DNS configurations require a number of different record types. In this video, you’ll learn about DNS records for addresses, canonical names, mail services, and more.
If you were to look at the configuration file of a DNS server, you would see a number of different lines, and those lines contain one or more different types of DNS records. We refer to these as resource records. And these resource records might provide information that allows us to resolve a name from an IP address, it might contain information about a certificate that we could use to validate DNS information, it may contain aliases of host names that are stored within the DNS database, or one of many other record types.
On the screen is a DNS configuration file. You’ll notice there are a lot of different types of information contained within the DNS file. And in this video we’ll step through a number of these more popular DNS records.
At the very top of the DNS configuration file is a Start Of Authority record, or an SOA. This gives us an overview of what we will find inside of this DNS configuration. Information, such as the DNS zone details– so we can see what domain this particular DNS configuration is a part of. You can see serial number information and you can find details about retries, expirations, and how long information should be stored.
One of the most common record types you will find in a DNS server is the A record, or the AAAA. This record defines the IP address of a host. This is the record containing the information we need when we send a query to a DNS server. Records marked with an A are for IP version four addresses.
So you often see the IPv4 address and the name of the device associated with that IP address. Records marked with four As, or AAAA records, are for IP version six. This provides the same functionality with both IP version four, and IP version six, but the type of record is different, where IPv4 has one A and IPv6 has four As.
This is an a record from my DNS server. You can see the name on this record is www.professormesser.com. This is an internet record. It has an A, which is referring to this address record, and then the IP address of this device– 162.159.246.164. That is the information contained within my DNS server. And if somebody queries that server for www.professormesser.com, that DNS server will return the IP address associated with that A record.
Sometimes you have a single IP address that is referenced by multiple names. And we can configure this alias of names inside of our DNS server. We refer to this record type as a CNAME record– this stands for a canonical name record. So for example, you might have one server such as mail.example.com, but that same server may be providing other services and may be referenced through other names. We would include those names inside of the CNAME records.
For example, you can have a chat alias, and that chat alias is pointing to mail.example.com. You could also have an FTP alias. That FTP alias is also pointing to mail.example.com. And there’s a third alias of www, which is also pointing to that same server that’s located at mail.example.com.
This actually means that there will be multiple requests made if someone was to query www.example.com. The DNS server recognizes that you’re looking for www, and it provides your client with the name, mail.example.com. If you already know the IP address of mail.example.com, then the transaction is over. But if that information is not cached on your machine, a separate request will be made to the DNS server to resolve the IP address for mail.example.com.
Another important record on our DNS servers is the MX record. This stands for mail exchanger record, and obviously this is an important record for organizations that need to make sure that emails are being able to send and receive from that domain name. In this DNS server, you can see there is an MX record, and it specifies that the name of the mail server is mail.example.com. At this point, if you needed to send mail directly to that mail server, you would have to perform another name resolution to mail.example.com. So as long as there is an A record, you’ll be able to resolve the IP address associated with that mail server.
On some DNS servers, you don’t have access to the text-based configuration file, and all of those configuration settings need to be made in a web-based front end. Here’s an example of one of those web-based front ends where we are modifying the mail record. You can see that the name is mail. It specifies the specifics of where that target name is for the mail record. And you can see the time to live in this case is 15 minutes on this DNS server.
Another useful record type on a DNS server is a text record, or TXT record. This provides human readable text information, and it’s used for many different purposes. One of the more common uses of a text record is to configure the SPF information. This stands for Sender Policy Framework. And this is a way that we can tell our DNS server what email servers are authorized to send mail on our behalf.
This is to prevent someone else from building their own mail server and sending mail with your name associated with it. The mail servers that receive these email messages will refer back to the SPF record that’s contained within your DNS server in a text record. And they will verify if that mail really came from an authorized host.
These text records can also be used for DKIM. This is the Domain Keys Identified Mail where we are digitally signing the emails that we are sending to another location. And when those emails are received, that digital signature can be verified. But to be able to verify that digital signature, we need the public key that is associated with that signature itself. And the text record in our DNS server is where we’re going to store that public key.
Here is the SPF text record and the DKIM text record from my DNS server. The SPF record shows professormesser.com, and it shows a specific mail server that is allowed to send mail on my behalf. In this case, it’s the mail server @mailgun.org. And of course, to verify the digital signatures, I also need a DKIM text record. You can see that this public key is quite long, but it is all text information, which makes it perfect to put inside of a DNS text record.
Another important record is a record that specifies where the name servers are for your particular domain. These are obviously extremely important servers, especially if you need to perform name resolution. These are name server records, or NS records, and you can find these NS records listed as individual lines that specify where those name servers happen to be located. For example, in this domain, you can see there are two name servers listed. One is ns1.example.com, and the other is ns2.example.com.
And the last record we’ll look at is a pointer record, or PTR. Whenever we’re performing a query to a domain server, we’re usually asking it for the IP address associated with a fully qualified domain name. For example, we’ll tell the name server that we’d like the IP address for www.professormesser.com.
But you can also perform the reverse lookup where you’re asking the DNS server to provide you with a name by giving it an IP address. To be able to perform that reverse lookup, you need a separate record that provides that reverse information, and that record is the pointer record. For example, on this DNS server, we have a number of pointer records– three different ones listed for joe.example.com, www.example.com and bill.example.com.
You’ll notice there is a number associated with each of those, and that refers back to the IP address associated with that particular subnet. In the DNS configuration, those IP addresses are shown in reverse. So this is for the IP address 192.168.23.2– is joe.example.com. 192.168.23.15 www.example.com and 192.168.23.17 is bill.example.com. If we then perform a reverse DNS query to this server and we’re requesting the IP address of 192.168.23.15, we will receive back the response of www.example.com.