Category Archives: DNS

How to choose DNS TTL values?

The Domain Name System (DNS) involves different vital processes for your domain. DNS TTL or time-to-live values are your chance to set up time in your favor! This means the power of making those processes more agile!

What is TTL?

Time-to-live (TTL) is the value that establishes the time period or the number of hops that a data packet is set up for being alive. Either on a network or in the cache memory. When this time expires or the data packet reaches its limit of hops, it will be stopped. Data packets are not all the same, they are different between them, but they all have their own TTL. That time should be determined based on the period data packets need to live in a device for achieving their missions completely. 

Do we really need TTL?

Absolutely yes! We totally need TTL to control the traffic and amount of data packets traveling around networks, applications, and machines. Imagine a scenario without the existence of TTL or any other mechanism to control data packets. By now, traffic on the Internet would already be in total chaos. Millions of already pointless data packets that accomplished their mission decades ago could still be traveling without purpose and end.

Through DNS TTL, routers can manage the traffic by simply reading the value every data packet has. Packets will continue their journey only if their TTL is not expired. When a router stops a data packet, it reports this to the IP address of the data source through an ICMP message. ICMP or Internet Control Message Protocol is a tool for diagnosing and informing issues.

And there’s more: TTL is useful also for knowing how long a packet has been on a network and for tracking its whole route!

How to choose DNS TTL values?

There we go! You can slow or speed essential DNS processes on your domain, smartly choosing DNS TTL values. 

  • DNS records are different between them, just like their purposes. When you add or edit a DNS record, be aware of the number of changes it will need in the future. DNS records that constantly require changes should have a lower TTL value. And the ones that almost don’t change in time should have a higher TTL value.
  • DNS resolution is an essential DNS process for every domain. If you want to speed it up, define higher values on the DNS records. This way, they will be stored for a longer time on the DNS recursive servers’ cache.
  • To cache static resources of your domain is a very recommended practice. Use high TTL values, and you will totally speed the loading time.
  • DNS propagation is another vital process. If your domain frequently requires modifications on its DNS records, you have to choose lower TTL values to speed up the propagation. Otherwise, high values will have the opposite effect.
  • The definition of DNS TTL values must be taken seriously. Especially when there’s a lot at stake, just think about domains of mission-critical services. An electric power grid operating system, aircraft or railway, demands constant updating and DNS load balancing configurations. Not being able to execute such tasks quickly could mean severe risks for many people involved. Those kinds of services mostly use low TTL values.

Conclusion.

Time is not always the enemy. Knowing how to choose DNS TTL values smartly, time can become a great ally!

DNS resolution: Explained step by step

DNS resolution – What is it?

DNS resolution is triggered when you type a domain name into your browser. It is a process of translating the domain name into its corresponding IP address. 

There are some situations when a domain is possible to have many IP addresses, for instance, one IPv4 and one IPv6. Through the DNS resolution, both of them are going to be requested. On the other hand, it is enough to receive just one of the addresses if there are several to connect with the domain.

The necessity for quick translation appeared long ago. Previously every of the IP addresses was stored in a manually updated Host file. When at some point, the number of devices wanting to join the Internet increased, and this way of searching was not practical anymore.

Thankfully the Domain Name System (DNS) was established, and the Internet is simple to use as we know it now. The IP addresses are how machines communicate, and users just have to write the domain name and the website loads. We don’t even realize how fast it happens.  

How does it work, step by step?

DNS resolution has several operations, and what triggers this process is a user who wants to visit a web page, a domain name that was not visited before.

  1. The DNS query is made when the user writes a domain name inside the browser. Then, the DNS lookup process for finding the corresponding IP address begins.
  2. The DNS recursive server receives the query. The IP address could be its cache memory if the website was previously requested. Still, when it is not, the DNS recursive server is going to seek the answer through the rest of the DNS servers and finally supply the needed data. The Root server is the first place it will search.
  3. In the DNS hierarchy, the Root server is on the highest level. It provides information about the Top Level Domain (TLD), such as .com, .net, .info, .eu. and directs the query to the exact TLD server. 
  4. Next, the TLD server gives the DNS recursive server information about the proper nameserver for the searched domain name.
  5. The DNS recursive server questions the authoritative nameserver for the domain name’s IP address and successfully receives an answer.
  6. The recursive DNS server goes back to the user with the requested data. Additionally, it saves the IP address in its cache memory for later use.
  7. Finally, the browser loads the desired website, and the user is able to explore it.

The DNS resolution takes a lot of steps. Also, the DNS query has to go through several servers on the way. Yet, the user experiences all of it in just a short moment of waiting.

Why do we care about DNS resolution?

The DNS resolution matters for two reasons:

  • Speed. The first step when a user visits your website is the DNS resolution. If it takes a lot of time to load and access it, the user will probably leave your page. That is the reason why this process has to be quick.
  • Availability. The nameserver that is accountable for your domain name needs to be reliable. An additional DNS service is a great choice to make sure your domain will always be available for your customers.

Is DNS cache important?

What is DNS cache?

The DNS cache is a temporary cache memory for storing DNS records of previously queried domain names. A lot of devices hold such memory mechanisms, such as DNS recursive servers, computers, tablets, mobiles, etc.

The idea behind it is for easy and fast DNS lookup, which is not necessary to repeat every time a particular domain name is requested. Let’s take, for example, the news website you visit every morning. The first time you requested to visit it, a DNS lookup was performed for the corresponding IP address. After the DNS recursive server stored its IP address, you were able to explore the website. Additionally, the DNS records were kept in the DNS cache. The next day when you open and search for the same website, the DNS resolver receives the available IP address from its DNS cache. Thus, it was not necessary for a new DNS lookup to be performed.

It is important to note that all the DNS records associated with the various domain names are going to be available in the DNS cache temporarily. Exactly how long time it is going to depend on the TTL (time-to-live) value, which the administrator sets.

The DNS queries of the users are able to receive a quicker answer and, also this mechanism helps with the efficient optimizations of the resources. 

How does it work?

It is a really helpful and important mechanism that saves a lot of time and Internet bandwidth. Let’s explain a little bit more about it and how it happens while following one DNS query. Every time when a user wants to visit and explore a domain name, it is essential to know the A or AAAA records for it.

  1. The first place to check it is the device’s own DNS cache. On every computer is stored a file that saves earlier visited domain names for a specific amount of time (TTL). Thus, the website will load without any DNS query to a DNS resolver if the data is still available there.
  2. In case the data is not available in the device’s cache, a query is performed to a DNS resolver, such as the one in your Internet service provider (ISP). If it is still stored there, it will answer the request, and the user will connect with the website without any further steps. If this is not the case, then a search through the root server, the TLD server, and lastly, the domain’s authoritative server is going to be performed.
  3. Once the required DNS records are found, they will be kept inside the DNS cache of the user’s device and the DNS resolver too. That is good news because next time the website is going to be faster and easier to visit.

The DNS resolver of an ISP will store DNS records of every explored domain name of each of their customers that requested it for an answer. For that reason, the chance is better to hold the answer in the cache memory for the next time someone requests a domain.

Why is DNS cache important? 

As we mentioned, the DNS cache is an effective mechanism for producing a faster and efficient DNS resolution process. It saves time, effort, and sources both for the network and the user’s device. The use of it is very appreciated for its characteristics.

​DNS zone transfer – an overview

The DNS is a complicated system that serves as a global database of domain names and IP addresses. The Internet strongly relies on DNS for its existence so much that it could be impossible to imagine its functionality without it. All the DNS data is written on DNS records, but how to copy them from server to server? With DNS zone tranfer. 

​DNS zones.

DNS is divided into small administrative parts called DNS zones. The DNS zones contain all the DNS records for the particular zone. They exist, so the whole system can get decentralized and be managed more practically. Each of the DNS zones is managed by a different DNS administrator. For example, when you get a domain name, you can get the right to manage its zones. You need to get delegated this right, and then you can delegate yourself for all the subzones.

​DNS zone transfer.

DNS zone transfer is when you copy the data from one zone (the DNS records) and duplicate the data into another name server. Why would you like to do that? Having several copies of your DNS records on multiple name servers will guarantee better availability in case of a name server failure and faster DNS resolution in case of a global domain with visitors from all around the globe and multiple points of presence.

​Types of DNS zone transfer.

There are two types of DNS zone transfer that you can perform between name servers:

  • Full zone transfer (AXFR zone transfer). This one is used to copy all the DNS records from the Primary name server to another name server (Secondary). You can use it if you haven’t updated the Secondary for a while and you want to make sure it is up to date. Another reason to use the full zone transfer is to copy the data to a newly deployed name server that has no previous information.
  • Incremental zone transfer (IXFR zone transfer). This one is used to update only the newly modified DNS records (deleted, modified, or created) from the Primary name server to the Secondary name servers. You can use it to use less bandwidth and update only the changes. Not the full zone file. It is more practical to use once you already have set up all the Secondary name servers.

​How does the DNS zone transfer happen?

You can perform DNS zone transfer in two ways:

  • Propagate the changes. You can edit the Primary zone file inside the authoritative name server for the zone and propagate the change to the Secondary name server that you have. That way, you know exactly when the Secondary name servers were last updated and what information they have.
  • Set the Secondary name server to auto-update. You can use the SOA records to set up a refresh interval that indicates when Secondary should check for changes with the Primary name server. They can use the IXFR DNS zone transfer and get the update when the time indicates it. For that purpose, you will need to use a security method like Whitelisting that allows only particular IP addresses (those of the Secondary name server) to be able to get DNS updates from the Primary name server. If you don’t do it, anybody could perform a DNS zone transfer and get your DNS records. That could be a bit security risk for your company.

​Conclusion.

DNS zone transfer is the process that DNS uses to copy zone files or particular DNS records from a Primary name server to a Secondary name server or Secondary name servers.

History of the Domain Name System.

It’s impressive how the Internet managed to be ingrained in humans’ lives in a very short time. The 1980s look far away from here, but honestly, considering all the previous development needed for the network of networks to exist, it’s not that much. Many people can still remember their life before and after the Internet.

To understand how the Internet works, there’s no way to skip one of the most important chapters in its history: the creation of the Domain Name System (DNS).

How was networking born?

Officially, the Internet started working on January 1, 1983. But as a concept, it appeared in the late 1950s. 

On the one hand, government researchers faced a strong need for a solution for sharing their information easily. Computers were really big and heavy. Every time researchers needed the specific data, they had to travel to the computer’s location or to use magnetic tapes for saving the data and sending them via postal service.

On the other hand, the Cold War was on. When the Soviet Union launched the Sputnik satellite (1957), the USA felt pushed to respond to the achievement. The American Defense Department looked for alternatives to keep information safe and easily share it in the case of a nuclear attack. 

Therefore, the Advanced Research Projects Agency Network (ARPA, 1958) was founded, and the ARPANET (1969) was created. This is the predecessor of the modern Internet. After years of collaboration with different organizations, the network concept got successfully proved, but it was limited for researchers and organizations linked to the Defense Department. 

During the 1970s, more enthusiasts got attracted, and networks started popping up here and there, bringing on a new challenge. All the existing networks operated independently, but there was no way to communicate between them. 

TCP/IP solved this and became the standard “language” for networks to communicate (1983). This totally expanded the possibilities for the exchange of information! 

History of the Domain Name System.

To connect with other computers and services, people had to type their IP addresses. These long sequences of numbers were perfect for machines to communicate between them. But with every day more available websites, it got hard for humans to memorize several IP addresses like 234.167.1.15 (IPv4).

With networks already interconnected, complexity became another challenge. For instance, mapping of websites was made through a centralized HOSTS.TXT text. With the increase of sites, the file got big too, and the need for a decentralized model emerged.

In 1983, Paul Mockapetris and his team simplified this and created an easier way to use the network – the DNS. Thanks to it, humans could use easy and memorable names for reaching websites (sitexample.com) instead of numbers (234.167.1.15).  

It became an Internet standard in 1986. Numbers were kept used by machines, and humans could use domain names. This shaped a sort of directory (database), through which domain names could be associated with its IP address and vice-versa.

The DNS evolved through the years. Some of its key improvements were:

  • The NOTIFY. First, secondary servers needed to check frequently for updates. With the NOTIFY mechanism, the master server could save them all these checks and directly inform them when it has a new update to share. 
  • The incremental zone transfer. Thanks to this, secondary servers could update only the changes instead of updating the complete zone file.
  • DNSSEC security extension for protecting users against DNS poison attacks.

Conclusion.

The DNS gave structure to the Internet. Almost four decades of existence, and it’s still responsible for the cool experience users have while surfing online.

Recursive DNS server – definition

The DNS infrastructure is really helping the experience of Internet surfing pleasant and easy. One of the main responsible participants is the recursive DNS server. So let’s explain a little more about it and its role in the complex DNS process.

DNS – What is it for?

The Domain Name System, or DNS for short, is a well-established method of translating domain names into IP addresses. When a user wants to visit a website, it will usually search in its browser for it. To accomplish this task, the user is going to write the domain name of the website. Unfortunately, the machines don’t understand words and names, and they work only with numbers to communicate. So in the middle is the Domain Name System, and it is solving this issue by pointing the particular domain name to its corresponding IP address.

Recursive DNS server explained.

Recursion in computing is often associated with a method of solving a particular issue. Thus, it involves a program or solution that will keep repeating itself till it reaches its goal. 

Recursive DNS servers operate between the user and the authoritative DNS servers. They perform the required searches for specific information to find an answer to the queries of the users. 

As we mentioned, the users make a request for a particular domain through a browser. Yet, the process of searching for the correct IP address is performed by a recursive DNS server. Therefore, it is important to note that they are not the holders of the database with information. They are the searchers. After the recursive DNS server finds the required IP address, it gets back to the device and provides it to the browser that requested it. Finally, the device is able to connect to the IP address, and the user reaches the website.

Globally the number of recursive DNS is significant. The most popular of them are the ones of your Internet service provider (ISP).  

The two types of lookup

The recursive DNS server performs its lookup in one of two ways. They are the following:

The first type one is considered a lot easier and quicker. This is because it contains the IP address from its cache memory. For a particular time, these servers can store the information in their cache. For what amount of time they should hold it is a decision made by the administrators. They can determine more or less time by the time-to-live (TTL) value. It is all based on the strategy of the administrators actually.

Receiving the query, the recursive DNS server is going to first search for the IP address in its cache memory. If that information is still available there and the TTL has not expired yet, the assignment is completed. It is very beneficial because the response is fast, and the recursive DNS server doesn’t need to search further in other servers.

The second type of search requires a little bit more time to be completed. It occurs in the cases when the TTL in the cache is expired. For that reason, the IP address is no longer available there. However, the recursive DNS server goes a long way to obtain the desired information. It passes through the root server, TLD (Top-Level-Domain) server, and finally to the authoritative server, which is the one able to provide the answer to the query. 

Therefore, the original goal of the recursive DNS server is only to search for information.

5 most commonly used DNS records

DNS records are an essential part of managing a DNS. Every one of them has a specific and very important functionality. To achieve a perfectly working DNS, it is crucial to know what is their main purpose. Here we have 5 most commonly used DNS records that are good to know for a start. Let’s see which are they and what they do! 

SOA record

SOA for short means Start Of Authority, and it is important to know this record first. It indicates the beginning of the authority DNS zone. Inside it, you can discover information, which is crucial for the DNS zone. For the normal functionality of your DNS network, this record is a must-have. The SOA record indicates the primary DNS server. It includes data about the domain administrator and their email for contact. Also, parameters including the domain serial number and how often it should refresh. There should be only one SOA record for one DNS zone.

A record

The A record is probably the first one that comes to your mind when we are talking about DNS. Its purpose is very simple but yet essential. The A record connects the domain name (hostname) to its corresponding IP address. Every time a user wants to visit your website, will write the domain name, but what it actually needs to find is its IP address. The user’s browser will perform a search for the A record to resolve the query. Once it finds it, the browser will know exactly where the site is, and it will be able to load it to the user.

NS record

The NS (Name server) record is indicating precisely which are the authoritative name servers for a specific DNS zone. The NS record links your domain name to the hostname of the name servers. 

For example, yourdomain.net to ns1.yourdomain.net.

You need to specify which are the authoritative name servers and use the NS record. If you don’t do that, simply your DNS zone won’t work. That is the reason why we couldn’t skip this record in our list. It is crucial!

PTR record

This DNS record is also one of the must-haves in case you want to be able to send emails without problems. The PTR record has the exact opposite functionality of the A record. Also, this record is at the foundation of Reverse DNS. The PTR record points an IP address (IPv4 or IPv6) to a domain name. The need for this record appears when you send an email. The recipient requires to verify if this email was sent on behalf of the actual domain. You have to be careful when you configure your A record and PTR record because otherwise, your emails will end in the spam folder of your recipients. Nobody wants this to happen, right?

MX record

The MX record or Mail Exchanger record indicates the email server responsible for receiving emails for the exact domain. In addition, it points the domain name to the hostname of the incoming mail server. It is important to note that it is a hostname and not an IP address. You can add several MX records to create a backup if there is any difficulty. 

The reason to consider MX records is simple. Without it, you will not receive emails. For businesses, that is a pretty solid reason to care.