DNS Records and How To Use Them
The Domain Name System (DNS) enables your computer to locate other computers. In simple terms, DNS records operate like a phone book by retrieving the IPv4/IPv6 address associated with a domain and conveying this information to your computer.
Your computer temporarily stores this information based on the Time To Live (TTL) specified in the DNS record. However, DNS offers more than just IP addresses. It includes various record types to address specific needs and optimize tasks. Understanding these records is valuable for running a fast and efficient server.
Dolan (myself), public domain
A/AAAA records
A (address) records and AAAA records (pronounced “quad-A”) store just an IP address. A/AAAA records are essential to the internet and the primary purpose of the DNS system. A records store an IPv4 address, and AAAA records store an IPv6 address. Any request for “example.com” will receive the A and AAAA records for efficiency.
CNAME DNS Records
CNAME (Canonical Name) records are like shortcuts in Windows or symlinks in Linux/UNIX. A CNAME record will map to another domain instead of an IP address. This is especially useful if you need a bunch of domains mapped to a single IP. If example.com, domain1.example.com, and domain2.example.com all share the same server, then domain1 and domain2 can be a CNAME pointing to example.com, which is an A and AAAA record.
Cloudflare, which we feature in Very Basic Things You can Do to Keep your Servers Secure and some other providers offer a feature known as “CNAME flattening.” CNAME flattening is a feature that makes CNAME records behave like A/AAAA records to the end user. This serves two purposes. It is more efficient to require the client computer to make one request instead of two and allow better compatibility. Because of CNAME flattening, you can use the root domain (EX: example.com) to be assigned a CNAME record and not an A/AAAA record.
MX records
MX (Mail Exchanger) DNS records specify the mail servers responsible for receiving email messages on behalf of a domain. These records also contain a field for priority. This allows multiple email servers to exist in the same domain for redundancy. When someone sends mail to “[email protected],” their email server checks the MX records for example.com to find out where to deliver the email. It then routes the email to the specified mail server based on the priority.
Many Mail servers nowadays use a service like Google Workspace.
TXT DNS Records
TXT records are exactly what they sound like. They store text information to serve. These are often used for tasks like verifying domain ownership for email services or providing additional info about your domain.
SPF Records
SPF Records (Sender Policy Framework) specify which mail servers can send email for a domain. They define a list of authorized IP addresses or hostnames allowed to send emails claiming to be from that domain. When a recipient’s mail server receives an email, it checks the sender’s domain’s SPF record to determine if the originating mail server is on the list of authorized servers. If it is, the email is deemed legitimate; otherwise, it might get marked as spam or rejected.
NS Records
NS (Name Server) DNS Records point to the authoritative name servers for a domain. These authoritative name servers are responsible for storing and providing DNS information for that domain. They are the reference points for translating domain names into IP addresses.
Cloudflare, Public domain, via Wikimedia Commons
SOA DNS Records
An SOA (Start Of Authority) record is crucial for zone management. It begins with the domain name it pertains to and designates the primary DNS server responsible for the zone, along with an administrative contact’s email address. The record also includes a serial number that increments when there are zone changes, ensuring synchronization.
It specifies time intervals for secondary DNS servers to refresh data from the primary server, retry in case of failure, and consider data valid in the absence of contact. The minimum TTL sets the shortest time for DNS resolvers to cache the zone’s data. SOA records are vital in DNS infrastructure, enabling efficient domain management and data synchronization.
SRV Records
SRV (Service) Records specify information about services running on a server. It contains details like the service’s name, the protocol used, the server’s hostname, and the port number where the service is available.
SRV records are especially useful for applications that rely on multiple services, like VoIP or email, as they help clients locate and connect to the appropriate server for a specific service.
CAA DNS Records
CAA (Certificate Authority Authorization) records are crucial in enhancing web security. They function as a set of directives that specify which Certificate Authorities (CAs) are authorized to issue SSL/TLS certificates for a particular domain. When a browser establishes a connection with a website, it actively examines the CAA records associated with that domain to verify the CA’s authorization used for the certificate. If such approval is absent, this mechanism can effectively block the acceptance of potentially harmful certificates.
PTR Records
PTR (Pointer) Records are the opposite of A/AAAA and CNAME records. Instead of providing an IP address from a domain, it provides a domain from an IP address. They associate an IP address with a domain name, allowing you to find the domain associated with a specific IP.
This is crucial for various network and email-related functions, such as verifying the authenticity of email servers and troubleshooting network issues. For example, when a server receives an email, it can use PTR records to check that the sending server’s IP matches its claimed domain name, adding a layer of security against spam and phishing.
HTTPS Records
HTTPS (HyperText Transfer Protocol Secure) Records are a relatively new DNS type, formally approved for publication by the Internet Engineering Steering Group (IESG) in May 2022. They allow browsers to efficiently obtain complete instructions for accessing a website for a domain name. Including supported protocols (like HTTP/1.1, 2, 3), IP addresses, port numbers, and public keys. These records are beneficial because they save the browser from performing numerous DNS lookups and other protocol negotiation steps.
