4 @
8/20/2019 All About DNS
23/33
tar$et
0he name of the host that will provide this service. Does not have to be in the same Cone
(domain).
TT Record
0/0 record allows an administrator to insert arbitrary te3t into a DNS record. 6or e3ample,
this record is used to implement the Sender olicy 6ramework specification.
Example of TT Record with syntax
S6 domains have to publish at least two directives9 a version identifier and a default
mechanism.
mydomain.com. 0/0 5vPspf @all5
0his is the simplest possible S6 record9 it means your domain mydomain.com never sends
mail.
It makes sense to do this when a domain is only used for web services and doesnHt do
email.
/ servers send mail, desi$nate them.
mydomain.com. 0/0 5vPspf m3 @all5
'etHs pretend mydomain.com has two / servers, m34 and m342. 0hey would both be
allowed to send mail from mydomain.com.
other machines in the domain also send mail, desi$nate them.
mydomain.com. 0/0 5vPspf m3 ptr @all5
0his desi$nates all the hosts whose 0& hostname match mydomain.com.
any other machines not in the domain also send mail from that domain, desi$nate them.
mydomain.com. 0/0 5vPspf a9mydomain.com m3 ptr @all5
mydomain.comHs I address doesnHt show up in its list of / servers. So we add an 5a5mechanism to the directive set to match it.
mydomain.com. 0/0 5vPspf a m3 ptr @all5
0his is shorthand for the same thin$.
+ach of your mail servers should have an S6 record also.*hen your mail servers create a
8/20/2019 All About DNS
24/33
bounce messa$e, they will send it usin$ a blank envelope sender9 QR. *hen an S6 0
sees a blank envelope sender, it will perform the lookup usin$ the ;+'1 domain name
instead. 0hese records take care of that scenario.
am3.mail.net. 0/0 5vPspf a @all5
m3.mail.net. 0/0 5vPspf a @all5
NA%TR Record
N0& records (N0& stands for 5Namin$ uthority ointer5) are a newer type of DNS
record that support re$ular e3pression based rewritin$.
Example of NA%TR Record with syntax
1&IOIN !.?.4.4..e.arpa.
N0& 4 44 5u5 5+2%sip5 5LT.:Lsip9infoe3ample.comL5 .
N0& 4 4 5u5 5+2%h!2!5 5LT.:Lh!2!9infoe3ample.comL5 .
N0& 4 42 5u5 5+2%ms$5 5LT.:Lmailto9infoe3ample.comL5 .
0his record set maps the phone number >>
ordered %&Is, with a preference for SI, then ;!2!, and finally email. In each case, the
re$ular e3pression matches the full %S (T.), and replaces it with a %&I (e.$.,
sip9infoe3ample.com). s this is a terminal record, this %&I is returned to the
client.0hou$h most N0& records replace the full %S, it is possible for the re$ular
e3pression to back@reference part of the %S, to $rab an e3tension number, say9
1&IOIN 4..e.arpa. :
N0& 4 44 5u5 5+2%sip55LT>>
1nce the client has the %&I it must be resolved usin$ DNS, but this is no lon$er part of the
DDDS al$orithm..
wildcard DNS record
wildcard DNS record is a record in a DNS Cone file that will match all reuests for non@
e3istent domain names, i.e. domain names for which there are no records at all.
______________________________________________________________________________
-onfi$ure / &ecords for Incomin$ S0 +@ail0raffic
8/20/2019 All About DNS
25/33
osted on Vanuary F, 244= by Daniel %etri in +3chan$e Server with 4
-omments
;ow do I confi$ure and test the / &ecord for my Internet Domain nameW
Sponsored
/xcha(>e *o(ioi(> ?a)hboad
onitor vital messa$in$ components with a one@look dashboard X avoid costly downtime.ailscape makes your Eob easier by providin$ +3chan$e monitorin$ and reportin$ in a concise,
easy@to@use solution.
0est Drive ailscape 0odayL
*hen you want to run your own mail server, and it does not matter what
version and make of mail server youYre usin$ Z as lon$ as the mail server is
usin$ S0 as the e@mail transfer mechanism Z youYll need to confi$ure the
/ &ecords for your domain.
/ is an acronym for ail e/chan$e. / is defined in &6- 4!". It specifies
the name and relative preference of mail servers for the Cone. / is a DNS
record used to define the host(s) willin$ to accept mail for a $iven domain.
I.e. an / record indicates which computer is responsible for handlin$ the
mail for a particular domain.
*ithout proper / &ecords for your domain, only internal e@mail will be
delivered to your users. +3ternal e@mail from other mail servers in the world
will not be able to reach your server simply because these forei$n servers
cannot tell to which server they need to AtalkB (or open a connection to) in
order to send the mail destined for that domain.
https://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffichttps://www.petri.com/author/daniel-petrihttps://www.petri.com/exchangehttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttp://www.faqs.org/rfcs/rfc1035.htmlhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffichttps://www.petri.com/author/daniel-petrihttps://www.petri.com/exchangehttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://www.petri.com/configure_mx_records_for_incoming_smtp_email_traffic#disqus_threadhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttps://adclick.g.doubleclick.net/aclk?sa=L&ai=BDSfTrqJfVfKDK8mMogOqlIKIB5y33MUGAAAAEAEg2I2ABDgAWLyuw7z-AWDlwuSDpA6yAQ13d3cucGV0cmkuY29tugEJZ2ZwX2ltYWdlyAEJ2gFKaHR0cHM6Ly93d3cucGV0cmkuY29tL2NvbmZpZ3VyZV9teF9yZWNvcmRzX2Zvcl9pbmNvbWluZ19zbXRwX2VtYWlsX3RyYWZmaWOYArhiwAIC4AIA6gIhLzEwMzA2MjAvaW5fY29udGVudF9wcmVtaXVtX2Jsb2Nr-AKB0h6QA5oImAOkA6gDAeAEAZAGAaAGH9gHAA&num=0&cid=5GgHisVL2U8QGhG2r_h7bRWF&sig=AOD64_3dIsdBw0Th4H3QW4sippk5S0e7oA&client=ca-pub-5120588263574562&adurl=http://www.enowsoftware.com/test-drive-mailscape-0/?utm_campaign=Ad+ID+3380+PetriV2&utm_source=Petri+In-Content+Bluebox&utm_medium=paidhttp://www.faqs.org/rfcs/rfc1035.html
8/20/2019 All About DNS
26/33
Gou can have multiple / records for a sin$le domain name, ranked in
preference order. If a host has three / records, a mailer will try to deliver
to all three before ueuin$ the mail.
/ &ecords must be in the followin$ format9
domain.com. IN MX 10 mail.domain.com.
0he reference field is relative to any other / &ecord for the Cone and can
be on any value between 4 and
8/20/2019 All About DNS
27/33
In the above e3ample you need to $ive the mail serverYs I address as your
/ &ecord.
Domain name9 dpetri.net
&ecord 67DN &ecord 0ype &ecord alue / ref
mail.dpetri.net 22.>!.>!.!4
dpetri.net / mail.dpetri.net 4
Gou should make sure the IS has had all the necessary routin$ tables
updated in order to provide Internet availability to your internal I network
ran$e.
Note( It doesnYt matter if the real host name of the mail server is N10
AmailB. Internet hosts donYt mind that, they Eust need to know whatYs the
name of the mail server, and whatYs the I address for that name.
When NAT is )ein" $sed
8/20/2019 All About DNS
28/33
In cases where N0 (Network ddress 0ranslation) is bein$ used you will
need to provide them with the I address of your e3ternal N0 interface, and
confi$ure your N0 device with Static appin$ for 0- ort 2", and have all
0- ort 2" traffic forwarded to the internal I address of your mail server.
'etYs say you have the followin$ 'N confi$uration9
In the above e3ample you need to $ive the N0Ys I address as your /
&ecord.
Domain name9 dpetri.net
&ecord 67DN &ecord 0ype &ecord alue / ref
mail.dpetri.net =2.=4..
dpetri.net / mail.dpetri.net 4
Note( ake sure you properly confi$ure the N0 device to forward all 0-
ort 2" traffic to =2.
8/20/2019 All About DNS
29/33
When a Mail Relay is )ein" $sed
In cases where you have a D# (DemilitariCed #one) with a ail &elay host
(i.e. 'inu3, *indows 2444K244! IIS and S0, a dedicated appliance and
so on) you will need to provide the 67DN and I address of your ail &elaymachine, and confi$ure the 6irewall to only allow 0- ort 2" traffic to be
sent to the ail &elayYs I address, not to your real mail server.
Gou should then confi$ure the ail &elay to forward the incomin$ e@mail
traffic to the real mail server (after scannin$ it for spam, viruses and so on).
'etYs say you have the followin$ 'N confi$uration9
Sponsored
8/20/2019 All About DNS
30/33
Instantly monitor vital messaging components. Get the Exchange
Dashboard Trial
Sponsored
In the above e3ample you need to $ive the ail &elayYs I address as your /&ecord.
Domain name9 dpetri.net
&ecord 67DN &ecord 0ype &ecord alue / ref
mail.dpetri.net =2.=4..F
dpetri.net / mail.dpetri.net 4
Note( ake sure you properly confi$ure the 6irewall device to forward all
0- ort 2" traffic to =2.=4..F, and to allow =2.=4..F to send 0-
ort 2" traffic to your internal mail server at =2.
8/20/2019 All About DNS
31/33
*hile these / &ecords will $enerally not cause any harm even if you
confi$ure them without actually needin$ them, you must pay close attention
to various confi$uration issues, especially when ail@&elays and Smart@;osts
are involved. 0herefore I cannot say for sure if confi$urin$ non@necessary
/ &ecords will cause any problems to your local network. If you do notknow for sure (and this mi$ht be the case since youYve bothered to read this
article in the first place) I su$$est you consult a network specialist before
doin$ any chan$es.
6ault 0olerance
In case your mail server fails youYd like to still be able to receive incomin$ e@
mail messa$es. ost small to medium siCed companies will pay their ISs
some monthly fee and that will buy them stora$e space on the ISs mail
servers. 6or that to happen, a new / &ecord will be added to their DNS
information, pointin$ to the ISs mail server with a hi$her priority. 6or
e3ample9
&ecord 67DN &ecord 0ype &ecord alue / ref
mail.dpetri.net =2.=4..F
mail.isp.com 22.>!.2".
dpetri.net / mail.dpetri.net 4
dpetri.net / mail.isp.com 44
'oad 8alancin$
edium to lar$e siCed companies will want to confi$ure some load balancin$
features for their incomin$ mail servers. 6or that to happen, the company
must set up a number of mail servers, each one with a different I address
(actually, one can use Network 'oad 8alancin$ Z N'8, or even clusterin$ but
thatYs a topic for a different article). 0hen new / &ecords will be added to
8/20/2019 All About DNS
32/33
their DNS information, pointin$ to the mail servers, all with the same
priority. 6or e3ample9
&ecord 67DN &ecord 0ype &ecord alue / ref
maila.dpetri.net =2.=4..F
mailb.dpetri.net =2.=4..?
mailc.dpetri.net =2.=4..=
mail.isp.com 22.>!.2".
dpetri.net / maila.dpetri.net 4
dpetri.net / mailb.dpetri.net 4
dpetri.net / mailc.dpetri.net 4
dpetri.net / mail.isp.com 44
0estin$ the / &ecord confi$uration
0estin$ the / &ecord confi$uration is critical especially when confi$urin$ it
for the first time with a new IS you donYt know that well and so on. %se
NS'11\% or DIO or any other DNS ueryin$ tool to make sure your
records are set strai$ht.
Sample screenshot is of an NS'11\% test to icrosoftYs / &ecords9
lso, make sure you can connect to the mail server by usin$ the / &ecord
information. Gou can do so by usin$ 0elnet, as described in the S0, 1!
https://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/smtp_pop3_and_telnet.htm
8/20/2019 All About DNS
33/33
and 0elnet in +3chan$e 2444K244! and 0est S0 Service in IIS and
+3chan$e articles.
https://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/smtp_pop3_and_telnet.htmhttps://www.petri.com/test_smtp_service.htmhttps://www.petri.com/test_smtp_service.htm