2.6 DNS Configuration
DNS: Domain Name System
Translates fully qualified domain names (e.g., www.example.com) to IP addresses.
Not a standalone server; it's a distributed, hierarchical system.
DNS Hierarchy
Multiple servers work together across the Internet.
There are 13 root server clusters (actually over a thousand physical servers).
Hundreds of generic top-level domains (gTLDs) like .com, .org, .net, etc.
Country-code top-level domains (ccTLDs) like .US, .CA, .UK.
Hierarchy Visualization (example: professormesser.com)
Start with a period (.) representing the root.
Then .com, .net, .edu, etc.
Next level: professormesser.com.
Subdomains: www.professorMesser.com, mail.professorMesser.com.
Organizational domains (for large networks): east.professorMesser.com, west.professorMesser.com.
Hierarchy allows for specific structure and applies to all fully qualified domain names.
DNS Translation Verification
Using
digcommand:dig www.professormesser.comshows the summary of request.Shows information sent (request for address associated with mentioned domain).
Lists IP addresses associated with the web server (e.g., three different IP addresses for redundancy).
Using
nslookupcommand:nslookup professormesser.comqueries the locally configured DNS server.Provides IP addresses for the domain.
DNS Server Database
DNS server has a database containing FQDNs, IP addresses, and other details.
These details are stored as resource records.
Resource Records
Over 30 different types of resource records exist.
Examples: IP addresses, certificates, hostnames.
DNS Server Importance
Critical resource: if unavailable, FQDN to IP address translation fails.
Good backups are crucial before making DNS changes.
Understand the changes to avoid configuration mistake.
Configuration often stored in text files for easy editing.
Startup authority record, mail exchanger records, IP addresses, FQDNs, canonical names.
Web-based front ends can simplify configuration.
A and AAAA Records
Address records:
A record: IPv4 address.
FQDN + IPv4 address.
Example: www.professormesser.com with IP address 162.159.246.164.
AAAA record (quad-A): IPv6 address.
FQDN + IPv6 address.
Time to Live (TTL):
Specifies how long a client should cache the DNS record.
Example: A TTL of 15 minutes means a device caches the FQDN to IP address mapping for 15 minutes.
MX Record (Mail Exchanger)
Specifies where emails should be delivered.
Requires two records:
MX record: points to the mail server (e.g., mail.mydomain.name).
A record: provides the IP address for the mail server.
Example configuration:
MX record for mydomain.name points to mail.mydomain.name.
A record for mail.mydomain.name is 123.124.14.141 (Linux server).
TXT Record (Text Record)
Stores text information.
Publicly accessible.
Originally for informal purposes, now used for specific functions.
Uses for TXT Records
Verification purposes.
Adding a specific string to a TXT record to verify domain ownership or configuration changes.
Email security (SPF, DKIM, DMARC).
Examples of TXT Records
Checking TXT records for professormesser.com using
dig professormesser.com txtornslookup -type=txt professormesser.com.Google.com TXT records: Facebook domain verification, Google site verification, DocuSign record.
SPF Record (Sender Policy Framework)
A list of authorized email servers for a domain.
Helps prevent email spoofing.
Receiving mail server queries the SPF record to verify if the sending server is authorized.
DKIM (DomainKeys Identified Mail)
Provides a digital signature for outgoing emails.
Validated by receiving mail servers.
The public key is stored in a TXT record in DNS.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
Extends SPF and DKIM by specifying how to handle unvalidated emails.
Options: accept, send to spam, reject.
Mail servers track validation results and provide reports.
DMARC record specifies the policy and reporting address.