The Domain Name System (DNS) is best known as the way domain names are converted into IP addresses that clients connect to, but there are many other uses for DNS. Read on to learn more.
Information about resources in a domain are stored as Resource Records inside a DNS zone. There are many different types of Resource Records.
|CNAME||Configures a domain or subdomain as an alias for another domain or subdomain|
|MX||Specifies incoming mail servers for the domain or subdomain|
|NS||Specifies the secondary nameservers to be used for the zone or subdomain|
|PTR||Pointer record that specifies the reverse DNS hostname of an IP address|
Statement of Authority – contains multiple values separated by commas
A service record that specifies a hostname and port for a particular service – frequently used for chat VoIP services,
_service._proto.name. TTL class type of record priority weight port target.
A XMPP chat service on server.example.com would need a SRV record like
_xmpp._tcp.example.com. 86400 IN SRV 10 5 5223 server.example.com.
For more information on SRV resource records, see this documentation at Cloudflare.
|TXT||Arbitrary text strings. Used by standards like SPF, DKIM, and DMARC to publish information about a domain for email authentication. Also used by various services to validate domain ownership.|
DNS zones are hosted in nameservers specified by the domain owner. The nameservers may be hosted by the domain registrar, owner, or a third-party service. Administrators/owners of a domain can delegate a control of a subdomain to another nameserver using NS records, allowing someone else to manage records for that subdomain and anything below as a separate DNS zone. For example, the root zone of example.com is com.
The resource records for a given domain can be found by using a DNS query tool like dig to query for each of the various record types.
dig SOA example.com dig NS example.com dig A example.com dig AAAA example.com dig MX example.com dig TXT example.com dig SRV example.com
You can also query subdomains, but you must know the name of the subdomain (or use a passive DNS service to learn about historical queries for a domain). www is a commonly-used subdomain, so that is a good one to try.
dig SOA www.example.com dig NS www.example.com dig A www.example.com dig AAAA www.example.com dig MX www.example.com dig TXT www.example.com dig SRV www.example.com
Here are the resource records for example.com and www.example.com:
|example.com.||SOA||ns.icann.org. noc.dns.icann.org. 2021022340 7200 3600 1209600 3600|
Based on these results, we know the following about the DNS zone for example.com:
- The zone’s primary nameserver is ns.icann.org
- The zone administrator’s email address is [email protected]
- The zone’s serial number is 2021022340
- The REFRESH threshold is 7200 seconds (120 minutes)
- The RETRY threshold is 3600 seconds (one hour)
- The EXPIRES threshold is 1209600 seconds (14 days)
- The default TTL is 3600 seconds (one hour)
- Connections to example.com will be routed to the IPv4 address 126.96.36.199 and the IPv6 address is 2606:2800:220:1:248:1893:25c8:1946
- www.example.com points to the same IPv4 and IPv6 addresses
- An empty MX record value is set, which explicitly indicates that the domain does not accept incoming email
- The “v=spf1 -all” TXT records are SPF records that inform mail servers that example.com and www.example.com are not used in outgoing emails
- The purpose of example.com TXT record “8j5nfqld20zpcyr8xjw0ydcfq9rk8hgm” is unknown
If the administrator of example.com wanted to allow a contractor to control the records of contractor.example.com and below, the administrator would add a NS resource record named contractor.example.com, and set the value/rdata to the nameservers of the contractor.