Chapter 6
Domain Name System (DNS)
By Nikhila Sattala
15 mins read
DNS is a fundamental component of the internet that translates human-friendly domain names (e.g., www.example.com) into numeric IP addresses (e.g., 203.0.113.1) used by computers to locate resources on the internet.
Scenario
Imagine you want to visit a website, like www.example.com, in your web browser. Here's how DNS works in this scenario:
How DNS Works:
Imagine you want to visit a website, like www.example.com, in your web browser. Here's how DNS works in this scenario:
How DNS Works:
You Enter a URL
You type "www.example.com" into your web browser's address bar and hit Enter.
DNS Query Begins
Your computer realizes that it needs to find the IP address of www.example.com to connect to the website. It starts a DNS query.
Local DNS Cache
Your computer first checks its local DNS cache. This cache stores recently resolved domain names and their corresponding IP addresses. If it finds a match, the query ends here, and your computer uses the cached IP address.
Asking the Local DNS Server
If the IP address is not in the cache, your computer sends the DNS query to your local DNS server. This is usually provided by your Internet Service Provider (ISP).
Root DNS Server
If the local DNS server doesn't have the IP address for www.example.com, it starts a chain reaction. It first contacts a root DNS server, which is a high-level server responsible for directing DNS queries to the appropriate top-level domain (TLD) server.
TLD DNS Server
The root DNS server points the local DNS server to the appropriate TLD DNS server. In this case, it directs it to the ".com" TLD server.
Authoritative DNS Server
The ".com" TLD server, in turn, directs the local DNS server to the authoritative DNS server for "example.com." The authoritative DNS server is the one that has the official records for that domain.
IP Address Retrieval
The authoritative DNS server for "example.com" provides the IP address associated with www.example.com.
Local DNS Server's Cache
The local DNS server caches the IP address for www.example.com to speed up future requests.
IP Address to Your Computer
Finally, the local DNS server sends the IP address back to your computer.
Website Retrieval
Your computer can now use the obtained IP address (e.g., 203.0.113.1) to connect to www.example.com's web server and retrieve the website content.
DNS Records
DNS records are entries in the DNS database that contain information about a domain or subdomain. Common DNS record types include:
A (Address) Record
Maps a domain to an IPv4 address.
AAAA (IPv6 Address) Record
Maps a domain to an IPv6 address
CNAME (Canonical Name) Record
Creates an alias for an existing domain name (used for subdomains or domain redirection).
MX (Mail Exchanger) Record
Specifies the mail server responsible for receiving email messages for a domain.
TXT (Text) Record
Stores text information, often used for various purposes such as domain verification or SPF records for email authentication.
How to configure DNS
DNS configuration involves setting up DNS records to map domain names to IP addresses and specifying the authoritative DNS servers responsible for the domain. Here's a simplified example:
Example #1:
You have a domain "example.com," and you want to configure DNS to point "www.example.com" to a web server with IP address 203.0.113.1.
Steps to Configure DNS:
Step 1 - Choose a DNS Provider:
Select a DNS service provider or use your own DNS server software. A few DNS service providers are Amazon Route53, GoDaddy, NameCheap.
Step 2 - Create DNS Records:
Create an A record that maps "www.example.com" to the IP address 203.0.113.1. This tells DNS where to find the web server for your website.
Step 3 - Set Name Servers:
Specify the authoritative DNS servers (name servers) for your domain. These servers will host your DNS records. You typically configure this with your domain registrar.
Examples of authoritative DNS servers include:
Step 4 - Propagation:
It may take some time (usually a few hours to a day) for DNS changes to propagate across the internet. During this period, DNS servers around the world update their records to reflect your changes.
You have a domain "example.com," and you want to configure DNS to point "www.example.com" to a web server with IP address 203.0.113.1.
Steps to Configure DNS:
Step 1 - Choose a DNS Provider:
Select a DNS service provider or use your own DNS server software. A few DNS service providers are Amazon Route53, GoDaddy, NameCheap.
Step 2 - Create DNS Records:
Create an A record that maps "www.example.com" to the IP address 203.0.113.1. This tells DNS where to find the web server for your website.
Step 3 - Set Name Servers:
Specify the authoritative DNS servers (name servers) for your domain. These servers will host your DNS records. You typically configure this with your domain registrar.
Examples of authoritative DNS servers include:
- ns1.example.com and ns2.example.com: These are hypothetical authoritative DNS servers for the domain "example.com." These servers store and provide DNS records for "example.com" and its subdomains.
- ns1.google.com: An authoritative DNS server used by Google for some of its domain names. This server stores and provides DNS records for Google's domains.
- ns1.cloudflare.com: An authoritative DNS server operated by Cloudflare, which hosts DNS records for domains using Cloudflare's DNS services.
- ns1.awsdns.com: Amazon Route 53's authoritative DNS servers, which store DNS records for domains using Amazon Route 53 services.
Step 4 - Propagation:
It may take some time (usually a few hours to a day) for DNS changes to propagate across the internet. During this period, DNS servers around the world update their records to reflect your changes.
Example #2:
You own the domain "example.com" and want to set up email authentication using SPF (Sender Policy Framework) to ensure that only authorized mail servers can send emails on behalf of your domain.
By restricting email sending privileges to authorized mail servers, you prevent unauthorized parties from sending emails that appear to come from your domain. This prevents email spoofing, which is a common tactic used by spammers and malicious actors to deceive recipients.
In this scenario, you should use a TXT record to implement SPF for email authentication as follows:
Access Your DNS Management Interface:
Log in to your DNS hosting provider's website or access the DNS management interface provided by your domain registrar.
Locate the DNS Records Section:
Find the section where you can manage DNS records. It's often labeled as "DNS Management," "DNS Records," or something similar.
Add a New Record:
In the DNS records section, select "Add" or "Create a new record."
Choose TXT Record Type:
Choose "TXT" as the record type.
Configure the TXT Record:
Enter "example.com" in the subdomain field (if you want the TXT record to apply to the root domain).
In the "Value" or "Data" field in makefile, input your SPF record, like this:
v=spf1 include:_spf.google.com ~all
This SPF record specifies that Google's servers are authorized to send email on behalf of your domain. It allows you to authenticate your domain's email and prevent spoofing.
Save or Publish:
After configuring the record, save or publish it. This will update your DNS zone with the new TXT record.
You own the domain "example.com" and want to set up email authentication using SPF (Sender Policy Framework) to ensure that only authorized mail servers can send emails on behalf of your domain.
By restricting email sending privileges to authorized mail servers, you prevent unauthorized parties from sending emails that appear to come from your domain. This prevents email spoofing, which is a common tactic used by spammers and malicious actors to deceive recipients.
In this scenario, you should use a TXT record to implement SPF for email authentication as follows:
Access Your DNS Management Interface:
Log in to your DNS hosting provider's website or access the DNS management interface provided by your domain registrar.
Locate the DNS Records Section:
Find the section where you can manage DNS records. It's often labeled as "DNS Management," "DNS Records," or something similar.
Add a New Record:
In the DNS records section, select "Add" or "Create a new record."
Choose TXT Record Type:
Choose "TXT" as the record type.
Configure the TXT Record:
Enter "example.com" in the subdomain field (if you want the TXT record to apply to the root domain).
In the "Value" or "Data" field in makefile, input your SPF record, like this:
v=spf1 include:_spf.google.com ~all
This SPF record specifies that Google's servers are authorized to send email on behalf of your domain. It allows you to authenticate your domain's email and prevent spoofing.
Save or Publish:
After configuring the record, save or publish it. This will update your DNS zone with the new TXT record.
Result:
By creating and configuring this TXT record for SPF, you're telling email servers that only servers listed in the SPF record are allowed to send emails on behalf of your domain. This enhances email security and ensures that emails originating from your domain are legitimate.
By creating and configuring this TXT record for SPF, you're telling email servers that only servers listed in the SPF record are allowed to send emails on behalf of your domain. This enhances email security and ensures that emails originating from your domain are legitimate.
Conclusion