Records
DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do. All DNS records also have a ‘TTL’, which stands for time-to-live, and indicates how often a DNS server will refresh that record.
A record
The "A" stands for "address" and this is the most fundamental type of DNS record: it indicates the IP address of a given domain.
Here is an example of an A record:
| example.com | record type | value | TTL |
|---|---|---|---|
| @ | A | 192.0.2.1 | 14400 |
The "@" symbol in this example indicates that this is a record for the root domain, and the "14400" value is the TTL (time to live), listed in seconds. The default TTL for A records is 14,400 seconds. This means that if an A record gets updated, it takes 240 minutes (14,400 seconds) to take effect.
AAAA record
Here is an example of an AAAA record:
| example.com | record type: | value: | TTL |
|---|---|---|---|
| @ | AAAA | 2001:0db8:85a3:0000: 0000:8a2e:0370:7334 |
14400 |
CNAME record
A "canonical name" (CNAME) record points from an alias domain to a "canonical" domain. A CNAME record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. Imagine a scavenger hunt where each clue points to another clue, and the final clue points to the treasure. A domain with a CNAME record is like a clue that can point you to another clue (another domain with a CNAME record) or to the treasure (a domain with an A record).
For example, suppose blog.example.com has a CNAME record with a value of "example.com" (without the "blog"). This means when a DNS server hits the DNS records for blog.example.com, it actually triggers another DNS lookup to example.com, returning example.com’s IP address via its A record. In this case we would say that example.com is the canonical name (or true name) of blog.example.com.
Oftentimes, when sites have subdomains such as blog.example.com or shop.example.com, those subdomains will have CNAME records that point to a root domain (example.com). This way if the IP address of the host changes, only the DNS A record for the root domain needs to be updated and all the CNAME records will follow along with whatever changes are made to the root.
Example of a CNAME record:
| blog.example.com | record type: | value: | TTL |
|---|---|---|---|
| @ | CNAME | is an alias of example.com | 32600 |
In this example you can see that blog.example.com points to example.com, and assuming it is based on our example A record we know that it will eventually resolve to the IP address 192.0.2.1.
MX record
An MX (Mail Exchange) record in DNS guides email to a specific mail server. It specifies the route for email messages based on the Simple Mail Transfer Protocol (SMTP), the standard protocol for email. Similar to CNAME records, an MX record always points to a different domain.
Example of an MX record:
| example.com | record type: | priority: | value: | TTL |
|---|---|---|---|---|
| @ | MX | 10 | mailhost1.example.com | 45000 |
| @ | MX | 20 | mailhost2.example.com | 45000 |
The 'priority' numbers before the domains for these MX records indicate preference; the lower 'priority' value is preferred. The server will always try mailhost1 first because 10 is lower than 20. In the result of a message send failure, the server will default to mailhost2.
The email service could also configure this MX record so that both servers have equal priority and receive an equal amount of mail:
| example.com | record type: | priority: | value: | TTL |
|---|---|---|---|---|
| @ | MX | 10 | mailhost1.example.com | 45000 |
| @ | MX | 10 | mailhost2.example.com | 45000 |
This configuration enables the email provider to equally balance the load between the two servers.
NS record
NS stands for ‘nameserver,’ and the nameserver record indicates which DNS server is authoritative for that domain (i.e. which server contains the actual DNS records. Basically, NS records tell the Internet where to go to find out a domain's IP address. A domain often has multiple NS records which can indicate primary and secondary nameservers for that domain. Without properly configured NS records, users will be unable to load a website or application.
Here is an example of an NS record:
| example.com | record type: | value: | TTL |
|---|---|---|---|
| @ | NS | ns1.exampleserver.com | 21600 |
Note that NS records can never point to a canonical name (CNAME) record
When NS records are updated, it may take several hours for the changes to be replicated throughout the DNS.
There are other DNS records that i didn't cover which will be included in the links below.
Useful shell commands
You may need to install network utils and packages before running the commands below.
nslookup
A network tool for querying DNS to obtain information about domain names and IP addresses. While it's older and less feature-rich than dig, it's available on many systems and provides basic DNS lookup capabilities.
nslookup - brings the interactive mode
> [domain] - query dns server for domain
> [ip_address] - reverse dns lookup
> set type=x - determines the type of DNS record that the DNS server will use to answer the query (x = DNS record type)
> set recursive - query other DNS servers if the default server does not have the information
> ls -a domain - list all canonical (true) names and aliases in domain
> ls -d domain - list all available records for domain.
> ls -t [type] domain - list all DNS TYPE records for domain
> exit - quit the interactive mode
Example
$ nslookup # Open nslookup interactive mode
> google.com
Server: 172.20.10.1
Address: 172.20.10.1#53
Non-authoritative answer:
Name: google.com
Address: 172.217.20.174
> set type=AAAA # Set AAAA type for next queries (IPv6)
> google.com
Server: 172.20.10.1
Address: 172.20.10.1#53
Non-authoritative answer:
google.com has AAAA address 2a00:1450:4007:80c::200e
dig
A versatile DNS (Domain Name System) tool for querying DNS information, providing detailed responses, and supporting various query types. It offers extensive options and is commonly used for troubleshooting and DNS analysis.
dig [domain] - query dns server for name
dig +short [domain] - short form of query output
dig [DNS_record] [domain] - query dns for given DNS record
dig -x [ip_address] - reverse dns lookup
dig @nameserver [domain] - query different name server
Example
$ dig @8.8.8.8 +short google.com
>> 216.58.214.174
whois
Checks information about ownership of a domain name
whois [domain] - querying databases that store the registered users or assignees, such as a domain name, an IP addresses
host
A simple command-line utility for DNS lookups, capable of translating domain names to IP addresses and vice versa. It provides basic DNS information in a straightforward format, suitable for quick queries and basic troubleshooting.
host [domain] - query dns server for domain
host [ip_address] - reverse dns lookup
host -t [DNS_record] [domain] - query dns for given DNS record
Example
$ host youtube.com
>> youtube.com has address 142.250.201.174
youtube.com has IPv6 address 2a00:1450:4007:80e::200e
youtube.com mail is handled by 0 smtp.google.com.
$ host -t A youtube.com
>> youtube.com has address 216.58.214.174
$ host -t NS youtube.com
>> youtube.com name server ns2.google.com.
youtube.com name server ns4.google.com.
youtube.com name server ns1.google.com.
youtube.com name server ns3.google.com.
ping
A ping measures the latency of a connection for a target location. For demonstration purposes, I’ll run a ping test using 8.8.8.8, Google’s public DNS address.
Example
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=90.834 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=48.649 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=47.372 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 47.372/62.285/90.834/20.194 ms
traceroute or tracert
A traceroute traces a packet’s path, from the starting point to the destination.
Example
$ traceroute google.com
>> traceroute to google.com (142.250.178.142), 64 hops max, 52 byte packets
1 172.20.10.1 (172.20.10.1) 6.461 ms 3.192 ms 2.537 ms
2 * * *
3 * 192.168.4.30 (192.168.4.30) 62.968 ms 34.551 ms
4 192.168.255.19 (192.168.255.19) 43.909 ms 33.963 ms 40.175 ms
5 194.149.185.144 (194.149.185.144) 24.554 ms 33.511 ms 39.744 ms
6 194.149.173.32 (194.149.173.32) 39.917 ms 48.690 ms 32.094 ms
7 * * 194.149.166.22 (194.149.166.22) 63.474 ms
8 194.149.166.62 (194.149.166.62) 29.755 ms 38.763 ms 40.086 ms
9 72.14.221.62 (72.14.221.62) 41.002 ms 41.752 ms
72.14.211.26 (72.14.211.26) 47.443 ms
10 108.170.245.1 (108.170.245.1) 38.538 ms
108.170.244.193 (108.170.244.193) 54.826 ms 36.586 ms
11 142.251.64.131 (142.251.64.131) 39.879 ms 34.754 ms
142.251.64.129 (142.251.64.129) 38.454 ms
12 142.251.64.129 (142.251.64.129) 42.599 ms
142.251.64.131 (142.251.64.131) 31.373 ms
108.170.244.241 (108.170.244.241) 45.710 ms
13 par21s22-in-f14.1e100.net (142.250.178.142) 29.977 ms
209.85.251.179 (209.85.251.179) 32.639 ms
par21s22-in-f14.1e100.net (142.250.178.142) 38.448 ms
The packet has gone through 13 routers in order to reach the final destination
Top comments (0)