Domain Name System (DNS)
The Domain Name System is a naming system for the internet. It was originally invented to assign names to IPs, because names are more easy to remember than the numbers in IP addresses. meanwhile, DNS has more purposes than to translate names in numbers only.
Hierarchy
DNS is a hierarchical system. On top of the hierarchy-stryucture of a domain name is the toplevel domain (TLD). Examples of toplevel domains are "com", "net", "org", "nl", "berlin" and many more. TLDs are provided by IANA.
In the example "example.com", "com" is the toplevel domain and "example" is the second level domain or public suffix domain (PSD).
Some toplevel domains have a second-level domain (SLD) included in their hierarchy. One famous example is "co.uk". In "example.co.uk", "uk" is the TLD, "co" is the SLD and "example" is the PSD.
The responsible domain is the domain that's on top of a zone. Any responsible domain can have almost infinite subdomains. In our example "sub.example.com", "example.com" is the responsible domain and "sub" is the subdomain. In "sub1.sub2.sub3.example.com", "example.com" is the responsible domain for all subdomain levels.
Record types
There are various types of records with a variety of functions. The most important ones are:
Name | Purpose | Lookup result example |
---|---|---|
A | Assigns an IPv4 address to a name | $ host -t a example.com example.com has address 192.168.10.34 |
AAAA | Assigns an IPv6 address to a name | host -t aaaa example.com example.com has IPv6 address fe80::1ff:fe23:4567:890a |
MX | Assigns mail-receiving hostnames with priorities to a name | $ host -t mx example.com example.com mail is handled by 10 mx2.example.com. example.com mail is handled by 5 mx1.example.com. |
CNAME | Causes this domain to be an alias of another domain | $ host -t cname aliasdomain.example.net aliasdomain.example.net is an alias for example.com. |
TXT | Holds a piece of text | $ host -t txt _spf.example.com _spf.example.com descriptive text "v=spf1 ip4:192.168.10.34 ip6:fe80::1ff:fe23:4567:890a ~all" |
PTR | Reverse DNS assigns a name to an IP | $ host -t ptr 192.168.10.34 34.10.168.192.in-addr.arpa domain name pointer example.com. |
NS | Delegates a (sub)domain to one or more nameservers | $ host -t ns example.com example.com name server dns2.example.net. example.com name server dns1.example.net. |
A- and AAAA-Record
Those two record types assign IPs to domain names. For example, if my domain name is "example.com" and my website is hosted at "192.168.10.34", I need to set an A-Record with the content "192.168.10.34" on "example.com".
MX-Record
MX Records assign mail servers (MTAs) to a domain. MX records consist of a domain name and a priority:
- The domain name should contain an A and/or AAAA record with the IP address of the MTA.
- The priority is used to prioritise one MTA over another. In the above example, "mx1.example.com" has the lowest priority (5) and will be tried first. Only if "mx1.example.com" is unavailable, "mx2.example.com" is used. When multiple domains in an MX record have the same priority, a random choice is made (round robin).
CNAME Record
CNAME records are aliases. Let's stick with the example from the above table and "aliasdomain.example.net" is an alias of "example.com", as you can see from the CNAME record. If we now first query the A-Records and then the TXT record for "aliasdomain.example.net", this will be the output:
$ host -t a aliasdomain.example.net aliasdomain.example.net is an alias for example.com. example.com has address 192.168.10.34 example.com has IPv6 address fe80::1ff:fe23:4567:890a $ host -t txt aliasdomain.example.net aliasdomain.example.net is an alias for example.com. example.com descriptive text "v=spf1 ip4:192.168.10.34 ip6:fe80::1ff:fe23:4567:890a ~all"
A CNAME record ona domain renders A-, MX- and TXT-records on the same domain invalid. In fact, it's recommended to remove all other records once a CNAME record is available.
Common use cases for CNAME records are:
In both use cases, domain delegation could offer a much better solution.
TXT Record
TXT records are records that can hold various pieces of text. The most common use case is for domain verification, whereby a provider provides a code and when this code is later found in a DNS TXT record, domain ownership has been verified. Common use cases in E-Mail are:
SPF records
Main article: Sender Policy Framework (SPF)
Example:
host -t aaaa example.com example.com has IPv6 address fe80::1ff:fe23:4567:890a
DKIM records
Main article: DomainKeys Identified Mail (DKIM)
Example:
host -t txt selector._domainkey.example.com selector._domainkey.example.com descriptive text "v=DKIM1; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vuPa8g6qdfYLi9TWfbMzFoijdNfJC6/a0uGfIj6fOr+z1fJlOsM1DhKaEaSkNeI0ClKjLx9648CfMl02TxViTvG1Ne2sDsFvGc53NzEd65I2BsPuLpBsHo5zXbZ1ZvLhFm+iOjXlPnD1WlOeQuDhFdIdR+1lWt5aExNwBvIqBr+nYfJt094h9fUwXxMpJ+75GtBdAo3j2nOlWlZtCkWnDmCsXd0j6nNrHz0fO8VqCcJmQsP1ThUgBlO7T3L4PiVg1yHbDpKyTgVb6zHpYt/cXiKmIxVn6nQoDxL9ZfQ2EmVi7hUfMcSoFpWdIpYuOnMmPgPk47J+YZjv4N2X6UpSQIDAQAB"
DMARC records
Main article: Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Example:
$ host -t txt _dmarc.example.com _dmarc.example.com descriptive text "v=DMARC1; p=reject; rua=mailto:dmarc@dmarc.example.com; ruf=mailto:dmarc@dmarc.example.com; rf=afrf; pct=100;"
PTR Record
PTR records, or reverse DNS, are defined in RFC1035. The reverse lookup is meant to find a name to an IP, instead of the other way around. Because it's not possible to create a DNS zone with an IP, an alias (canonical name) is used for each IP. This alias always has the TLD "arpa", which is reserved for this purpose. IPv4 uses "in-addr.arpa" and IPv6 uses "ip6.arpa".
Each sending IP should resolve recursively to a domain. This domain is the "hostname". Each hostname should resolve to an IP. This IP should be the same sending IP we started from.
Example from Gmail with sending IP 2a00:1450:4864:20::632:
$ host -t ptr 2a00:1450:4864:20::632 2.3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.ip6.arpa domain name pointer mail-ej1-x632.google.com. $ host -t aaaa mail-ej1-x632.google.com mail-ej1-x632.google.com has IPv6 address 2a00:1450:4864:20::632
DNS delegation
If you create an NS record for a subdomain, this subdomain now is on top of it's own zone. What used to be a subdomain, is now a responsible domain.
For example, with DNS delegation it's possible for dns[1|2].example.com to host the zone for "example.com", while dns[1|2].example.net hosts the zone for "sub.example.com".