Write Review

Managing DNS for Web Hosting: The Ultimate Guide

If you are into web hosting and the general world of networking, you have undoubtedly heard of DNS. Today, I’ll cover how the overall process works and how it’s connected to web hosts. But before getting into any details, the question is, what is DNS?

Guide cover image

DNS Overview

The DNS is a distributed, hierarchical database, translating IP addresses, such as 192.0.2.30, into human-friendly domain names such as example.com, making it possible to use the Internet without remembering numbers.

Essentially, computers and similar devices address each other through numbers. We, humans, are different as we know and remember words and names. For example, instead of having Mike, Lazlo, and Heather, you have 192.168.1.1, 192.168.1.2, and 192.168.1.3 in networking.Illustration how does the DNS works

To bridge this communication gap between computers and humans and make communication a lot easier, networking engineers developed what we know today as DNS.

Many people compare the DNS to the phone book of the Internet. However, it’s not a phone book that you have to leaf through; the DNS usually works so fast that you don’t even notice it’s there.

If you are curious about how all of it works, you can find more information below. However, we’ll get straight into it. Let’s see how DNS applies to web hosting.

DNS Management

A web hosting control panel is a web interface that makes it easier for you to manage your web hosting account without technical skills. Most web hosting accounts will, by default, come with their control panel that enables you to manage your website, email, domain names, and DNS.

However, while you can manage your DNS records without getting too technical, you still need to understand how all of it works.

Here are several concepts you must understand:

  • Hosts: the host computers that are named by combining their local names with the parent domain name. In email.example.com, email is the host.
  • Subdomain: a domain that is a part of another domain. blog.example.com is a part of example.com.
  • An Internet host refers to a host computer, and a subdomain extends the domain name itself.
  • Hostnames refer to a computer or resource, while a subdomain extends the domain.  www.example.com is a host, while “www” is a subdomain.

The main difference between a hostname and a subdomain is that a host defines a computer or resource while a subdomain extends the parent domain. Subdomains provide a method of extending the domain name itself.

DNS Record Types

Many web hosting services out there provide access to these record types. However, in many of them, it is named differently. Try to find something called the DNS Manager or the DNS Zone Editor or DNS Control Panel; for example, you should be able to do all of them.

A Records

An address record maps a domain name or subdomain to an IP address. Since every resource online has an IP address, all of the DNS zone files will contain A records.

Records are the most commonly used record type as the fundamental task of the Domain Name System is to translate IP addresses into human-readable domain names.

The predominant IP address version that you will encounter is IPv4, 32-bit IP addresses with four octets separated by dots.

Here I will showcase some examples of A records, but please note that some DNS hosts will use the domain itself to represent the root domain (example.com), while other hosting services will use the @ symbol to represent example.com.

Here are some examples of the same zone file using different conventions you might encounter in your hosting service’s web hosting control panel.

Type Name Value TTL
A @ 192.0.2.4 1 hour
A server1 192.0.2.5 1 hour

Here is what the same zone file might look like at another hosting service.

Type Host Value TTL
A example.com 192.0.2.4 3600
A server1.example.com 192.0.2.5 3600

 

Type Host Points To TTL
A @ 198.51.100.2 1 Hour

AAAA Records

AAAA records that are pronounced as quad-A point at IPv6 addresses. Since IPv4 is still predominant, it is unlikely that you will need to edit this kind of record. Nevertheless, here is an example so that you can recognize AAAA records when you encounter them.

Type Host Value TTL
AAAA @ 2600:1800:5::10 1 Hour
AAAA server1 2600:1800:5::11 3600

CNAME Records

CNAME or Canonical Name records map an alias hostname to another hostname. The canonical name is the real name, while the alias is the nickname.

Type Host Value TTL
CNAME www @ 1 Hour

Here is an example of a CNAME pointing to an external website.

Type Host Value TTL
CNAME github1 example.github.io 1 Hour

 

Type Host Points To TTL
CNAME www example.com 1 Hour

MX Records

Mail Exchange or MX records specify the mail server to which Mail Transfer Agents (MTAs) should route incoming mail. Each MX record includes the mail server’s domain name and a preference value that tells the Mail Transfer Agents (MTAs) to try the mail servers starting with the lowest number first.

Type Name Value TTL
MX @ mail1.examplemailserver.com (priority 10) 1 Hour
MX @ mail2.examplemailserver.com (priority 20) 1 Hour
MX @ ALT1.ASPMX.L.GOOGLE.COM(Priority: 5) 1 Hour
MX @ 1 Hour
MX @ 1 Hour
MX @ 1 Hour
MX @ 1 Hour
MX @ ½ Hour

PTR Records - Pointer (PTR) records counterparts to A records and map IP addresses back to domain names.  Servers use it to verify that a specific IP address is associated with a particular domain name or host. Very few hosting providers provide access to change PTR records, and the syntax is convoluted.

TXT Record - A txt record or text record enables domain owners to associate text with their domain name. As a web hosting service user, you want to know how to use TXT records for email authentication.

Common DNS Record Types

Email Authentication

As a domain name owner, you will want to protect your domain name and your company reputation from email spoofing by spammers and phishers. Many scammers will mask their own identity by using other people’s domain names to send millions of spam or phishing emails.

SPF

Sender Policy Framework or SPF records help protect you from email spoofing by enabling you to provide a list of email senders that you have authorized to send an email on your behalf.

This list would include your email host, your Email Service Provider (ESP), your transactional email service provider (the service that sends receipts and such), and any other services you use to send outgoing emails.

If you used Google to host your daily email and MailChimp to send your email newsletter, a transactional email uses a dedicated IP address, while your SPF record might look like this:

Type Host Value TTL
TXT @ v=spf1 include: spf.google.com include:servers.mcsv.net ip4:198.51.100.10~all 1 Hour

Note: Many Email Service Providers (ESP’s) use their domain names in the _Mail From"_address in the email’s headers. It’s still a good idea to implement an SPF record for the Display From, the email address you send email from.

Type Host TXT Value TTL
TXT @ v=spf1 include:_spf.google.com 1 Hour

DKIM

Domain Keys Identified Mail (DKIM) enables the email receiver to verify the sender’s identity and the message that has not been altered in transit. DKIM uses a public key published as a TXT record in the domain name’s zone file and a private key that the sender holds. The sender then adds a digital signature to the headers of each email, vouching for the sender’s identity and that the email has not been modified since it was originally sent.

Here is an example of DKIM using TXT records:

Type Host Value TTL
TXT default._domainkey v=DKIM1;k=rsa;p=MIHSDSHDshsjdsjhdsUIDSUDHHQ
DGQYdgfsgfgegryeyyrEYGRGYEWRGWERYGWGRg
bggfdgysygfsgy+2hg6AHSHD45JSJRHEUrxvoJSJFhhr
jffhsdfhshf64+fsdhjfsudRQWR12hfhsuFDYSFGSFGYD
gdzk;lashfowriesgfgysGFUYSDGYfsyGUYGKLWQ
1 Hour

Some Email Service Providers (ESPs) ask you to use a CNAME to point at their DKIM.

Type Host Value TTL
CNAME k1._domainkey dkim.emailservicekim.net 1 Hour

Check the email services knowledge base for exact instructions on exactly how to implement DKIM for the email service in question.

Type Host Points to TTL
CNAME k1._domainkey dkim.mcsv.net 1 Hour

DMARC

Domain-based Message Authentication (DMARC) builds on SPF and DKIM by publishing policies telling email receivers how to handle authentication failures, providing reporting to domain owners. Hence, they know how their domain name’s being used.

DMARC is considerably more complex than SPF and DKIM to implement, so it’s probably best to seek the help of an expert if you decide to implement DMARC.

Many email deliverability experts think that DMARC is the future of email deliverability. So, we’re moving toward a day when it’ll be hard to deliver email without DMARC implemented successfully.

Here’s an example of a DMARC policy that calls for email that fails email authentication and sends aggregate reports on authentication failures to mailauth-reports@example.com.

Type Host Value TTTL
TXT dmarc v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.com 1 hour

 Web-Based DNS Tools

  • Mxtoolbox is a popular network diagnostic and lookup tool. With Mxtoolbox, you can do everything from diagnosing DNS problems to checking to see if IP addresses and domain names are on any “blacklists”.
  • SPF Survey is a helpful tool for validating your SPF record. It returns a pass or fails with valuable details in case there’s a problem.Web-based DNS Tools mind map
  • DKIM Inspector enables you to inspect and validate your DKIM records.
  • DMARC Inspector enables you to inspect the DMARC record for your domain name.
  • Whois Lookup queries the whois database that contains the hosting information on registered domain names and will tell you if the domain you’re interested in is available.

DNS Glossary

The DNS zone files are these simple text files that describe your domain name, which tells the internet where to find your website and how to route an email to you.

You have access to these zone files on the primary name server where the master copy is stored. You can edit your zone file using your web hosting service’s web hosting control panel.

A nameserver is a specialized server that handles the queries about the location of a domain name’s services, including your website and email. You are essentially pointing your domain to a specific nameserver by assigning it to your domain’s DNS settings. These will most of the time be the ones that the company you registered your domain with has assigned, but this is not always the case. A site’s DNS settings will include at least two nameservers, one is known as a primary nameserver, and the other is known as a secondary nameserver. If the primary one is for whatever reason not responding, the secondary server is used to resolve the request.

Secondary name servers are authorities as well, not just the primary ones. The secondary name servers keep their copy of your zone files in sync with the master copy on the primary name server and this, in turn, provides redundancy and load balancing.

Examples of what a primary and a secondary name server include:

  • ns1.example.com
  • ns2.example.com

When you change the DNS hosting, which will likely happen when you change your hosting provider, you will essentially transfer the authority for your domain zone to the new hosting provider.

TTL means Time to Live in Seconds is the amount of time a record can be cached. A TTL of 3600 means that the record will update every hour, and a TTL of 86400 means that it will take a day for the changes to update.Time to live illustration

Other name servers cache this information for a defined period, often measured in seconds but sometimes measured in hours. A TTL of 43.200 seconds or 12 hours would tell the name servers that are not authoritative for your zone or domain name and are currently caching your zone file, only to cache your zone file for 12 hours. Setting this TTL plays a critical part, as otherwise, caching name servers would serve out-of-date information on your domain name if you changed anything.

If you end up making changes to your DNS zone file, you want to temporarily reduce the TTL for the records you are changing, speeding up the propagation of these changes across the internet.

Once these changes have taken effect, it is a good idea to change the TTL back to the default value your host has set. Otherwise, the low TTL will generate many unnecessary DNS lookup traffic as caching name servers clear their caches of your zone file data too frequently. It will make too many DNS lookups to your authoritative name servers and possibly slow down the performance of your website and other services.

Class is the value that describes the protocol family that is being used. You will find that most of the time, this is set to IN, and IN means Internet Protocol.

Type identifies the resource record type; this is an abbreviation for the type of data stored in the subsequent data field. Examples of this include A (address) as well as MX (mail exchange).

Data is the payload that is required for a particular type of record. It can contain one or more elements and is separated by white spaces.

Elements of the name go as followed:

  • dot- at the end is the root or the first zone
  • com - top-level domain (TLD), which is the second zone
  • example - domain or the third zone
  • www - subdomain or the fourth zone

Domain Name structure

Zone Transfers - DNS Zone transfer, otherwise known as the query type AXFR, is a type of DNS transaction. It is one of the multiple mechanisms available for administrators to replicate DNS databases across a set of DNS servers. It can be full (AXFR) and incremental (IXFR).

Cache Snooping - DNS cache snooping occurs when someone queries a DNS server to find out or snoop if the DNS server has a specific DNS record cached. Here they deduce if the DNS server’s owner has recently visited a specific site.

  • whois

    - checks the information about ownership of a domain name

  • $whois [domain]

    - querying databases that store the registered users or assignees, including the domain name as well as the IP addresses.

Common DNS Commands

  • $ host [domain]

    - This command queries the DNS server for the domain

  • $ host [ip_ad­dress]

    - This provides you with reverse DNS lookup

  • $ host -t [DNS_r­ecord] [domain]

    - This command queries the DNS for given DNS record

  • $ host -l [domain]

    - This command helps you conduct zone transfer using AXFR

  • $ nslookup

    - This command gets you into the intera­ctive mode

  • $ > [domain]

    - This allows to query DNS server for the domain

  • $ > [ip_ad­dress]

    - Servers the role of reverse DNS lookup

  • $ dig [domain]

    - This command queries the DNS server for name

Defining DNS Records

  • TYPE - the most common DNS records are A, AAAA, CNAME, ALIAS, ANAME, TXT, and MX.
  • HOST - This is the root (@ or blank) of a subdomain (which can be www, app, blog) where you need to place the record.
  • VALUE - This can be an IP address (A, AAAA), another domain (CNAME, ALIAS, ANAME, MX), or an arbitrary value (TXT).
  • PRIORITY - In the case of only MX records, you will be given what value and priority to use by your email provider.
  • TTL - this refers to time to live, or in other words, how long to let record values be cached. Shorter is better for fast-changing values, while longer leads to faster resolution time as well as less traffic for your DNS server.
  • A - this maps the domain name to an IPv4 address.
  • AAAA - This maps the domain name to an IPv6 address.
  • CNAME - This maps the domain name to another domain name. This should not be done on the root.
  • ALIAS - This maps the domain name to another domain name. This can be done in the root.
  • ANAME - This is another name for ALIAS.
  • TXT - This allows you to set arbitrary data on your domain record.
  • MX - This lets you set up an email for your domain.

The Name Servers

  • Authoritative - this provides answers to DNS queries, including mail server IP address or website IP address. It also provides original and definitive answers to DNS queries.
  • Master Server - this stores the original master copies of all of the zone records.
  • Slave Server - this is a replica of the master server used to share DNS server load and improve DNS zone availability if the master server fails.
  • Recursive - this is a server that answers queries by asking other nameservers for the answer.
  • Caching - this stores DNS query results for a period determined in the configuration of each domain-name record.

Now, for those interested in how all of it works in the background. Here’s a detailed breakdown of the technology.

How Does DNS Work?

While DNS stands for Domain Name System and resolves names to numbers, it can also resolve domain names to IP addresses. So, when you type in a web address in a web browser, the DNS will convert it to a number, as the only thing computers know are numbers.illustrations of how does the dns works

Say you want to visit a specific website. You would open up your web browser, think along the lines of Chrome, Firefox, Safari, Microsoft Edge, and so on, and type in the domain name of that website.

For example, you are now located at hostadvice.com, so that we will use that as an example. Technically, you do not even have to type hostadvice.com to receive the HostAdvice webpage. You can just type in the IP address instead if you already knew what the IP address was. In the case of the HostAdvice example, the IP address is 104.26.3.86.

But, since we as humans are not accustomed to memorizing and dealing with numbers, especially given that millions of websites are currently online, we can just type in the domain name instead and let DNS convert it to an IP address for us.

In other words, when you type in hostadvice.com in your web browser, the DNS server will search through its database to find a matching IP address for that domain name, and when it finds it, it will resolve that domain name to the IP address of the HostAdvice website. Once that process is completed, your computer can communicate with the HostAdvice web-server and retrieve the web page.

How DNS works

If your web browser or operating system cannot find the IP address in its CACHE memory, it will send this query to another level. This other level is called the resolver server.

The resolver server is your ISP or Internet Service Provider. When the resolver receives the query, It will check its cache memory to find an IP address for hostadvice.com, and if it cannot find it, it will send the query to yet another level. This other level is the root server.

The root servers are the top of the root of a DNS hierarchy. There are thirteen sets of these root servers strategically placed around the globe and are operated by twelve different organizations. Each set of these root servers has its unique IP address.

When a ROOT server receives the query for the IP address for hostadvice.com, the ROOT server will not know what the IP address is, but the ROOT server does know where to send the resolver to help it find the IP address. The ROOT server will direct the resolver to the TLD or Top Level Domain server for the .com domain. The resolver will now ask the TLD server for the IP address for hostadvice.com,

The Top Level Domain Server stores the address information for top-level domains such as .com, .net, .org, etc. This TLD server manages the .com domain, which hostadvice.com is a part of. When the TLD server receives the query for the IP address for hostadvice.com, the TLD server will not know what the IP address is for hostadvice.com.  So the TLD will direct the resolver to the next level. It is the final level and is known as the Authoritative Name Server.

Here, the resolver will ask the Authoritative Name Server for the IP address for hostadvice.com.

The Authoritative Name Server is responsible for knowing just about everything about the domain, including the IP address. They are the final authority, meaning that the moment the Authoritative Name Server receives the query from the resolver, the name server will respond with the IP address for hostadvice.com.

Finally, the resolver will tell your computer the IP address for hostadvice.com. Then, your computer can receive the hostadvice.com website.

An important note here is that once the resolver receives the IP address of hostadvice.com, it will store it in its cache memory if it gets another query for hostadvice.com, so it does not yet again need to go through all of the previous steps.

The Domain Name Registrar

When you register (purchase) a domain name, you use a Domain Name Registrar, which is an organization that manages the registration of Internet domain names. Most Domain Name Registrars also provide hosting services, but some do not.

Regardless of whether your registrar provides hosting services or not, you can choose to host your domain name at any hosting service that you want. The key is to know enough about the DNS to decide what you want to do and make it happen. The first step in the right direction is to learn where the information about your domain name’s stored and how you can access it.

It’s essential to understand how networking technology functions. Theoretically, you do not need anyone from the outside world to allow you to build your network. Suppose you want to develop your internal network, for example, in your house or a corporation. You can build it without any third-party authorization outside of your house or corporation.

You can set up your switches, routers, DNS, and even your internal websites. If all you want to do is connect certain local computers with other local computers, you can do that without outside authority.

However, an issue arises when you try to connect your internal set of computers to the internet. The internet is the network of all of the computers networks worldwide. Here, you need some kind of authority to ensure that nobody does, well, anything they should not do.

These authorities are responsible for allocating IP addresses. There are plenty of IP addresses that exist, and as such, you need some kind of authority to allocate who gets those IP addresses. If you want to deal with domain names, you will have to use a domain name service; you need the authority to associate domain names with IP addresses, so hostadvice.com gets associated with 104.26.3.86 as an example. To do this on a global scale, you need an authority to indicate what is legitimate and what is not legitimate.

It’s where ICANN comes into the picture. ICANN is the Internet Corporation for Assigned Names and Numbers. It is a non-profit organization with overall responsibility for assigning IP addresses and overall how the DNS system works. They are a small non-profit organization, and they do not want to do the operations themselves for many functions. So, they farm out particular components of the IP addresses scheme and the DNS service out to other companies to handle it. It is where DNS Registrars come into the picture.ICANN logo

So if you want to have a domain name, you would not go to ICANN to purchase a domain name, but you would go to a registrar.

To get this domain name for your specific website, you have to register it somewhere. You cannot magically pull it out of thin air, and you will need to register indeed or purchase it. Usually, this is done through platforms such as Namecheap, GoDaddy, and so on. It is where you pay for your domain name per year.

These are private, or public companies that you can purchase DNS services through, and then they maintain and ensure that the information you have given is correct.

It is done through the WHOIS database, and the WHOIS says that when you buy a domain name, you have to give accurate information of how someone can contact you, provide a company name, an address, a phone number, or things like that. If there is a trademark issue with the domain name, then that is the information on the public record, and someone can contact you about your domain name and figure out the trademark issues.

These types of issues are dealt with through the usage of registrars. Whenever you buy a domain name such as hostadvice.com, you would go to Namecheap, GoDaddy, and other registrars, and you would purchase the domain name from them, and they would do the administrative upkeep of the domain name.

When you configure things such as the CNAME record, MX record, AAA record, NS record, or any other DNS records, you will go through their platform to configure that information. Then, they are then able to tell ICANN about the update to the overall DNS system.

NS Records or your name server’s DNS zone file contains the rest of the record types. Your hosting provider’s name is the authoritative source of information about reaching your website and how email should be routed to reach you at your domain name.

There are two or three name servers that are listed for any given domain name. The name servers commonly look like this with your hosting service’s control panel.

Keep in mind that many Domain Name Registrars also provide hosting services, while others do not.

The main way you can decide which one to use will be based on your knowledge about DNS. The first step here is to learn where your domain name is stored and how you can access it.

Types of DNS Queries

Recursive Query - In this query, a DNS client requires that the DNS server will respond to the client with the requested resource record or an error message if the resolver cannot find the record itself.

Iterative Query -  The DNS client will allow a DNS server to return the best answer that it can. If the requested DNS server does not match the query name, it will return a referral to a DNS server authoritative for a lower level of the domain namespace. Here, the DNS client will make a query to the referral address. This process will continue with additional DNS servers down the query chain until an error or timeout occurs.

Non-Recursive Query - This will occur when a DNS resolver client queries a DNS server for a record that it has access to, either because it is authoritative for the record or if it exists inside its cache. The DNS server will cache the DNS records to prevent additional bandwidth from being used and loaded to upstream servers.

Should I Even Care For What DNS Is?

Learning the basics around DNS will enable you as a hosting user to have a lot more freedom when using your domain name to achieve certain activities.illustration of DNS books

Suppose you want to migrate your website into another web hosting service. If you understand how DNS works on the back-end, you will be able to quickly move your website, email, and other services without any interruptions in the service itself.

You might be the kind of person that would instead hire an IT professional to do this for you or just let the hosting company do this. However, understanding DNS will help you communicate your goals with the person doing the configuration process quickly and fully understand your options.

Conclusion

By learning the basics of DNS, you can make better use of your web and email hosting, which will give you the power to make changes and even change hosting services in the future if you ever feel the need to do so.

Suppose you are just starting out hosting your first domain name or have already been using web hosting services in the past. In that case, there could come a time when you want to migrate your website to a new hosting service altogether. As such, knowing that you will need to change the nameservers to the new host after you have gotten your website up and running at the new host service will enable you to make the transition as easy as possible.

If you decide to host your email at a different service provider than the one your website is hosted at, knowing it’s the MX records that control the email routing will help you discern what information you need from your new host to translate a new host seamlessly.

Many services use DNS as a way of verifying ownership of domain names. They ask that you create a TXT record or a CNAME record to prove that you are either the owner of the domain or someone authorized to administer the DNS. Knowing what CNAME and TXT records are and how to edit them will enable you to verify domain name ownership efficiently.

The typical Internet user makes hundreds of DNS queries every day without having to memorize a single number. DNS is the unsung hero of the Internet, running quietly behind the scenes.