This post is a follow up from the Computer Networking discussion. We previously discussed about Domain Name System. The topic of (DNS) system topic, like most computer networking subtopics can be so broad. I recently posted about DNS and Domain names, however, in the DNS records section of that post, I briefly mentioned DNS records to keep that post from becoming to lenghty. I hoped to create another post that will dwell solely on the DNS records. Here is the post.
what are dns records
The DNS records are made up of some set of strings that are interpreted as commands. These command tells the DNS servers what to do. The commands, combined to make text files are called the DNS syntax.
Therefore, you can liken DNS records to a registrar with long list of student name and their corresponding courses, and academic standings. Each time a parent request for the academic result of the ward, the registrar consults the list and give out the correct situation report to the parent.
TIME TO LIVE
I have being in a situation where I or one of the developer had made some changes in a application, however, it would not reflect immediately on the live application. This usually happens when the TTL is set too high for a domain name.
DNS records usually have time that the tell the servers to refresh the records, and until that time elapse, the old content will be cache in the domain. This time is usually referred to as Time To Live (TTL). The TTL of a record can range from 50 seconds to 144000 seconds.
All domain are required to have at least the essential DNS records.
the essential DNS records
- A record: The record that holds the IP address of a domain. e.g 143.222.361.9
- AAAA record :The record contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address). 2001:db8:3333:4444:5555:6666:7777:8888.
- CNAME record: Forwards one domain or subdomain to another domain. It does NOT provide an IP address. e.g oxla.io to blog.oxla.io
- MX record: Another important record which directs mail to an email server. It usually has priority level that can range from 5 to 50.
- TXT record: In addition, the TXT allow an admin store text notes in the record. IF you ever wonder what secures your email, the records are often used for email security.
- NS record: This is also one crucial record if you want to transfer you domain from one provider to another. The NS record stores the name server for a DNS entry.
- SOA record: Stores admin information about a domain.
- SRV record: Specifies a port for specific services.
- PTR record: Provides a domain name in reverse-lookups.
less common records
Even though this record are addressed as less common, they are sometime very crucial to your domain management system. They include:
- AFSDB record – This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells.
- APL record – The ‘address prefix list’ is an experiment record that specifies lists of address ranges.
- CAA record – This is the ‘certification authority authorization’ record. The domain owners can state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains.
- DNSKEY record – The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.
- CDNSKEY record – The Child Domain Name System Key (CDNSKEY) is a child copy of the DNSKEY record, meant to be transferred to a parent.
some more records
- DNAME record – The ‘delegation name’ record, like CNAME creates a domain alias. However, the alias will redirect all subdomains as well. For instance if you bought ‘example.com’ and domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains created with website.net.
- HIP record – This record uses ‘Host identity protocol’. Also, it is a way to separate the roles of an IP address. So, you will mostly use this in mobile computing.
- IPSECKEY record – The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC). It is an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).
- LOC record – There is also ‘location’ record that contains geographical information for a domain in the form of longitude and latitude coordinates.
- NAPTR record – The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URI’s to point to based on a regular expression.
let’s round up this list
- RRSIG record – The ‘resource record signature’ is a record to store digital signatures used to authenticate records in accordance with DNSSEC.
- RP record – This is the ‘responsible person’ record. It stores the email address of the person responsible for the domain.
- SSHFP record – This record stores the ‘Secure Shell (SSH) public key fingerprints’. SSH is a cryptographic networking protocol for secure communication over an unsecure network.
- CERT record – The ‘certificate record’ stores public key certificates.
- DCHID record – The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP). It is a standardized network protocol used on IP networks.
- NSEC record – The ‘next secure record’ is part of DNSSEC. It’s used to prove that a requested DNS resource record does not exist.
Now that you know your domain records, it is also important to understand how you can protect your DNS records to ensure secure traffic, and also let the internet and your website user trust the credibility of your website. You need a security of the information exchange between your website and the connecting system. You need a certificate of “trust” called the Secure Socket Layer or Transport Layer Security certificate.
The SSL or TLS certificate will ensure any traffic accessing your website through your domain name will be in the Secure HyperText Transport Protocol (HTTPS). There a couple of certificates provider, however, I have a comprehesive step-by-step post on how to install a free Let’s Encrypt certificate
Finally, always remember, your domain name is your website identity on the web.