Translating domain names to IP addresses is one of the central services on the internet. Your computer sends daily requests to the domain name system (DNS) without you knowing. Name resolution on the internet usually only captures our attention when something isn’t working properly. But ask yourself today: What is DNS? And what is a DNS server?DNS – the internet naming system
DNS Records: How Do DNS Records Work?
The Domain Name System (DNS) ensures that users can enter a domain in the browser and arrive at their desired website. In fact, network participants primarily communicate via IP addresses. However, since these are rather unwieldy, you only need to enter the website name as this is automatically translated into the number sequence. How does this translation work?
What Are DNS Records?
When you enter an internet address in the browser, the system first has to look up which IP address belongs to this domain. This sometimes occurs even in the computer’s memory itself, often in the internet provider’s database or other DNS servers, and in cases of uncertainty, via one of the large root servers that monitor the entire Domain Name System as authority entities. In order to perform a name resolution, the DNS records, specifically the resource records, must be searched for in the DNS and/or name servers. Here, each IP address (known to the server) is assigned a domain name.
The DNS has a hierarchical and decentralized structure. At each level, there is a server that is responsible for its namespace. This means that in the search for www.example.com’s IP address, the root server only helps if it knows which server is responsible for the Top-Level Domain (TLD). In this way, the individual levels are run through in order to perform the name resolution. This means that the IP address of the actual web server or mail server resides solely with the host itself. For this reason, it is important for website operators to understand the concept of resource records.
How Do DNS Records Work?
DNS records are primarily located in zone files. With respect to DNS, a zone denotes an organizational area. It is possible for a domain to consist of a single zone. Extensive domains, however, are often divided into several zones. Each DNS server is responsible for a zone. If a client therefore wishes to activate a specific domain, it (or more specifically, the DNS server) has a look in the zone files for the appropriate records and forwards the request to a lower-level server until the final destination is reached.
DNS Record Syntax
Resource records are structured according to a simple system and coded in ASCII. There is a separate line for each DNS record. The records typically follow the following format:
<name> <ttl> <class> <type> <rdlength> <radata>
The discrete information is separated by a space and some kinds of information are only optional. In certain types of records, additional fields also appear. But what do the key record fields represent?
- <name>: The domain name is the name that the user enters into their browser.
- <ttl>: TTL stands for “time to live” and denotes the time (in seconds) that a record may be temporarily stored in the cache. After the time has lapsed, it cannot be ensured that the resource record is still current. This information is optional.
- <class>: In theory, there are different classes of DNS records. In practice, however, the records always refer to the internet (marked as IN), which is why this information is also optional.
- <type>: Different types of resource records appear in a zone file (for more on this, see below).
- <rdlength>: This optional field specifies the size of the subsequent data field.
- <rdata>: Resource data is the information according to which the domain name can be resolved (such as the IP address).
The DNS record for the example.com web server thus looks like this:
www.example.com. 12879 IN A 184.108.40.206
A client can store the record for 12,879 seconds (around three and a half hours) in the cache before the information must again be requested from the DNS server. It involves a DNS record on the internet (IN) and a type A record (A). The domain is resolved to an IP address.
Another notation is also possible:
$TTL 12879 $ORIGIN example.com. www A 220.127.116.11
This notation illustrates that the computer with the name www is part of the example.com domain. This way, other computers such as mail or ftp can be placed under the origin domain.
The domain name ends (or begins, because one goes from right to left) with a period. Fully Qualified Domain Names (FQDN) – in which the root label (though empty) also appears – are used in DNS records. It generally is situated after the period.
The Most Important DNS Record Types
A record type determines what kind of information is located in the record. In addition to the resolution of domain names according to IP addresses, DNS records have other functions as well.
The largest portion of name resolution on the internet takes place via the type A record. An IPv4 address is located in its data field. Through these records, it is possible for the internet user to enter a domain name in the browser and for the client to send an HTTP request to the appropriate IP address. Since an IPv4 address always has a size of 4 bytes, the value under rdlength – if specified – is always 4.
An AAAA record, also known as “quad A”, functions exactly like the A record. However, it uses an IPv6 address instead of an IPv4 address to resolve the name. Because IPv6 has a length of 128 bits (16 bytes), the data field length is also predefined here. The AAAA designation is based on the fact that the data field has four times the length of an A record data field.
SOA stands for Start of Authority. The records for this type contain information on the zone that is organized by the zone file and/or the DNS server. This is important – among other scenarios – during a zone transfer. Here, zone files are mirrored to other servers in order to prevent failures. The zone transfer regulates the periodic distribution of the original file. In this kind of DNS record, a serial number is therefore also placed next to the mailing address of the responsible administrator. This increases with each file update.
Under a CNAME record (canonical name record), one finds an alias – an additional name for a domain. Using this, the record refers to an existing A record or AAAA record. With this type, the rdata field is filled with a domain name that was previously linked with an IP address in the file. In this way, different addresses can refer to the same server.
An MX record refers to a mail exchange or an SMTP email server. One or several email servers are defined here that belong to the relevant domain. When using several mail servers (for example, to offset a failure), they specify different priority levels. In this way, the DNS knows in which sequence the contact attempt should proceed.
The PTR record (pointer) is a DNS record that permits a reverse lookup. Through this technique, the DNS server can also provide information regarding which host names belong to a specific IP address. For every IP address that is used in A or AAAA records, there also exists a corresponding PTR record. At the same time, the IP address is structured in reverse sequence and is also provided with the name of a zone.
In the NS record – a zone file’s name server record – the jurisdiction for a specific zone is clarified. For this reason, this record is mandatory for each zone file. This resource record gives the DNS server information on whether it is responsible for the request – thus requiring it to organize the relevant zone – and to whom it must forward the request.
The TXT record contains text that either is intended for human users as an information source or is machine-readable information. This DNS record gives an administrator the option of storing unstructured Text (in contrast to the structured data of the other DNS records). This could also include details about the company behind the domain.
Via the SRV record, a server can provide information about other services (SRV). For this purpose, the service, including the port at which it can be reached, is specified. In addition, the used protocol forms part of the name. Via the DNS record, a client can receive information on LDAP or XMPP services.
Through the LOC record, the location of the physical server can be disclosed. For this purpose, the latitude, longitude, height above sea level as well as an error deviation are given at the end of the record.
Learn more about "What is DNS propagation?" in our Digital Guide article on the topic.
In the zone file (a type of simple text file), all of the DNS records are listed. In order for the data to be correctly processed, specific guidelines must be observed. Otherwise the DNS cannot function, and the client will receive the SERVFAIL error message. For this reason, it is necessary to adhere to a special structure: Initially the zone name is specified, and then, in many cases, the TTL. Adding the time information right here has the advantage that, in the individual resource records, the information can be omitted. The TTL is then valid globally for the entire zone.
$ORIGIN example.com. $TTL 12879
The first DNS record is a SAO record. Without this, a zone file cannot function. Conversely, a zone file is then also valid only if the SOA record is available. After that, there are the first records for the name server, and then the A and AAAA records.
If comments are to be added within the file – for example, to make work easier for other administrators –semicolons should be used. This way, information is created about a DNS record without the server processing the text. You can insert empty lines to structure your records. These are also simply ignored by the system during the readout. One line is used per record; a line break finalizes the record. If you want to have a record run over several lines, however, you should then add brackets.
All DNS Record Types in Summary
In addition to those mentioned above, there are many other possible resource record types that can be found in the zone files – even if not all that often. The following table introduces all the types and provides some brief insight into their functions.
The Internet Assigned Numbers Authority (IANA), which also has the allocation of IP addresses among its responsibilities, has assigned each DNS record type a value (like a kind of identification number).
|1||A||Address specifies a host’s IPv4 address.|
|2||NS||Nameserver clarifies the zone’s authority.|
|3||MD||Mail Destination was replaced by the MX record (obsolete).|
|4||MF||Mail Forwarder was replaced by the MX record (obsolete).|
|5||CNAME||Canonical Name defines an alias.|
|6||SOA||Start of Authority discloses details about the zone.|
|7||MB||Mailbox Domain Name is experimental.|
|8||MG||Mail Group Member is experimental.|
|9||MR||Mail Rename Domain Name is experimental.|
|10||NULL||Null Resource is experimental.|
|11||WKS||Well Known Service was used for mail forwarding (now obsolete).|
|12||PTR||Pointer is intended for reverse lookup.|
|13||HINFO||Host Information supplies the host’s hardware and software details.|
|14||MINFO||Mailbox Information is experimental.|
|15||MX||Mail Exchange assigns email servers a domain.|
|16||TXT||Text provides the option of entering additional texts.|
|17||RP||Responsible Person provides information on the responsible person.|
|18||AFSDB||AFS Database is specifically intended for AFS clients.|
|19||X25||X.25 PSDN Address provides details on encapsulation via X.25 (obsolete).|
|20||ISDN||This record assigns the DNS name an ISDN number (obsolete).|
|21||RT||Route Through Record provides route-through binding without a WAN address (obsolete).|
|22||NSAP||This record enables assignment of domain names to Network Service Access Points (obsolete).|
|23||NSAP-PTR||NSAP Pointer was replaced by PTR (obsolete).|
|24||SIG||Signature was replaced by RRSIG (obsolete).|
|25||KEY||Key was replaced by IPSECKEY (obsolete).|
|26||PX||Pointer to X.400 specifies MIXER mapping regulations (obsolete).|
|27||GPOS||Geographical Position was replaced by LOC (obsolete).|
|28||AAAA||AAAA provides a host’s IPv6 address.|
|29||LOC||Location contains location information.|
|30||NXT||Next was replaced by NSEC (obsolete).|
|31||EID||Endpoint Identifier is intended for Nimrod Routing Architecture (obsolete).|
|32||NIMLOC||Nimrod Locator is intended for Nimrod Routing Architecture (obsolete).|
|33||SRV||Service Locator provides information about other services.|
|34||ATMA||ATM Address provides information when there are asynchronous transfer modes (obsolete).|
|35||NAPTR||Naming Authority Pointer is an A record extension that permits the search pattern (regular expressions).|
|36||KX||Key Exchanger enables key management for cryptography.|
|37||CERT||Cert saves certificates.|
|38||A6||A6 was replaced by AAAA.|
|39||DNAME||Delegation Name specifies the aliases for complete domains.|
|40||SINK||Kitchen Sink enables the storage of various data (obsolete).|
|41||OPT||Option is a pseudo-record when there is a DNS extension mechanism (EDNS).|
|42||APL||Address Prefix List lists address areas in CIDR format.|
|43||DS||Delegation Signer identifies DNSSEC-signed zones.|
|44||SSHFP||SSH Public Key Fingerprint discloses the fingerprint for SSH keys.|
|45||IPSECKEY||IPsec Key contains an IPsec key.|
|46||RRSIG||RR Signature contains a digital signature for DNSSEC.|
|47||NSEC||Next Secure threads signed zones in DNSSEC.|
|48||DNSKEY||DNS Key contains a public key for DNSSEC.|
|49||DHCID||DHCP Identifier links domain names with DHCP clients.|
|50||NSEC3||Next Secure 3 is an alternative to NSEC.|
|51||NSEC3PARAM||This record contains Parameter for NSEC3.|
|52||TLSA||This record issues an TLSA Certificate Association with a domain name pertaining to DANE.|
|53||SMIMEA||This record issues a S/MIME Certificate Association with a domain name.|
|55||HIP||Host Identity Protocol separates endpoint markers and positioning functions from IP addresses.|
|56||NINFO||NINFO provides information on the zone’s status (same structure as TXT; obsolete).|
|57||RKEY||RKEY saves keys (same structure as KEY and DNSKEY; obsolete).|
|58||TALINK||Trust Anchor Link connects two domain names (obsolete).|
|59||CDS||Child DS is a child copy of a DS record.|
|60||CDNSKEY||Child DNSKEY is a child copy of a DNSKEY record.|
|61||OPENPGPKEY||OpenPGP Key discloses public keys.|
|62||CSYNC||Child-to-Parent Synchronization enables the reconciliation of parent and child zones (obsolete).|
|63||ZONEMD||Message Digest for DNS Zone is experimental (obsolete).|
|99||SPF||Sender Policy Framework was replaced by the TXT record (obsolete).|
|104||NID||NodeID is experimental.|
|105||L32||32-bit Locator is experimental.|
|106||L64||64-bit Locator is experimental.|
|107||LP||Locator Pointer is experimental.|
|108||EUI48||48-bit Extended Unique Identifier encrypts addresses.|
|109||EUI64||64-bit Extended Unique Identifier encrypts addresses.|
|249||TKEY||Transaction Key enables the exchange of secret keys.|
|250||TSIG||Transaction Signature is used for authentication.|
|251||IXFR||Incremental Zone Transfer enables zone file components to be updated on a second server (obsolete).|
|252||AXFR||AFXR transfers a complete zone file to a second server (obsolete).|
|253||MAILB||Mailbox queries records related to a mailbox (obsolete).|
|254||MAILA||Mail Agent was replaced by MX-Record (obsolete).|
|255||*||* requests all records (obsolete).|
|256||URI||Uniform Resource Identifier discloses the mapping of host names to URIs.|
|257||CAA||Certificate Authority Authorization specifies a domain’s possible CAs.|
|258||AVC||Application Visibility and Control contains application metadata for DNS-AS (obsolete).|
|259||DOA||DOA is no longer active (obsolete).|
|260||AMTRELAY||Automatic Multicast Tunneling Relay enables the finding of AMT relays (obsolete).|
|32768||TA||DNSSEC Trust Authorities enables DNSSEC without signed root.|
|32769||DLV||DNSSEC Lookaside Validation discloses trust anchors beyond the standard DNS chain.|
|65280–65534||n/a||For private use.|