An introduction to DNS

The Domain Name System (DNS) is best known as the way domain names are converted into IP addresses that clients connect to, but there are many other uses for DNS. Read on to learn more.

Information about resources in a domain are stored as Resource Records inside a DNS zone. There are many different types of Resource Records.

Type Description
A IPv4 addresses
AAAA IPv6 addresses
CNAME Configures a domain or subdomain as an alias for another domain or subdomain
MX Specifies incoming mail servers for the domain or subdomain
NS Specifies the secondary nameservers to be used for the zone or subdomain
PTR Pointer record that specifies the reverse DNS hostname of an IP address

Statement of Authority – contains multiple values separated by commas

  1. MNAME: The zone’s primary nameserver
  2. RNAME: The administrator’s email address, with the @ replaced with a period
  3. SERIAL: The zone’s Serial Number (this is used as a revision number)
  4. REFRESH: The length of time in seconds secondary servers should wait before asking primary servers for the SOA record to see if it has been updated
  5. RETRY: The length of time in seconds a server should wait for asking an unresponsive primary nameserver for an update again
  6. EXPIRE:  If a secondary server does not get a response from the primary server for this amount of time in seconds) it should stop responding to queries for the zone
  7. TTL: The default Time to Live (TTL) for Resource Records – i.e. the length of time in seconds an individual resource record should be cached; each resource record can also have its own separate TTL value that overrides this default value

A service record that specifies a hostname and port for a particular service – frequently used for chat VoIP services,

The format is: TTL class type of record priority weight port target.

A XMPP chat service on would need a SRV record like 86400 IN SRV 10 5 5223

For more information on SRV resource records, see this documentation at Cloudflare.

TXT Arbitrary text strings. Used by standards like SPF, DKIM, and DMARC to publish information about a domain for email authentication. Also used by various services to validate domain ownership.

 DNS zones are hosted in nameservers specified by the domain owner. The nameservers may be hosted by the domain registrar, owner, or a third-party service. Administrators/owners of a domain can delegate a control of a subdomain to another nameserver using NS records, allowing someone else to manage records for that subdomain and anything below as a separate DNS zone. For example, the root zone of is com.

The resource records for a given domain can be found by using a DNS query tool like dig to query for each of the various record types.

dig SOA
dig NS
dig A
dig AAAA
dig MX
dig TXT
dig SRV

You can also query subdomains, but you must know the name of the subdomain (or use a passive DNS service to learn about historical queries for a domain). www is a commonly-used subdomain, so that is a good one to try.

dig SOA
dig NS
dig A
dig AAAA
dig MX
dig TXT
dig SRV

Here are the resource records for and

rrname rrtype rdata A NS SOA 2021022340 7200 3600 1209600 3600 MX 0 . TXT “v=spf1 -all”
“8j5nfqld20zpcyr8xjw0ydcfq9rk8hgm” AAAA 2606:2800:220:1:248:1893:25c8:1946 A TXT “v=spf1 -all” AAAA 2606:2800:220:1:248:1893:25c8:1946

Based on these results, we know the following about the DNS zone for

  • The zone’s primary nameserver is
  • The zone administrator’s email address is [email protected]
  • The zone’s serial number is 2021022340
  • The REFRESH threshold is 7200 seconds (120 minutes)
  • The RETRY threshold is 3600 seconds (one hour)
  • The EXPIRES threshold is 1209600 seconds (14 days)
  • The default TTL is 3600 seconds (one hour)
  • Connections to will be routed to the IPv4 address and the IPv6 address is 2606:2800:220:1:248:1893:25c8:1946
  • points to the same IPv4 and IPv6 addresses
  • An empty MX record value is set, which explicitly indicates that the domain does not accept incoming email
  • The “v=spf1 -all” TXT records are SPF records that inform mail servers that and are not used in outgoing emails
  • The purpose of TXT record “8j5nfqld20zpcyr8xjw0ydcfq9rk8hgm” is unknown

If the administrator of wanted to allow a contractor to control the records of and below, the administrator would add a NS resource record named, and set the value/rdata to the nameservers of the contractor.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.