Understanding Domain Name Service (DNS)
DNS (Domain Name Services) are as fundamental to email and web services as address books and published street addresses and phone numbers are to other types of communications. Without them, it is difficult to connect with new people and organizations and it is even inconvenient to communicate with your friends and family.
In this article, we cover the basic concepts involved in Domain Name Services (DNS) and domain registration, so that you can understand how they are involved in email and web hosting services.
A DNS Example
To understand what Domain Name Service (DNS) is and how it is used, it is best to start with an example: John Sample wishes to register and setup a domain for web site and email services. Here are the steps involved:
1. Registration of the Domain
John goes to some company, such as LuxSci, and finds a domain name that he likes and which isn’t in use by someone else. He then registers it, paying a fee for one or more years. What does this registration actually buy him? It depends on the company he registered at and for what exactly he signed up; however, it usually only means that John has now leased the domain name for some period of time. He doesn’t actually “own” it, he just has the sole right to use it for some period of time, after which he has the right to renew his lease or let someone else have it.
Note that when you register a new domain name [say at LuxSci], it will take up to 24 hours for that domain to become live and functional on the Internet. If you register it elsewhere, it may take longer.
If you are thinking about using a service that provides “private domain registrations”, please see the Dangers of Private Domain Registrations and WHOIS Masking.
2. Sign up for web and/or email hosting
John then contacts some company, such as LuxSci, to order hosting. A hosting company provides the computers on which John’s web site files will reside and/or which will accept email for John at this new domain name.
…What is missing? DNS.
Registration of the domain gave John a “name” on the Internet (e.g. johnsample.com); obtaining web or email hosting services gives him an “address” — the Internet addresses of the computers owned by the hosting compan(ies) that will be handling John’s web and email needs (e.g .22.214.171.124). What is missing is a connection between the easy-to-remember name and the actual addresses where the services reside.
We like to make the analogy that DNS is like a “phone book” for domain names. It contains entries that indicate which Internet (Internet Protocol – IP) address corresponds to which domain name (and vice versa). You probably use DNS all the time and don’t even know it! Whenever you type an address such as “http://google.com” into your web browser, the web browser uses DNS to find out the numerical address(es) of the computers that handle Google’s web site; it then uses these addresses to connect to those computers to get the web site files.
Thus, anyone who has a domain name that is to be used for email or web services needs DNS services as well. These services are usually provided by your web or email hosting company, because they know their computer addresses and should be in a position to update your DNS settings for you if any of their computer’s addresses need changing.
You may be able to manage your DNS settings yourself if, for example, your domain registration company provides this service to you, or if you use a company like easyDNS (of which LuxSci is a partner and whose services LuxSci offers at a discount to its members).
3. Transfer your domain.
If your web hosting company is going to take care of your DNS settings for you, you need to give them control over these settings. This means telling your domain registrar (Register.com in this example) what servers your web hosting company is going to be using for your DNS…. your web hosting company will tell you what to say.
Now, you should have a rough picture of the complexity involved in managing a domain name — there are at least 3 sets of computers involved!
- One set belongs to your domain name registrar. They keep track of what domains are registered, who currently “owns” them, and what computers manage the DNS settings for each of these domains. (This information is stored in a big database called the “WHOIS” database).
- One set belongs to the company that manages the DNS settings for your domain. These computers understand what computer addresses correspond to what domain names. Other computers, like your web browser, can ask them to look up the name for an address, or vice versa.
- The third set belongs to your web and email hosting company. On these computers, your web site files are stored and your email is delivered. These are almost always different computers than the ones that handle the DNS and WHOIS.
Mail Exchange (MX) Records
An “MX Record” is a DNS entry that indicates what server(s) handle inbound email messages for your domain. These can be, and usually are, different servers than those that handle your web site. They may also be different from the servers on which you email is stored.
“MX” stands for “Mail Exchange”. Typically, you will have 2 or more MX records for your domain. One is primary; the others are secondary and will provide load balancing or failover for increased delivery reliability. E.g. in case one server is down, the others can still receive your email.
MX Record Priority
What is up with the MX record priority? These are numbers that go along with each MX record. The “priority” can be any number zero or higher (e.g. 0, 10, 14, 999, etc.). The priority is used only to sort the MX records. The mail server should try the MX record with the smallest numerical priority first, and if it fails to connect to that server, try the next one with the next highest priority. If multiple records have the same priority, one of them should be picked at random (or their use should be rotated).
So, the actual numerical value of the priority doesn’t matter at all. It doesn’t matter if its “10″ or “15″ or “100″. All that matters is which numbers are bigger than which others and which ones are the same…. as this defines the priority of which servers are tried first and which ones are “load balanced” to some degree.
If John Sample registered “johnsample.com”, then he really can have any number of domain names, as long as they each end in “.johnsample.com”. I.e. “www.johnsample.com”, “blog.johnsample.com”, and “my.daughter.johnsample.com” are all domains that John has a right to setup and use because he has registered “johnsample.com”. These are all called “subdomains” because you cannot register them individually, but get them if you register the domain “johnsample.com”. Subdomains are created when entries for them are made in the DNS for your domain.
You can configure your DNS settings to use any addresses you wish for web and email for any of your subdomains. Your DNS provider should allow you to do this as a matter of course.
If your subdomain is configured to point to another domain or subdomain name, rather than to a computer’s address, it is known as an “alias” or a “CNAME”. When a domain or subdomain points directly to a computer’s numberical “IP Address”, this is known as an “A record” (Address Record). For example
blog.johnsample.com -> 126.96.36.199 (This is an A or “Address” record)
blog.johnsample.com -> wordpress.org (This is an alias “CNAME” record, where your domain gets the address that wordpress.org has by referencing it by name).
DNS Propagation: Time-To-Live (TTL)
The “Time-To-Live” or TTL is an important DNS parameter that you should be aware of when you want to change your DNS settings. A TTL is roughly the maximum time that it can take for any change in your DNS to take effect all throughout the Internet. A small TTL setting, such as 20 minutes, will allow all your changes to propagate across the Internet in about 20 minutes or so, a large setting can result in the changes taking days to be noticed. A typical default setting can be 3 to 24 hours! Clients for whom LuxSci manages their DNS generally have their TTLs set to 3 hours, unless they request otherwise. Note that the TTL is also the time it will take for changes in the TTL to be effective…!
This means that if your TTL is 1 day and you plan to make a change that needs to take effect in 15 minutes, then you should:
- Change the TTL to 15 minutes
- Wait 1 day for the change in TTL to propagate across the Internet
- Any other changes to your DNS after this 1 day wait will then propagate in no more than 15 minutes.
Why are DNS Changes not Instantly Available?
The answer reflects the clever way in which DNS works. Your changes ARE available instantly on the actual computers that manage your DNS. In order to prevent everyone in the world from asking your DNS servers directly for your DNS information, which would bog them down greatly, DNS is set up so that people’s computers ask local DNS servers in their ISPs. These return the information if known, otherwise, they ask other “upstream” servers until eventually some server asks the main “authoritative” ones at your DNS provider. All of these intermediate servers keep the information so that they can give it out again quickly without asking the “upstream” servers again. This information is all remembered as long as your TTL is (without going into the fine details). For this reason, its takes a time equal to the TTL before all of these servers will refresh their information. It also means that some people will see your new DNS settings sooner than other people…. all based on when their DNS servers need to refresh their saved information.
This distributed method of looking up DNS information is good because it is quick and minimizes the work your DNS provider’s servers have to do. It has the drawback that the other DNS severs have stale information whenever you change your DNS settings. To compensate, you can set your TTL to be small. Effectively, if a DNS server has information that is older than the TTL, the DNS server doesn’t trust that the data is accurate and goes to get a fresh copy when asked. This is why the time it can take your DNS changes to propagate across the Internet is approximately the TTL setting you have configured for your domain.
Why not always use a very small TTL?
There are two main reasons for that:
- Speed: The smaller your TTL, the slower your email or web site will be … as computers and servers will have to be spending more time looking up and refreshing DNS information.
- If your TTL is very small (e.g. sub 5 minutes) than some improperly configured DNS servers may disregard it and use a larger TTL. Less than 1% of DNS servers do this, but it can happen.
DNS Text Records for Anti-Spam Protection
Another form of DNS record is the “Text” record (TXT record). These allow you to have any arbitrary text associated with any domain. Anyone on the Internet can query your DNS and see what this text says and know that you, the person in charge of your domain, put it there. How is this useful? It can help stop forged and fake email:
1. SPF (Sender Policy Framework) Records
With SPF records, you add some special instructions to your DNS that specifies which servers on the Internet are permitted to send email using your domain. Spam filters can use this when they look at email purporting to be from you to see if it was sent from your servers or not. If not, the message can be treated as Spam.
For adding SPF to your domain, the SPF Wizard is useful.
If you are a LuxSci customer, you would make a TXT record for your domain with the content “v=spf1 include:luxsci.com ~all”. See this help article for more details.
2. DKIM (Domain Keys Identified Email) Records
With DKIM, your sending email server cryptographically signs each email that you send. The “public key” that can be used to verify this signature is published in your DNS. For details, see DKIM: Fight Spam and Forged Email by Signing your Messages.
For More Information:
- DNs at LuxSci – Not Your Daddy’s DNS
- DNS and Domain Registration at LuxSci
- Interview with Mark Jeftovic, CEO of easyDNS
- Split Domain Routing: Getting your Email at Two Providers