LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Understanding Domain Name Service (DNS)

Share Post:
More...

DNS (Domain Name Services) are as fundamental to email and web services as address books and published street addresses and phone numbers are to other types of communications.  Without them, it is difficult to connect with new people and organizations and it is even inconvenient to communicate with your friends and family.

In this article, we cover the basic concepts involved in Domain Name Services (DNS) and domain registration, so that you can understand how they are involved in email and web hosting services. 

A DNS Example

To understand what Domain Name Service (DNS) is and how it is used, it is best to start with an example: John Sample wishes to register and setup a domain for web site and email services. Here are the steps involved:

1. Registration of the Domain

John goes to some company, such as LuxSci, and finds a domain name that he likes and which isn’t in use by someone else. He then registers it, paying a fee for one or more years. What does this registration actually buy him? It depends on the company he registered at and for what exactly he signed up; however, it usually only means that John has now leased the domain name for some period of time. He doesn’t actually “own” it, he just has the sole right to use it for some period of time, after which he has the right to renew his lease or let someone else have it.

Note that when you register a new domain name [say at LuxSci], it will take  up to 24 hours for that domain to become live and functional on the Internet. If you register it elsewhere, it may take longer.

If you are thinking about using a service that provides “private domain registrations”, please see the Dangers of Private Domain Registrations and WHOIS Masking.

2. Sign up for web and/or email hosting

 John then contacts some company, such as LuxSci, to order hosting. A hosting company provides the computers on which John’s web site files will reside and/or which will accept email for John at this new domain name.

…What is missing? DNS.

Registration of the domain gave John a “name” on the Internet (e.g. johnsample.com); obtaining web or email hosting services gives him an “address” — the Internet addresses of the computers owned by the hosting compan(ies) that will be handling John’s web and email needs (e.g .172.151.2.12). What is missing is a connection between the easy-to-remember name and the actual addresses where the services reside.

We like to make the analogy that DNS is like a “phone book” for domain names. It contains entries that indicate which Internet (Internet Protocol – IP) address corresponds to which domain name (and vice versa). You probably use DNS all the time and don’t even know it! Whenever you type an address such as “http://google.com” into your web browser, the web browser uses DNS to find out the numerical address(es) of the computers that handle Google’s web site; it then uses these addresses to connect to those computers to get the web site files.

Thus, anyone who has a domain name that is to be used for email or web services needs DNS services as well. These services are usually provided by your web or email hosting company, because they know their computer addresses and should be in a position to update your DNS settings for you if any of their computer’s addresses need changing.

You may be able to manage your DNS settings yourself if, for example, your domain registration company provides this service to you, or if you use a company like easyDNS (of which LuxSci is a partner and whose services LuxSci offers at a discount to its members).

3. Transfer your domain.

If your web hosting company is going to take care of your DNS settings for you, you need to give them control over these settings. This means telling your domain registrar (Register.com in this example) what servers your web hosting company is going to be using for your DNS…. your web hosting company will tell you what to say.

DNS Summary

Now, you should have a rough picture of the complexity involved in managing a domain name — there are at least 3 sets of computers involved!

  • One set belongs to your domain name registrar. They keep track of what domains are registered, who currently “owns” them, and what computers manage the DNS settings for each of these domains. (This information is stored in a big database called the “WHOIS” database).
  • One set belongs to the company that manages the DNS settings for your domain. These computers understand what computer addresses correspond to what domain names. Other computers, like your web browser, can ask them to look up the name for an address, or vice versa.
  • The third set belongs to your web and email hosting company. On these computers, your web site files are stored and your email is delivered. These are almost always different computers than the ones that handle the DNS and WHOIS.

Mail Exchange (MX) Records

An “MX Record” is a DNS entry that indicates what server(s) handle inbound email messages for your domain. These can be, and usually are, different servers than those that handle your web site.  They may also be different from the servers on which you email is stored.

“MX” stands for “Mail Exchange”. Typically, you will have 2 or more MX records for your domain. One is primary; the others are secondary and will provide load balancing or failover for increased delivery reliability.  E.g. in case one server is down, the others can still receive your email.

MX Record Priority

What is up with the MX record priority?  These are numbers that go along with each MX record.  The “priority” can be any number zero or higher (e.g. 0, 10, 14, 999, etc.).  The priority is used only to sort the MX records.  The mail server should try the MX record with the smallest numerical priority first, and if it fails to connect to that server, try the next one with the next highest priority.  If multiple records have the same priority,  one of them should be picked at random (or their use should be rotated).

So, the actual numerical value of the priority doesn’t matter at all.  It doesn’t matter if its “10″ or “15″ or “100″.  All that matters is which numbers are bigger than which others and which ones are the same…. as this defines the priority of which servers are tried first and which ones are “load balanced” to some degree.

Subdomains

If John Sample registered “johnsample.com”, then he really can have any number of domain names, as long as they each end in “.johnsample.com”. I.e. “www.johnsample.com”, “blog.johnsample.com”, and “my.daughter.johnsample.com” are all domains that John has a right to setup and use because he has registered “johnsample.com”. These are all called “subdomains” because you cannot register them individually, but get them if you register the domain “johnsample.com”. Subdomains are created when entries for them are made in the DNS for your domain.

You can configure your DNS settings to use any addresses you wish for web and email for any of your subdomains. Your DNS provider should allow you to do this as a matter of course.

If your subdomain is configured to point to another domain or subdomain name, rather than to a computer’s address, it is known as an “alias” or a “CNAME”.  When a domain or subdomain points directly to a computer’s numberical “IP Address”, this is known as an “A record” (Address Record). For example

blog.johnsample.com -> 172.99.99.2 (This is an A or “Address” record)

blog.johnsample.com -> wordpress.org (This is an alias “CNAME” record, where your domain gets the address that wordpress.org has by referencing it by name).

DNS Propagation: Time-To-Live (TTL)

The “Time-To-Live” or TTL is an important DNS parameter that you should be aware of when you want to change your DNS settings.  A TTL is roughly the maximum time that it can take for any change in your DNS to take effect all throughout the Internet.  A small TTL setting, such as 20 minutes, will allow all your changes to propagate across the Internet in about 20 minutes or so, a large setting can result in the changes taking days to be noticed. A typical default setting can be 3 to 24 hours!  Clients for whom LuxSci manages their DNS generally have their TTLs set to 3 hours, unless they request otherwise. Note that the TTL is also the time it will take for changes in the TTL to be effective…!

This means that if your TTL is 1 day and you plan to make a change that needs to take effect in 15 minutes, then you should:

  1. Change the TTL to 15 minutes
  2. Wait 1 day for the change in TTL to propagate across the Internet
  3. Any other changes to your DNS after this 1 day wait will then propagate in no more than 15 minutes.

Why are DNS Changes not Instantly Available?

The answer reflects the clever way in which DNS works. Your changes ARE available instantly on the actual computers that manage your DNS.  In order to prevent everyone in the world from asking your DNS servers directly for your DNS information, which would bog them down greatly, DNS is set up so that people’s computers ask local DNS servers in their ISPs.  These return the information if known, otherwise, they ask other “upstream” servers until eventually some server asks the main “authoritative” ones at your DNS provider.  All of these intermediate servers keep the information so that they can give it out again quickly without asking the “upstream” servers again.  This information is all remembered as long as your TTL is (without going into the fine details).  For this reason, its takes a time equal to the TTL before all of these servers will refresh their information.  It also means that some people will see your new DNS settings sooner than other people…. all based on when their DNS servers need to refresh their saved information.

This distributed method of looking up DNS information is good because it is quick and minimizes the work your DNS provider’s servers have to do. It has the drawback that the other DNS severs have stale information whenever you change your DNS settings. To compensate, you can set your TTL to be small. Effectively, if a DNS server has information that is older than the TTL, the DNS server doesn’t trust that the data is accurate and goes to get a fresh copy when asked. This is why the time it can take your DNS changes to propagate across the Internet is approximately the TTL setting you have configured for your domain.

Why not always use a very small TTL?

There are two main reasons for that:

  1. Speed: The smaller your TTL, the slower your email or web site will be … as computers and servers will have to be spending more time looking up and refreshing DNS information.
  2. If your TTL is very small (e.g. sub 5 minutes) than some improperly configured DNS servers may disregard it and use a larger TTL.  Less than 1% of DNS servers do this, but it can happen.

DNS Text Records for Anti-Spam Protection

Another form of DNS record is the “Text” record (TXT record).  These allow you to have any arbitrary text associated with any domain.  Anyone on the Internet can query your DNS and see what this text says and know that you, the person in charge of your domain, put it there.  How is this useful?  It can help stop forged and fake email:

1. SPF (Sender Policy Framework) Records

With SPF records, you add some special instructions to your DNS that specifies which servers on the Internet are permitted to send email using your domain.  Spam filters can use this when they look at email purporting to be from you to see if it was sent from your servers or not.  If not, the message can be treated as Spam.

For adding SPF to your domain, the SPF Wizard is useful.

If you are a LuxSci customer, you would make a TXT record for your domain with the content “v=spf1 include:luxsci.com ~all”.  See this help article for more details.

2. DKIM (Domain Keys Identified Email) Records

With DKIM, your sending email server cryptographically signs each email that you send.  The “public key” that can be used to verify this signature is published in your DNS. For details, see DKIM: Fight Spam and Forged Email by Signing your Messages.

For More Information:

 

Share:
More...

7 Responses to “Understanding Domain Name Service (DNS)”

  1. DNS Price Cut! $0.99/month or $11.88/year | LuxSci FYI Says:

    [...] Domain name services control the publication of which servers at what providers are in charge of your web site, your email, and other services.  Any domain that is being used (as opposed to merely being “parked” for possible later use) needs DNS services to function.  Please refer to  Understanding Domain Name Service (DNS). [...]

  2. Bebek bak?m? Says:

    that was helpfull for me thanks…..

  3. Clinton Says:

    Excellent article! Been scouring the web looking for something like this for a while.

  4. IMAP Hosting, SSL, PGP Encryption, SSL IMAP Email, Corporate Email Security | LuxSci FYI Says:

    [...] domain (these are the “mail exchange” or MX records for the domain; see also Understanding Domain Name Service (DNS)) includes an ordered list of SMTP Servers that expect to receive email for this recipient. The [...]

  5. Lock down your Filtered MX Logic and Postini Email | LuxSci FYI Says:

    [...] and Postini work by having your email delivered to their filtering servers first (because your DNS MX records point there).  Once filtered, their servers will deliver the messages to your email servers for [...]

  6. DNS at LuxSci and EasyDNS -- Not your "Daddy's" DNS! | LuxSci FYI Says:

    [...] has recently lowered its prices for DNS services [and domain registrations]. We are now cost competitive with all major DNS services offered, with [...]

  7. Why Email is Not Instantaneous — and Not Supposed to Be | LuxSci FYI Says:

    [...] DNS or network issues prevent the server from being able to determine what server is supposed to be next. [...]

Leave a Comment

You must be logged in to post a comment.

Security Certifications TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries