DNS — Web Basics

The Domain Name System (DNS) essentially provides a phone directory for the Internet. You might want to type in apple.com to your web browser to buy iPhone accessories, but how will your request reach Apple’s web server at IP address 17.172.224.47? That’s what the domain name record system does for us.

If you’re a small business owner or WordPress blogger, you’ve probably been told to configure your A and CNAME records. Or, that time you tried to move your email, you were told to change your MX record. Or, a cool web service asked you to set up a TXT record before it would work with you. What’s all this for, and why is it so confusing?

Learning About DNS Record Types

Name Servers

Here’s an example of my NS records for my website, JeffReifman.com:

All the settings we’ll describe below will be configured by you at your NS host and published by their server for the Internet to update their directories.

There are a handful of types of DNS record types, and the most common you’ve probably heard of are A Records.

A Records

I’ve used the Kloth website for years to check DNS records, but there are many you can use, e.g. Google Dig or KeyCDN, whose content delivery network services I wrote about for Tuts+ earlier this year. Many sites offer these tools.

Here’s an example query for an A record on Kloth:

Subdomain Records

Recently, I co-founded Flee the Jungle at http://fleethejungle.com to guide shoppers away from Amazon after my stories about the company’s harm to Seattle and the viral exposé published by the New York Times:

Soon, we’ll be launching city-specific sub-domains, e.g. portland.fleethejungle.com. If we wish to host these on different servers, we’d need to set up distinct A records for each city sub-domain to point to the servers’ unique IP addresses.

Wildcard Entries

Wildcards make it easier to catch traffic from many sub-domains to one server.

Inbound Routing on Your Server

I also sell domains using a web site which dynamically prices them. So, here’s how I tell Apache to accept traffic for all those different domains and DNS records:

Next I’m going to tell you about CNAME records. These are helpful in a number of ways and can be especially helpful in simplifying the management of your IP addresses and future migrations from one server to another.

CNAME Records

I don’t use Tumblr much, but my friend has a website while ago try with them to at http://misc.jeffreifman.com. Here are their instructions for configuring your domain name. They allow either A records or CNAMEs. I used a CNAME:

Here’s my freinds DNS record for misc.jeffreifman.com:

misc.jeffreifman.com CNAME domains.tumblr.com.

Note: You should put a closing period on your CNAME addresses.

When a user requests misc.jeffreifman.com in their browser, the DNS points them to domains.tumblr.com which it will then recursively look up the IP address for, which will be 66.6.44.4.

One advantage of CNAMEs is that if Tumblr ever changes the IP address of their inbound server, I might not need to ever change my CNAME record. It could stay the same and Tumblr can manage the IP change by changing the A record for domains.tumblr.com.

I use this approach for my domain names for sale — most of them point to a CNAME for my web server. If I need to change hosts and change the IP address of my web server, I can change one sub-domain A record for the CNAME I used, rather than changing one hundred A records for each domain name.

Note: The DNS standards don’t technically allow you to point root domain records to a CNAME address, e.g. jeffreifman.com CNAME domains.tumblr.com. That’s why Tumblr suggests an A record for your root domains. However, some DNS name servers do support this — so check with yours. To learn more, read this post by Josh Strange.

Another scenario you’ll use CNAMEs with is CDN services such as described in the KeyCDN tutorial I wrote for Tuts+. I set up four cloud subdomains named c1, c2, c3, c4, all pointing to KeyCDN’s content mirror at jr-faf.kxcdn.com.

What Happens When You Change DNS Records?

It’s also important to realize that DNS changes don’t take effect immediately. When you set up your DNS records for the first time (or when you change them), Internet users will not be connected to your most current settings immediately. This is one of the things that makes migrating from one server or hosting company to another more difficult. In fact, in a worst case, it can take more than 36 hours.

My registrar introduced me to WhatsMyDNS.net for a visual report of the propagation of my DNS changes to various areas. Below was a screenshot I took when my Flee the Jungle server moved, requiring changes that ended up taking several hours.

The map below shows that DNS servers around the world had finally caught up to my latest changes:

MX Records

First, I need to sign up for an email service such as Google Apps or FastMail to host my email. Second, I need to follow their instructions for configuring MX records to their multiple redundant email servers.

For example, here’s what it looks like for Google Apps:

Priority Mail Server

1 ASPMX.L.GOOGLE.COM.

5 ALT1.ASPMX.L.GOOGLE.COM.

5 ALT2.ASPMX.L.GOOGLE.COM.

10 ALT3.ASPMX.L.GOOGLE.COM.

10 ALT4.ASPMX.L.GOOGLE.COM.

Fast Mail looks something like this:

in1-smtp.messagingengine.com (first, priority=10)

in2-smtp.messagingengine.com (second, priority=20)

If you want to run your own email server, you’ll need to configure your MX record to point to the IP address of your own server.

A lot of people have begun using MX Toolbox for looking up their MX records, but you can use any DNS lookup service for that too.

Changing Email Providers and Moving Email

During the DNS propagation period, you may receive some emails at your old provider and some at your new.

Changing your MX record does not damage your prior email repository — but nothing new will ever arrive there.

TXT Records

For example, Google will ask you to post a code specific to your domain like this:

jeffreifman.com TXT google-site-verification=Ih8iC4iSOcBSkk

I actually have three TXT records posted for jeffreifman.com right now:

jeffreifman.com TXT "keybase-site-verification=qG2zMYf_hw2sXUCgtYWk"

jeffreifman.com TXT "v=spf1 include:spf.efwd.regsrvrs.com ~all"

jeffreifman.com TXT "google-site-verification=blTgEw5QFSx5M"

Keybase, which I wrote about for Tuts+ while covering PGP Keys, Privacy and Encryption, uses TXT records for me to verify my website as a means to authenticate my identity with my public key records.

You can also use TXT records to tell spam detection servers that your mail server sends only legitimate emails as I did with the SPF record above. Services such as Mailgun use both SPF and DKIM records to use their email cannons.

AAAA Records

If you decide to support IPv6 addressing, you’ll need to configure an AAAA record with its larger addressing scheme:

Today, most IPv4 to IPv6 conversion is handled transparently behind the scenes. Though at some point long after climate change has killed off the last polar bear (thanks Senator Inhofe), A records may become a relic and AAAA will be the primary DNS record to configure.

If you have any doubts feel free to ping me at Instagram.(Fazalur Rahman)

Cheers…!

cybersecurity researcher 》 programmer 》web developer》 pentester 》hacker》 bug hunter