Configuring DNS
DNS Zonesā
A DNS zone is a distinct part of the domain name space in the Domain Name System (DNS), which administrators use for managing domains. It represents a portion of the global DNS namespace assigned to a manager or organization, responsible for maintaining the DNS records within that zone.
Essentially, a DNS zone is an administrative space that allows for more granular control of DNS components, such as mapping domain names to IP addresses (A and AAAA records), mail servers (MX records), and other services.
Here's a more detailed look at its key characteristics:
Structure and Functionalityā
-
DNS Records: A DNS zone contains various types of DNS records, such as A, AAAA, MX, CNAME, NS, and TXT records. These records provide essential mappings and information about the domain, including where to find specific services and how to handle different types of requests.
-
Zone Files: The DNS zone information is often stored in a zone file. This file contains all the DNS records for the domains within the zone, including directives and resource records that define how domain names are resolved.
Administrative Controlā
-
Delegation: In the DNS hierarchy, authority is delegated downward from top-level domains (TLDs) to secondary level domains and so on. Each level of this hierarchy can be considered a zone that can be managed independently. For example, if you own
example.com
, you control the DNS zone forexample.com
and can delegate a subdomain likesub.example.com
to another DNS zone. -
Name Servers: Each DNS zone is served by DNS servers, known as name servers. These servers have the authoritative answers to queries about the domain names within the zone. When a zone is delegated from a parent domain, the NS (Name Server) records and sometimes glue records (A or AAAA records for the NS servers) are set up in the parent zone to direct traffic to the authoritative servers for the child zone.
Securityā
- DNSSEC: DNS zones can be secured using DNS Security Extensions (DNSSEC). This suite of specifications helps protect against certain types of attacks by adding digital signatures to DNS data. This ensures that the received DNS responses are authentic and have not been tampered with.
Dynamic Updatesā
- Dynamic DNS (DDNS): Some zones are configured to allow dynamic updates. This means that the DNS records within the zone can be updated automatically to reflect changes in IP addresses or services, which is particularly useful for environments with frequently changing IP addresses.
In summary, a DNS zone is a critical component in the DNS infrastructure, allowing domain owners and network administrators to manage and serve the DNS records for their domains. It plays a vital role in the navigation and functionality of the internet, enabling the resolution of human-friendly domain names into the IP addresses that computers use to communicate.
Recordsā
DNS (Domain Name System) records are essential elements of the internet's infrastructure, translating human-friendly domain names into IP addresses that computers use to identify each other. Here's an overview of the primary types of DNS records and their purposes:
- A Record (Address Record): Maps a domain name to its corresponding IPv4 address. This is one of the most common types of DNS records.
- AAAA Record (IPv6 Address Record): Similar to the A record but maps a domain name to an IPv6 address, which is the next generation of IP addresses.
- CNAME Record (Canonical Name Record): Used to alias one domain name to another domain name. It's useful for associating subdomains with the domain's primary IP address.
- MX Record (Mail Exchange Record): Specifies the mail servers responsible for receiving email on behalf of a domain. It prioritizes mail delivery if multiple servers are listed.
- TXT Record (Text Record): Allows administrators to insert arbitrary text into a DNS record. Commonly used for verifying domain ownership and implementing email security measures such as SPF, DKIM, and DMARC.
- NS Record (Name Server Record): Points to the servers that are authoritative for a domain. It's essential for delegating subdomains and directing traffic to the correct name servers.
- PTR Record (Pointer Record): Maps an IP address to a domain name, the reverse of an A or AAAA record. It's primarily used in reverse DNS lookups.
- SRV Record (Service Record): Specifies information about available services under a domain. It includes the port number and the hostname of the server providing the service. Commonly used for SIP and XMPP protocols.
- CAA Record (Certification Authority Authorization Record): Specifies which certificate authorities (CAs) are allowed to issue certificates for a domain. This helps improve the security of the domain by preventing unauthorized issuance of certificates.
- SOA Record (Start of Authority Record): Contains administrative information about the domain, such as the primary name server, the email of the domain administrator, the domain serial number, and timers relating to refreshing the zone.
- DNSKEY Record: Part of the DNSSEC (DNS Security Extensions) protocol, it contains the public key that a DNS resolver uses to verify DNSSEC signatures in RRSIG records.
- RRSIG Record (DNSSEC Signature): Contains signatures for DNSSEC-enabled records to ensure their authenticity and integrity.
- NAPTR Record (Name Authority Pointer Record): Used in Dynamic Delegation Discovery System (DDDS) applications, it defines rules for rewriting and delegating queries in certain protocols, often used in VoIP configurations.
Fully qualifed Domain name (FQDN)ā
When you see a domain name in DNS configurations ending with a period (.), it signifies that the domain name is fully qualified. This means it's an absolute domain name rather than a relative one.
In the context of DNS, a fully qualified domain name (FQDN) includes all domain levels, including the top-level domain (TLD) and a trailing dot, which represents the root of the DNS hierarchy.
The trailing dot tells the DNS resolver that this is a complete address and prevents any further suffixes from being automatically appended.
In many DNS configurations, especially when specifying names in zone files or DNS records, omitting the final period might lead the DNS software to append the domain of the zone to the end of the record.
Exampleā
For example, if your zone is example.com.
and you define a record for www
without a trailing dot, it could be interpreted as www.example.com.example.com.
, which is likely not what you intended.
CNAME: WWWā
You should include the period at the end if you are specifying an absolute (fully qualified) domain name for the target of the CNAME record. This ensures that the DNS system understands you're pointing to a complete domain name outside of the current zone.
Here's a simple example:
- Without the trailing period:
www IN CNAME anotherdomain.com
might be interpreted aswww.example.com IN CNAME anotherdomain.com.example.com.
- With the trailing period:
www IN CNAME anotherdomain.com.
correctly specifies thatwww.example.com
should alias toanotherdomain.com.
exactly as you intended.
So, in summary, including the period at the end of a domain name in your DNS configurations makes your intention clear and avoids potential confusion or misconfiguration in the DNS system.
Domain for your GitHub Pages siteā
Scenario | DNS record type | DNS record name | DNS record value(s) |
---|---|---|---|
Apex domain
| A | @ | 185.199.108.153 185.199.109.153 185.199.110.153 185.199.111.153 |
Apex domain
| AAAA | @ | 2606:50c0:8000::153 2606:50c0:8001::153 2606:50c0:8002::153 2606:50c0:8003::153 |
Apex domain
|
| @ |
|
Subdomain
| CNAME | SUBDOMAIN.example.com. |
|
Resourcesā
Managing a custom domain for your GitHub Pages site
MX: Gmailā
1 ASPMX.L.GOOGLE.COM.
5 ALT1.ASPMX.L.GOOGLE.COM.
5 ALT2.ASPMX.L.GOOGLE.COM.
10 ASPMX2.GOOGLEMAIL.COM.
10 ASPMX3.GOOGLEMAIL.COM.
1 SMTP.GOOGLE.COM
Most Common Acronymsā
- DNS: Domain Name System - The system that translates human-friendly domain names (like
example.com
) into IP addresses that computers use to identify each other on the network. - IP: Internet Protocol - A set of rules governing the format of data sent over the internet or local network.
- ISP: Internet Service Provider - A company that provides access to the internet.
- NS: Name Server - Specifies the servers that have the DNS information for a domain.
- SOA: Start of Authority - Contains administrative information about a zone, including the primary name server, email of the domain administrator, domain serial number, and timers.
- SPF: Sender Policy Framework - A protocol used to prevent email spoofing by specifying which mail servers are allowed to send email on behalf of a domain.
- DKIM: DomainKeys Identified Mail - An email authentication method designed to detect forged sender addresses in emails.
- DMARC: Domain-based Message Authentication, Reporting, and Conformance - An email authentication, policy, and reporting protocol that builds on SPF and DKIM.
- DDNS: Dynamic Domain Name System - Allows the updating of a domain's DNS records dynamically.
- DNSSEC: DNS Security Extensions - Adds security to the DNS to protect against certain types of attacks, such as cache poisoning.
Domainsā
- TLD: Top-Level Domain - The last segment of a domain name, such as
.com
,.org
, or.net
. - SLD: Second-Level Domain - The part of a domain name directly to the left of the TLD, commonly the "name" part of the domain.
- CNAME: Canonical Name - Used to alias one domain name to another.
Recordsā
- MX: Mail Exchange - DNS records that specify the mail server responsible for accepting email messages on behalf of a domain.
- A: Address Record - Points a domain or subdomain to an IPv4 address.
- AAAA: IPv6 Address Record - Points a domain or subdomain to an IPv6 address.
- PTR: Pointer Record - Maps an IP address to a host name, the reverse of an A or AAAA record, primarily used for reverse DNS lookups.
- SRV: Service Record - Specifies a host and port for specific services such as VOIP, IM, etc.
- TXT: Text Record - Allows administrators to insert arbitrary text into a DNS record; often used for email security protocols like SPF, DKIM, and DMARC.