Translates fully qualified domain names (e.g., www.example.com) to IP addresses.
Not a standalone server; it's a distributed, hierarchical system.
Multiple servers work together across the Internet.
There are 13 root server clusters (actually over a thousand physical servers).
Hundreds of generic top-level domains (gTLDs) like .com, .org, .net, etc.
Country-code top-level domains (ccTLDs) like .US, .CA, .UK.
Start with a period (.) representing the root.
Then .com, .net, .edu, etc.
Next level: professormesser.com.
Subdomains: www.professorMesser.com, mail.professorMesser.com.
Organizational domains (for large networks): east.professorMesser.com, west.professorMesser.com.
Hierarchy allows for specific structure and applies to all fully qualified domain names.
Using dig
command:
dig www.professormesser.com
shows the summary of request.
Shows information sent (request for address associated with mentioned domain).
Lists IP addresses associated with the web server (e.g., three different IP addresses for redundancy).
Using nslookup
command:
nslookup professormesser.com
queries the locally configured DNS server.
Provides IP addresses for the domain.
DNS server has a database containing FQDNs, IP addresses, and other details.
These details are stored as resource records.
Over 30 different types of resource records exist.
Examples: IP addresses, certificates, hostnames.
Critical resource: if unavailable, FQDN to IP address translation fails.
Good backups are crucial before making DNS changes.
Understand the changes to avoid configuration mistake.
Configuration often stored in text files for easy editing.
Startup authority record, mail exchanger records, IP addresses, FQDNs, canonical names.
Web-based front ends can simplify configuration.
Address records:
A record: IPv4 address.
FQDN + IPv4 address.
Example: www.professormesser.com with IP address 162.159.246.164.
AAAA record (quad-A): IPv6 address.
FQDN + IPv6 address.
Time to Live (TTL):
Specifies how long a client should cache the DNS record.
Example: A TTL of 15 minutes means a device caches the FQDN to IP address mapping for 15 minutes.
Specifies where emails should be delivered.
Requires two records:
MX record: points to the mail server (e.g., mail.mydomain.name).
A record: provides the IP address for the mail server.
Example configuration:
MX record for mydomain.name points to mail.mydomain.name.
A record for mail.mydomain.name is 123.124.14.141 (Linux server).
Stores text information.
Publicly accessible.
Originally for informal purposes, now used for specific functions.
Verification purposes.
Adding a specific string to a TXT record to verify domain ownership or configuration changes.
Email security (SPF, DKIM, DMARC).
Checking TXT records for professormesser.com using dig professormesser.com txt
or nslookup -type=txt professormesser.com
.
Google.com TXT records: Facebook domain verification, Google site verification, DocuSign record.
A list of authorized email servers for a domain.
Helps prevent email spoofing.
Receiving mail server queries the SPF record to verify if the sending server is authorized.
Provides a digital signature for outgoing emails.
Validated by receiving mail servers.
The public key is stored in a TXT record in DNS.
Extends SPF and DKIM by specifying how to handle unvalidated emails.
Options: accept, send to spam, reject.
Mail servers track validation results and provide reports.
DMARC record specifies the policy and reporting address.