An Introduction to Learning and Using DNS Records

An Introduction to Learning and Using DNS Records

Introduction

The Domain Name System (DNS) essentially provides a phone directory for the Internet. You might want to type in apple.com to your web browser to buy iPhone accessories, but how will your request reach Apple’s web server at IP address 17.172.224.47? That’s what the domain name record system does for us.

If you’re a small business owner or WordPress blogger, you’ve probably been told to configure your A and CNAME records. Or, that time you tried to move your email, you were told to change your MX record. Or, a cool web service asked you to set up a TXT record before it would work with you. What’s all this for, and why is it so confusing?

In this tutorial, I’ll introduce you to the Internet’s DNS system and guide you through configuring records for the common requirements of everyday technology consultants and business owners.

If you have any questions or comments on the tutorial, please feel free to post them below in the comments. You can also follow me on Twitter and message me there.

Learning About DNS Record Types

Name Servers

When you bought your domain name, your registrar probably configured default DNS records for you and provided the Name Servers (NS) for them. You need to have a Name Server (which are often mirrored in pairs and triplets for redundancy, e.g. ns1.yourregistrarserver.com, ns2.yourregistrarserver.com) to tell the Internet’s DNS directory the numeric IP addresses of your web servers and services.

Here’s an example of my NS records for my website, JeffReifman.com:

All the settings we’ll describe below will be configured by you at your NS host and published by their server for the Internet to update their directories.

There are a handful of types of DNS record types, and the most common you’ve probably heard of are A Records.

A Records

If a web user types in jeffreifman.com, the request will be passed off to a directory which will look for a DNS record that corresponds to my root domain. By root, I mean no prefix, no www, i.e. no sub-domain, just http://jeffreifman.com. For example, the root-level A record of your domain might point to 107.164.32.96. That will tell the Internet to which IP address to send your browsing request.

I’ve used the Kloth website for years to check DNS records, but there are many you can use, e.g. Google Dig or KeyCDN, whose content delivery network services I wrote about for Tuts+ earlier this year. Many sites offer these tools.

Here’s an example query for an A record on Kloth:

Subdomain Records

You can also configure A records for a variety of sub-domains. For example, if you want www.yourwebsite.com to go to the same address, you can set up an identical A record for the sub-domain www, i.e. the root domain, and the www domain would have identical IP addresses.

Recently, I co-founded Flee the Jungle at http://fleethejungle.com to guide shoppers away from Amazon after my stories about the company’s harm to Seattle and the viral exposé published by the New York Times:

Soon, we’ll be launching city-specific sub-domains, e.g. portland.fleethejungle.com. If we wish to host these on different servers, we’d need to set up distinct A records for each city sub-domain to point to the servers’ unique IP addresses.

Wildcard Entries

DNS records also allow wildcard entries (using an asterisk *) that make it easy to route all sub-domain traffic to one IP address. For example, if I want any city request for Flee the Jungle to be hosted by one server, I could do something like this:

Wildcards make it easier to catch traffic from many sub-domains to one server.

Inbound Routing on Your Server

When traffic arrives at your server from the DNS mapping system, how your server handles it must be configured there. For example, here’s my Apache site configuration for my root domain traffic and www traffic:

ServerName jeffreifman.com ServerAlias www.jeffreifman.com DocumentRoot /var/www/jeffreifman DirectoryIndex index.php AllowOverride All Order Deny,Allow Allow from all

I also sell domains using a web site which dynamically prices them. So, here’s how I tell Apache to accept traffic for all those different domains and DNS records:

ServerName newscloud.com ServerAlias *acro.io ServerAlias *acroyoga.io ServerAlias *acupuncture.io ServerAlias *allmisses.com ServerAlias *amehzon.com ServerAlias *carestrategies.com ServerAlias *caringsitters.com ServerAlias *clipboards.io ServerAlias *commonbits.com ServerAlias *commonroad.com ServerAlias *commontunes.com ServerAlias *completelady.com ...

Next I’m going to tell you about CNAME records. These are helpful in a number of ways and can be especially helpful in simplifying the management of your IP addresses and future migrations from one server to another.

CNAME Records

CNAMEs are essentially domain and sub-domain text aliases to map traffic to. For example, if you’ve ever set up a blog through a service such as WordPress or Tumblr, they may ask you to map your domain name to a CNAME rather than with an A record to an IP address.

I don’t use Tumblr much, but a while ago I set up a site with them to try at http://misc.jeffreifman.com. Here are their instructions for configuring your domain name. They allow either A records or CNAMEs. I used a CNAME:

Here’s my DNS record for misc.jeffreifman.com:

misc.jeffreifman.com CNAME domains.tumblr.com.

You should put a closing period on your CNAME addresses.

When a user requests misc.jeffreifman.com in their browser, the DNS points them to domains.tumblr.com which it will then recursively look up the IP address for, which will be 66.6.44.4.

One advantage of CNAMEs is that if Tumblr ever changes the IP address of their inbound server, I might not need to ever change my CNAME record. It could stay the same and Tumblr can manage the IP change by changing the A record for domains.tumblr.com.

I use this approach for my domain names for sale-most of them point to a CNAME for my web server. If I need to change hosts and change the IP address of my web server, I can change one sub-domain A record for the CNAME I used, rather than changing one hundred A records for each domain name.

Note: The DNS standards don’t technically allow you to point root domain records to a CNAME address, e.g. jeffreifman.com CNAME domains.tumblr.com. That’s why Tumblr suggests an A record for your root domains. However, some DNS name servers do support this-so check with yours. To learn more, read this post by Josh Strange.

Another scenario you’ll use CNAMEs with is CDN services such as described in the KeyCDN tutorial I wrote for Tuts+. I set up four cloud subdomains named c1, c2, c3, c4, all pointing to KeyCDN’s content mirror at jr-faf.kxcdn.com.

What Happens When You Change DNS Records?

DNS records for root domains and sub-domains are generally independent of one another. A change to an A record for a root domain doesn’t affect the existing addressing of a sub-domain’s CNAME. However, I recently signed up with web security service Incapsula and found it requires two A records for the same root domain-this can make things a bit more complicated. In other words, you can technically have multiple A records for the same domain, which could create conflicts.

It’s also important to realize that DNS changes don’t take effect immediately. When you set up your DNS records for the first time (or when you change them), Internet users will not be connected to your most current settings immediately. This is one of the things that makes migrating from one server or hosting company to another more difficult. In fact, in a worst case, it can take more than 36 hours.

My registrar introduced me to WhatsMyDNS.net for a visual report of the propagation of my DNS changes to various areas. Below was a screenshot I took when my Flee the Jungle server moved, requiring changes that ended up taking several hours.

The map below shows that DNS servers around the world had finally caught up to my latest changes:

MX Records

If you’re wondering by now what an MX record is, it’s time to tell you. MX records tell the DNS system where to send all that email you receive. So, if I bought StarWars.io and want to receive email at , I need to do two things.

First, I need to sign up for an email service such as Google Apps or FastMail to host my email. Second, I need to follow their instructions for configuring MX records to their multiple redundant email servers.

For example, here’s what it looks like for Google Apps:

Priority Mail Server 1 ASPMX.L.GOOGLE.COM. 5 ALT1.ASPMX.L.GOOGLE.COM. 5 ALT2.ASPMX.L.GOOGLE.COM. 10 ALT3.ASPMX.L.GOOGLE.COM. 10 ALT4.ASPMX.L.GOOGLE.COM.

FastMail looks something like this:

in1-smtp.messagingengine.com (first, priority=10) in2-smtp.messagingengine.com (second, priority=20)

If you want to run your own email server, you’ll need to configure your MX record to point to the IP address of your own server.

A lot of people have begun using MX Toolbox for looking up their MX records, but you can use any DNS lookup service for that too.

Changing Email Providers and Moving Email

MX records only instruct the DNS system where to route today’s email-your existing email is stored in the cloud databases of your current email provider. If you wish to move all of your existing messages, you’ll need to rely on their tools or your mail client software. And, of course, you’ll also have to update your MX records to your new provider’s settings.

During the DNS propagation period, you may receive some emails at your old provider and some at your new.

Changing your MX record does not damage your prior email repository-but nothing new will ever arrive there.

TXT Records

TXT records allow the domain owner to authenticate themselves by posting secret codes within their DNS. When you register with Google Webmaster Tools, it will ask you to verify that you own the domain by doing just that.

For example, Google will ask you to post a code specific to your domain like this:

jeffreifman.com TXT google-site-verification=Ih8iC4iSOcBSkk

I actually have three TXT records posted for jeffreifman.com right now:

jeffreifman.com TXT "keybase-site-verification=qG2zMYf_hw2sXUCgtYWk" jeffreifman.com TXT "v=spf1 include:spf.efwd.regsrvrs.com ~all" jeffreifman.com TXT "google-site-verification=blTgEw5QFSx5M"

Keybase, which I wrote about for Tuts+ while covering PGP Keys, Privacy and Encryption, uses TXT records for me to verify my website as a means to authenticate my identity with my public key records.

You can also use TXT records to tell spam detection servers that your mail server sends only legitimate emails as I did with the SPF record above. Services such as Mailgun use both SPF and DKIM records to use their email cannons.

AAAA Records

As the Internet runs out of IP addresses, we’re slowly moving to a larger addressing scheme, IPV6. You can read Be the First On Your Block Running IPV6 (Tuts+) for more information about this.

If you decide to support IPv6 addressing, you’ll need to configure an AAAA record with its larger addressing scheme:

Today, most IPv4 to IPv6 conversion is handled transparently behind the scenes. Though at some point long after climate change has killed off the last polar bear ( thanks Senator Inhofe), A records may become a relic and AAAA will be the primary DNS record to configure.

Did you find this article valuable?

Support Cyber Security by becoming a sponsor. Any amount is appreciated!