How DNS Works

Without DNS (Domain Name System) the Internet would be a difficult place to play, and that is looking at it from an IPv4 perspective.  With IPv6, it would be ludicrous.  I used to compare it to phone numbers in the past when I used to put in ISDN (64k… Don’t laugh) circuits for Internet connectivity,  I would tell my customers, imagine if I told you to call 1-800-356-9377 would you be able to memorize that or would it be easier to remember 1-800-Flowers.  The same happens with the Internet and DNS.  It is much easier for me to say go to www.infosecmonkey.com instead of  https://173.254.28.87

Well thankfully, we have DNS.  But there are many types or DNS records that we need to know about in order to properly utilize DNS to its potential.  In this article, I will go over the most used record types as well as other information about DNS that I hope you find useful.

A few things first.  I am going to go through some terms used that may not be clear to folks working with DNS.

Subdomain – Som might see this asblog.infosecmonkey.comwhere blog would be considered the subdomain such as in www.blog.infosecmonkey.com .  You can also use it for something like support.infosecmonkey.com where that can send you to an entirely different website such as a ticketing SaaS provider.

Zone – Historically, you would have a zone for your domain name, however this is not always the case.  Say for instance that my blog site was blog.infosecmonkey.com and I had a department that managed that “site” from our Tennessee office.  I could use a zone for blog.infosecmonkey.com and have another department with a corresponding zone for support.infosecmonkey.com.

Zone File – A zone file is a ascii or text file that lives in the DNS server (or a FortiGate firewall if you are using it as a DNS record) that contains a representation of the zone and contains all the records for every domain within that zone. Zone files must always start with a Start of Authority (SOA) record, which contains important information including contact information for the zone administrator.

Start or Authority (SOA) – You normally have multiple DNS or Name Servers associated with your domain.  The SOA defines that hierarchal structure and the parameters they are going to use to synchronize.

1. Tells you this is the SOA record
2. MNAME – (Master Name)
3. RNAME – The person responsible for the domain.  You cannot use the @ so it uses a . instead.
4. The Serial Number – This changes after ever change to the zone (e.g. adding an A record).
5. Refresh Time – specifies the time lag until the slave asks the master for a current version of the zone file
6. Retry Time – If the Refresh request goes unanswered, the “Retry” field regulates when a new attempt is to be carried out. The retry should be a smaller value that that of the refresh value.
7. Expire Time – determines how long the zone file may still be used before the server refuses DNS information delivery
8. Negative Caching TTL – It specifies how long a client may hold the requested information in the cache before a new request must be sent
9. The server we got this information from.
10. The response time.

Prorogation – The act of fully synchronizing with the slave zones. This function can take days.  In the olden days, America Online (AOL) would update there servers once a week.  If you made a change, sometime, it would not be updated to the AOL world for a week.

TTL – Time to Live – When a remote DNS server queries a DNS server hosting the zone file, they will get a response with a TTL.  This TTL tells the DNS server asking to keep that record in their cache for X amount of time.  If the DNS servers gets another request for the same domain, it will NOT query the other DNS server until that cache entry expires.

 

Record Types

---

A Records

An A record (Address Record) points a domain or subdomain to an IP address. For instance, you can use resolve names such as www.infosecmonkey.com or www.fortinet.com to the server that is hosting these websites.

There is a special A record that is used which is the @ A Record.  This is like a catch-all.  If you use the @ as an A record and point it to your webserver, if someone leaves out the www from the URL, it would still connect to your website.

As you can see in the screenshot, if I ping www.infosecmonkey.com or infosecmonkey.com they both respond with the same IP address.  Examples of A Records:

www
ftp
access
vpn

---

CNAME

A CNAME (Canonical Name) points one domain or subdomain to another domain name, allowing you to update one A Record each time you make a change, regardless of how many Host Records need to resolve to that IP address. Example of this would be mail.infosecmonkey.com pointing to webmail.infosecmonkey.com.

 

---

MX

An MX Entry (Mail Exchanger) directs email to a particular mail server. Like a CNAME, MX Entries must point to a domain and never point directly to an IP address.  In other words, you will need to create an A record and then point the MX record to that A record.

; <<>> DiG 9.10.6 <<>> infosecmonkey.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;infosecmonkey.com. IN MX

;; ANSWER SECTION:
infosecmonkey.com. 14250 IN MX 0 mail.infosecmonkey.com.

;; Query time: 40 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Thu Sep 30 23:17:51 EDT 2021
;; MSG SIZE rcvd: 67

 

---

TXT

The TXT record is primarily used for three things.  One of those things is for validation of domain ownership for certificates.  They will sometimes tell you to add a specific TXT record to your zone and then they query it to see if you in fact own the domain.  The other option is for SPF records and lastly for domain keys (see below)

SPF – Sender Policy Framework, records are used by many email systems to help identify if the email is coming from a trusted source, helping filter out spam or messages pretending to be from your domain (called spoofing).  Essentially you add what IP addresses are allowed to send mail on behalf of your domain name.  If the receiving mail server queries (which it should) to see if the email it is receiving matches the IP in the SPF list.

---

 

SRV

An SRV (Service) record points one domain to another domain name using a specific destination port. In addition, SRV records allow specific services, such as VoIP or IM, to be directed to a separate location.