DNS, Nameservers and Caching
Posted 03rd October, 2018
DNS (Domain Name Service) is a fundamental building block of the internet. It links the domain names we all know to IP addresses, the physical addresses of computers connected to the internet.
Contents:
DNS Records
DNS links domain names to IP addresses. Domain names are used like an address, to provide an easy way to get those IP addresses without having to remember them. So for example when you visit fixed.net, your computer actually works out from the DNS the IP address where fixed.net points, and goes to that IP address.
Record Types
A Records
This pointing of a domain to an IP address is called an A record. Fixed.net may have more than one destination. For instance my.fixed.net is our client area and runs from a different web server and therefore has a different IP address. Api.fixed.net is our api interface, and again runs from a separate IP address. All of these are controlled in DNS.
Hostname | Record Type | Destination |
---|---|---|
api.fixed.net | A | 12.2.3.23 |
my.fixed.net | A | 42.2.1.22 |
fixed.net | A | 9.2.1.121 |
Similarly, www.fixed.net points to the same destination as fixed.net. We could achieve this by also having an ‘A record’ for www. Pointing to the same location as fixed.net.
Hostname | Record Type | Destination |
---|---|---|
fixed.net | A | 9.2.1.121 |
www.fixed.net | A | 9.2.1.121 |
A records are the most widely used DNS records.
CNAME Records
CNAME records point to another fully qualified domain name (FQDN). For instance, if we wanted www.fixed.net to point to the same place as fixed.net, we could just set up a CNAME to point to fixed.net.
Hostname | Record Type | Destination |
---|---|---|
fixed.net | A | 9.2.1.121 |
www.fixed.net | CNAME | 9.2.1.121 |
CNAME records are very useful when they point to a third party whose IP address (A record) may change. For instance if I wanted to point blog.mydomain.com to url.somebloggingsoftware.com which frequently changed IP address, then a CNAME would allow the blogging software company to change the system IP address as often as they wanted, without me needing to change my IP address.
Hostname | Record Type | Destination |
---|---|---|
fixed.net | A | 9.2.1.121 |
blog.fixed.net | CNAME | destination.mybloggingsoftware.com |
CNAME records cannot be used for root domain records (for example mydomain.com), and only for subdomains of it.
Frequent uses of CNAME records include:
- Setting up a subdomain for CampaignMonitor
- Verifying your domain for Google Analytics
- Configuring the www. Portion of your domain to point to the non-www destination
MX Records
MX records are email records, which define where a sender sends an email. Similiar to CNAMEs, they must be fully qualified domain names (FQDNs).
Email records also have a priority, which are the order in which they will be used. If the first MX record fails to work, then the next lowest priority will be used. This is why Google’s default MX records look as follows:
Hostname | Record Type | Priority | Destination |
---|---|---|---|
fixed.net | MX | 1 | ASPMX.L.GOOGLE.COM |
fixed.net | MX | 5 | ALT1.ASPMX.L.GOOGLE.COM |
fixed.net | MX | 5 | ALT2.ASPMX.L.GOOGLE.COM |
fixed.net | MX | 10 | ALT3.ASPMX.L.GOOGLE.COM |
fixed.net | MX | 10 | ALT4.ASPMX.L.GOOGLE.COM |
TXT Records
TXT (pronounced text) records, are simply textual records in the DNS zone. They can be used to provide verification information, or just some other information on a domain.
SPF Records
An SPF record is a form of TXT record which says who can and cannot email for your domain. This helps combat spam, as if a recipient receives an email from a sender, it can check if the email came from an allowed source.
Read more about SPF records here.
Looking up DNS records
There are numerous sites you can use to lookup DNS records. If you are using an Apple computer, you can load terminal, and type:
dig A fixed.net
This returns these A records:
Domain | TTL | Record Type | Value |
---|---|---|---|
fixed.net. | 300 | A | 104.27.185.99 |
fixed.net. | 300 | A | 104.27.184.99 |
Alternatively you can check DNS records on various public websites:
Remember if you wanted to check the A record for www.fixed.net you would have to search for the full www.fixed.net
rather than just fixed.net
.
Nameservers / DNS Servers
These DNS records are not stored in the ether, but on servers we call nameservers. These might hold records for thousands, or millions, of domains. Nameservers are essentially databases of DNS records.
Every domain name has at least two nameservers, which are ideally disparately located. If a nameserver went offline, there is otherwise a risk that all services on a domain (website, email, subdomains etc) would all go offline too!
The nameservers for a domain are stored with the registry. That means when a browser wants to find out the IP address of a site, it first queries the registry for the nameservers, then queries the nameservers for the DNS record it requires.
Nameservers can be found out by performing a whois lookup.
Propagation and Caching
It would be extremely inefficient for your computer to do these lookups on every page load. There might be ten or more ‘hops’ in between one computer and another. For this reason, each computer will cache a record and periodically refresh it.
That is why when you change a DNS record, it can take some time for the caching to update. There is no set time for caching to update - it can be minutes, or it can take days. There is also no way to speed up the caching process once it has started.
Propagation refers to the time it takes for all the nameservers to be updated with the new record. This usually takes a few seconds.
TTL
TTL stands for ‘Time to Live’, and is another entry you will see on a DNS record. This is the number of seconds which a computer should cache your DNS record before re-checking. A suitable range would be between 300 seconds (5 minutes) and 86400 seconds (1 day). If your TTL is outside of this scope, it will likely be ignored. You can see the TTL of a record by doing a DNS lookup.
Delegation from the root
The final piece of the puzzle is how a computer knows which registry to use, in order to look up nameservers. Every device has the root nameservers hard coded into it; these are servers spread around the world which have records of each TLD and their default servers which can be queried for individual domain nameservers. Even your phone has these default root servers hardcoded.
Custom Nameservers
Custom nameservers are custom records where you could have the nameservers ns1.yourdomain.com and ns2.yourdomain.com rather than using ns1/ns2.yourwebhost.com. These can be setup as follows:
- Set up A records for ns1/ns2.yourdomain to point to the nameservers
- Add glue records with your domain registrar. This means that the registry will provide them to anyone looking up the domain.
Read more about custom nameservers.
Common Issues
Here is an exhaustive list of common issues that occur
DNS changes not showing
First of all ensure that the DNS changes have been made on the correct nameservers - the nameservers might not be pointing to the right place. Second, ensure that the DNS records are set correctly and that you don’t for instance have a CNAME record set as a root. You can query specific nameservers for records using a dig @ command. Third, this may just be caching.
Nameservers not responding
Do the nameservers resolve themselves? That domain could have expired. Or the domain might actually be offline due to verification issues.
DNS records set but not working
This could be down to:
- caching or propagation
- the DNS records being set on nameservers which are not live for the domain
- the domain being offline (expired, or failed client verification)
- an error with the nameservers not syncing