The Internet is built on large networks of computers that identify each other via a string of numbers known as IP addresses.
When you type a website address into your browser, your computer makes a request, or lookup, to a cluster of servers to translate that number into a human-readable name faster than you can blink an eye. The process that translates and resolves those numbers is known as the DNS, or Domain Name System.
What is DNS?
The DNS is made up of the Resolving Name Server, the Root Name Server, the TLD (Top-Level Domain) Name Servers, and the Authoritative Name Server. This cluster is managed by a registrar that keeps your purchased domain name in a registry. When we launch a new website for a client, we check that we have the correct DNS settings to ensure people can connect to the website — or actually to the server cluster where the website is hosted. One way to visualize this is to imagine dialing a phone number to call a friend, but instead of entering a number, you simply type in a name. For instance, in the browser address bar I could type in 22.214.171.124 or I could type ‘www.google.com’. When we say we’re making a DNS switch, we’re literally changing the address records, or phone number, to which your domain name resolves.
Defining DNS Types
DNS is broken down into several types of records contained within the DNS Zone file (more on this below) to effectively serve requests for different functions. Let’s take a look at the most common ones that we typically deal with:
- A record
- CNAME records
- MX records
- TXT records
- SPF records
- NS records
The A record is an address or host record. It tells the host domain name to convert to an IP address. All computers that are hooked up to the Internet will have an IP address. In order for people to get to your website, they’ll need to know the IP address where your web server is running.
CNAME records are used to point one hostname to a canonical name. You’ll often see CNAME records used for your “www” host name, i.e. www.jumpingjackrabbit.com is a CNAME for jumpingjackrabbit.com. There is a caveat with CNAME records: they cannot appear alongside any other record on the same host name in your DNS zone. Some DNS providers have created a new proprietary record type, called an ALIAS record, which helps solve this problem, but you’ll need to use a provider that supports it.
MX records specify which servers to use to deliver email that is sent to email addresses at a domain. For example, if an email is sent to [email protected] then a mail delivery agent, which is the software that delivers the email, will ask example.com for its MX records in order to figure out where to send the email. It’s a good practice to have multiple MX records for your domain in case one mail server is offline, but you’ll need to make sure your email provider can provide multiple mail servers.
TXT records simply contain text. They’re used for things where no other record type exists and are often proprietary in nature.
SPF records are an email validation system used by mail servers to help reduce spam. The Sender Policy Framework tells your mail service who is authorized to receive and send email by the domain’s administrators.
NS records are used to delegate a domain to authoritative name servers. In most cases, you won’t need to worry too much about NS records; you just need to make sure that the namespace set by your domain registrar agrees with the namespace returned by the Authoritative Name Servers.
Idiom of Interest
DNS ZONE – This is an apportioned, administrative space within the global Domain Name System. Every zone contains its own managed entity, and is organized in a hierarchical tree of cascading lower-level domains forming the DNS namespace. Authority is usually delegated by a country code and a TLD registry.
TTL – There is a set time period, or countdown, called Time-to-live which specifies how long the records should be kept in the DNS server’s memory cache. If we perform a DNS switch, we use this value to determine how long it could take the records to resolve the new address and propagate throughout all the servers around the world. When the TTL value reaches zero, then the records are removed from the current server’s memory cache and moved to the new server.
Unfortunately, the DNS infrastructure isn’t invulnerable to a variety of crippling attacks. For instance, a DDoS (distributed denial of service) attack is an attempt to make a website or online service unavailable by overwhelming it with traffic from multiple sources. A properly executed DDoS attack can significantly stall or shut down a server cluster and consequently the websites it hosts. While there are no proactive steps one can take to prevent such attacks at the top-level, there are lower-level steps to protect websites and prevent hackers from exploiting your data and potentially doing harm. We’ve provided a list of these steps here: Guard Rabbit Security Tips.
Your computer makes hundreds of DNS lookups every day. DNS is an integral part to the structure of the web and serves as the Internet’s phone book. While it sounds complicated, it is designed to be fast and efficient, and it is why we place a high emphasis on its proper execution with all of our clients.