Understanding DNS Records

Overview of DNS

The Domain Name System (DNS) is the cornerstone of the modern internet, acting as a distributed and hierarchical naming system that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 192.0.2.1) that networking equipment uses to route traffic.

DNS Resolution Flow

1. User Request: The user enters a domain in their browser.
2. Recursive Resolver: The request first hits a recursive resolver (typically provided by the user’s ISP or a public resolver like Google or Cloudflare).
3. Root Servers: If not cached, the resolver queries one of the root DNS servers (13 root server clusters).
4. TLD Servers: The root server responds with the TLD (e.g., .com) nameservers.
5. Authoritative Server: The resolver queries the TLD server, which responds with the authoritative nameserver for the domain.
6. Final Resolution: The resolver queries the authoritative nameserver, retrieves the required record (e.g., A record), and returns it to the user.

DNS Hierarchy

• Root Zone: Managed by IANA, root servers handle the top level of DNS.
• TLD Zone: Top-Level Domains like .com, .net, .org, governed by registries.
• Authoritative Zones: Domains and subdomains managed by authoritative nameservers, controlled by domain owners.

Major DNS Record Types

A (Address Record)

• Purpose: Maps a domain to an IPv4 address.
• Example:

  api.example.com. IN A 192.0.2.1
  

• Use Cases: Web servers, API endpoints.

AAAA (IPv6 Address Record)

• Purpose: Maps a domain to an IPv6 address.
• Example:

  api.example.com. IN AAAA 2001:db8::1
  

• Use Cases: IPv6-compliant services.

CNAME (Canonical Name Record)

• Purpose: Points a subdomain to another domain (alias).
• Constraints: Cannot be used at the root of a domain.
• Example:

  www.example.com. IN CNAME example.com.
  

• Use Cases: Load-balanced endpoints, third-party services.

ALIAS (Non-standard, provider-specific)

• Purpose: Like CNAME but usable at the root domain.
• Example (Cloudflare or Route 53):

  example.com. IN ALIAS example.net.
  

• Use Cases: Root domain pointing to load balancer or CDN.

MX (Mail Exchange Record)

• Purpose: Defines mail servers for a domain.
• Priority Field: Lower numbers have higher priority.
• Example:

  example.com. IN MX 10 mail1.example.com.
  example.com. IN MX 20 mail2.example.com.
  

• Use Cases: Email routing and delivery.

NS (Name Server Record)

• Purpose: Specifies authoritative DNS servers for a domain.
• Example:

  example.com. IN NS ns1.exampledns.com.
  example.com. IN NS ns2.exampledns.com.
  

• Use Cases: Delegating zones.

SOA (Start of Authority)

• Purpose: Metadata for the DNS zone.
• Fields:
  • Primary NS
  • Admin email
  • Serial number (zone version)
  • Refresh, retry, expire, minimum TTL
• Example:

  example.com. IN SOA ns1.exampledns.com. admin.example.com. (
      2025052101 ; serial
      3600       ; refresh
      600        ; retry
      604800     ; expire
      86400      ; minimum
  )
  

TXT (Text Record)

• Purpose: Stores arbitrary text data.
• Use Cases:
  • SPF (Sender Policy Framework):

    example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
    

  • DKIM (DomainKeys Identified Mail):

    default._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=..."
    

  • DMARC:

    _dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
    

PTR (Pointer Record)

• Purpose: Reverse DNS lookup.
• Example:

  1.2.0.192.in-addr.arpa. IN PTR api.example.com.
  

• Use Cases: Email server validation, diagnostics.

SRV (Service Locator Record)

• Purpose: Defines the location of services by name.
• Fields: Priority, weight, port, target.
• Example:

  _sip._tcp.example.com. IN SRV 10 60 5060 sipserver.example.com.
  

• Use Cases: SIP, XMPP, LDAP.

CAA (Certificate Authority Authorization)

• Purpose: Specifies which CAs are allowed to issue certificates.
• Example:

  example.com. IN CAA 0 issue "letsencrypt.org"
  

• Use Cases: TLS certificate issuance control.

Real-World Examples and Configurations

Subdomain Examples

api.example.com.     IN A     192.0.2.10
mail.example.com.    IN MX    10 mailhost.example.com.
ftp.example.com.     IN CNAME files.example.net.

Multiple Records

example.com. IN MX 10 mx1.example.com.
example.com. IN MX 20 mx2.example.com.

example.com. IN A 192.0.2.1
example.com. IN A 192.0.2.2

TTL and Priority Tuning

www.example.com. 3600 IN CNAME webhost.example.net.
example.com.     300  IN MX 10 mail1.example.com.

Common Pitfalls and Misconfigurations

CNAME at Root Domain

Using CNAME at the zone apex (example.com.) is invalid and breaks RFC compliance. Use ALIAS or ANAME records if supported by your DNS provider.

Incorrect MX Records

MX records must point to valid A or AAAA records, not CNAMEs.

ALIAS vs CNAME Confusion

While both redirect to another name, only ALIAS can exist at the root domain. CNAME cannot coexist with other record types.

Best Practices

DNS Hierarchy Design

• Use subdomains to separate services (api.example.com, db.example.com).
• Delegate responsibility using NS records (e.g., dev.example.com can be managed by a separate team).

TTL Tuning

• Short TTL (300s): Use for records subject to frequent changes.
• Long TTL (86400s): Use for static records to reduce DNS traffic.

Monitoring and Propagation

• Use DNS monitoring tools (e.g., DNSCheck, Zonemaster).
• Plan for propagation delays (up to 48 hours globally).

Tables and Diagrams

DNS Resolution Flow

User --> Resolver --> Root Server --> TLD Server --> Authoritative Server --> IP Address

Record Type Comparison