When a computer attempts to access any resource on the Internet, it uses a numerical designator called an IP address – such as 192.168.0.1. However, it’s much easier for human beings to keep track of names, such as example.com. The DNS system maintains a mapping of names to IP addresses, so that a request for example.com in a user’s web browser can be automatically changed into a request for a numerical IP, and vice versa.
Each domain name, such as “example.com”, may also have other information associated with it, all of which helps humans and computers use the resources on that domain more effectively. For example, the “MX” record helps mail servers understand where to deliver mail. A “TXT” record can provide additional information about the domain, such as ownership.
How DNS Works
Here’s an example of how the DNS lookup process might work when a user request a website such as example.com:
- A user types a domain name such as example.com into the address bar.
- The user’s computer sends a request for the domain through their Internet Service Provider (ISP).
- The ISP’s “DNS resolver” – a service that does the work of mapping numerical addresses to names – together with the user’s browser, issues a query or set of queries to find the correct IP address for the requested domain. (Because of the volume of addresses on the Internet, this work typically involves several servers.)
- The user’s browser issues a request to the correct IP based on their request.
While it seems like a considerable amount of work, the speed at which the ISP resolves the proper IP from the DNS record – and then sends the user’s browser to the website – occurs in just a few milliseconds.
- A: This matches up a domain or subdomain to an IP address. This is the core functionality of DNS.
- AAAA: This is just like an A record, but for IPv6 IP addresses. A typical AAAA record looks like the following.
- AXFR: This is used for DNS replication. There are more modern ways to do DNS replication. AXFR records are not utilized for ordinary zone files.
- CNAME: This is when the Canonical name record matches up a domain (or subdomain) to a different domain. With a CNAME record, DNS lookups use the target domain’s DNS resolution as the aliases resolution.
- DKIM: This displays the public key for authenticating messages that have been signed with the DKIM protocol. This practice increases the quality of mail authenticity verification. DKIM records are implemented as text records.
- MX: This stands for Mail Exchange. MX resolve to text, not IP records. These records forward emails sent to a domain name to the correct server, where they are then sent to the specified email address. Email providers share relevant MX records with their users.
- NS: This is the nameserver records that determine the nameservers for a domain or a subdomain. The main nameserver records for a domain are set at both the registrar and in the zone file.
- SOA: This stands for Start of Authority. This record defines a zone file with the name of the host file where it was originally created. After this, it names the contact email address assigned to the person responsible for the domain.
- SPF: This stands for “sender policy framework”, and it lists the designated mail servers for a domain or subdomain. It helps determine the legitimacy of the mail server and lowers any chances of spoofing. An SPF record for a domain tells additional receiving mail servers which outgoing server is a valid source of email, so it can reject spoofed email from the unauthorized servers.
- SRV: This stands for “service record”. This DNS type matches a specific service that runs on a domain or subdomain with a target domain. This allows traffic to be directed from specific services, such as instant messaging, to a separate server.
- TXT: This stands for Text. These DNS records do not change anything on the domain, but they can be searched for to match the domain. These records are frequently used by services like Google, which will ask the user to add or change a character string to a TXT record, which can be searched to verify that the domain’s owners have access to the domain’s DNS records.
DNS records are important because they provide authoritative records of where users requesting certain information can actually find it. They are the roadmaps that allows users to interact with site across the internet, and exist as a fundamental technology for connected devices and systems. DNS is complex to configure, and configuring it incorrectly can lead to problems with serving pages, email delivery, and more.
- How to Add Domains and DNS Records
- How to Set Up MX Records for Domain Verification
- Barracuda Email Security Gateway: Sender Authentication
How Barracuda Can Help
Barracuda CloudGen Firewalls can be configured to be the authoritative DNS server for your domains or subdomains. By doing this a user can take advantage of Split DNS or dead link detection functionality.
Do you have more questions about DNS Records? Contact us today!