DNS uses many different resource record types for network name services. In this video, you’ll learn about the DNS forward lookup file and some of the most common DNS record types.
<< Previous Video: An Overview of DNS Next: DHCP Addressing Overview >>
Whenever we access a domain name services server in order to gather information about the name or the IP address of a resource, we’re really looking through a local database that has all of these associations between a fully qualified domain name and an IP address. We called these records on a DNS server the resource records, and it’s really a text file that happens to contain all of the information we need to be able to perform these lookups. We’ll look at a number of different record types in this video, but there are over 30 different types that you may find inside of a DNS server.
The database of a DNS server is simply a text file. This is where you would configure the DNS server and this is where all the lookups will take place. You can see information in this sample lookup file that has information about the DNS server itself and information associated with the caching. You also see mail exchange records. There’s records that are specifying the name and the IP address of other devices and this look up also contains aliases. This allows us to use different names to associate to a single fully qualified domain name.
One of the most important roles of a DNS is the one where we are associating an IP address with a fully qualified domain name. And if we look at this section of the lookup file, you’ll see there are some machine names and you’ll see IP addresses associated with those machine names. Let’s break out these individual address resource records.
These address records are called A records or quad A records. And they’re used to associate the name with an IP address. We use the A record to associate an IP version 4 address with the name of a device. And we use a quad A record to associate an IP version 6 address with the name of a device. Here’s an example of an record. I have the name www.professormesser.com. There’s also a specification of the class of this record. And for most of us, the class of this record will be the internet class. This is an A record, so this will be an IP version 4 address. And you can see the IP version 4 address is also included as part of this record that associates this IP address with www.professrmesser.com. You can also add a semi-colon at the end of the record to designate a comment, so that you can add other contexts to this particular record.
There may be times when we may want to associate a number of different names with an existing device. In those situations, you may want to use a canonical name record or see CNAME record. This is where you would add the alias to something that already exists. For example, if you had a device called mail.mydomain.name, you could also call this the ftp server for ftp.mydomain.name, www.mydomain.name. Your DNS server will recognize that this is a canonical name. It will associate it with the primary name of this device and then perform the proper lookup.
There are also DNS records that can help you find particular services on your network. For example, you could create a service record or SRV record that would allow Windows devices to find Windows domain controllers on the network or you might add a service record so that voiceover IP devices can find the centralized voiceover IP controller on your network. For example, here’s the service record that you use for Windows devices to find an Active Directory controller. You can see the service is ldap, the protocol name is tcp.domain.com in this example. The time to live is 300 seconds. This is the internet class. It is an SRV or service record. There’s priority and weight values, a port number, and then the target that allows you to associate this particular service with a particular device.
If you’re in charge of the mail servers on your network, then you know the MX record or the mail exchange record is an extremely important record that allows third parties to be able to find your local mail servers. In your DNS configuration file, the MX record starts with the IN class for internet. It is an MX record. And then you put the name of the mail server. Later in the configuration, you’ll find the name of that device is listed with an A record that will specify the IP address of that mail server.
Many DNS servers also contain configuration details for additional name servers on the domain. These are NS records or name server records. The format of a name server record would specify the class of this record, which is internet. This is the name server record, or NS. And then you’ll list out the names associated with those name servers. Later on in the configuration, you can find A, or address records, that will associate the name of the name server to a specific IP address.
We commonly use DNS servers to associate a name with an IP address, but we can also do the reverse where we provide the name server with an IP address and it will provide us with the name. It’s able to do this by using pointer records, or PTR records, which are effectively the reverse of an A or a quad A record. In the configuration of our DNS, we would list out the IP addresses associated with these devices. We would specify that these are PTR or pointer records, and then we would provide the fully qualified domain name of these devices.
Another common DNS resource record you’ll find is a text record, or a TXT record. This record usually contains information that will be valuable to other third party services that are accessing your DNS. For example, a text record might contain SPF protocol information– this stands for Sender Policy Framework. And it’s a type of text message that helps prevent someone else from spoofing your domain name as emails are sent out across the internet. Other mail servers can check this text record and determine if this particular email address really came from your email server.
We also use text records to add DKIM, or Domain Keys Identified Mail. This allows your mail servers to digitally sign outgoing mail. And when the external mail server receives this, they can confirm that this was, indeed, digitally signed by your mail server. You’re effectively adding your public key into this particular DNS text record. Here’s an example of these two text records in my DNS. This first record is an SPF TXT record. It contains information that tells other mail servers what the valid mail servers will be for professormesser.com. So I list out my domain name, professormesser.com. I’ve got a timeout value of 300 seconds. This is a text record, and there’s the SPF information. Third parties will be able to look at this text record on my DNS server, and see that if mail is coming from mailgun.org, than it is authorized as a mail server for professormesser.com.
I also have a domain key text record listed here, which shows the domain key information for professormesser.com. This is a text value. And you can see the entire public key is listed under this DKIM1 value. This allows third-party mail servers that have received a digitally signed email from my mail server to get the public key and validate that signature.