DNS outage (DNS downtime) – what does it mean? 

The DNS outage (a.k.a. DNS downtime or DNS failure) is a period of time when the domain name can’t be resolved to its IP address. The clients will send a DNS query for a domain name, but the DNS recursive will either answer with the old IP address from its cache, which will not respond, or it will try to query the DNS authoritative name server of the domain name won’t get an answer. 

What causes DNS outages? 

DDoS attacks

DDoS or a denial of service attack, is a type of cyber-attack that involves multiple devices that work together, targeting a victim’s computer, with a large amount of traffic intending to make it unable to answer any more queries. To prevent any problems that a DDoS attack can cause, you will need a load balancing that can share the traffic between your servers, even if it is very strong. And also, you will need DDoS-protected servers. 

Maintainance of the authoritative name server

If you are using only one authoritative name server, whatever happens to it, can affect your DNS. If it needs updates and reboot, the time that it takes, the server won’t be able to respond to DNS queries. Updates and maintenance are needed, so you better have a Secondary DNS that can answer the queries meanwhile. 

A problem in the data center, where the authoritative name server is

The cloud equipment does not magically hover over the Earth. Instead, it resides in multiple data centers. These places can have problems like long-lasting electricity outages, natural disasters affecting the area, fire, or other problems. If you are using a cloud service, these issues are out of your hands, but you can use multiple servers in multiple data centers. If one is down, still, there will be more to answer the queries. 

Bad configuration

Errors in DNS configuration can cause DNS downtime. It can be a human mistake, like badly addressing caused by misspelling the IP address or domain name, script error, wrong firewall configuration, etc. 

If it is a misspelled problem, you can try to query the domain name and the IP address to see which does respond and which does not. 

If it is the firewall, you can check the ports if they were allowed. 

DNS propagation delay

When you add or remove DNS records (like A or AAAA records), the changes are not always instant. You are editing the zone file inside the Primary DNS server, and you can propagate to your Secondary DNS servers, but there are many DNS recursive servers that you don’t control. They can keep your old IP address and provide it to clients, even after you published a new one. 

What you can do about the DNS propagation is to push the zone transfer to your Secondary servers and to keep lower TTL values for your DNS records. 

It is not technically a DNS outage because it will affect only those with the older cached IP address of the domain name, but it was worth mentioning it.

How to avoid DNS downtime (outage)

The best way to avoid DNS outages is to have a robust DNS network that provides redundancy and can withstand strong traffic. The more servers you have, the better you are going to be prepared. Additional features might also facilitate the DNS administration and automate the process of handling problems. 

Use Secondary DNS services

A secondary DNS service provides you with the opportunity to use multiple Secondary DNS servers, which can be set as Secondary authoritative nameservers. They will have a copy of the zone file with the DNS records. They can answer queries for your domain, just like the Primary one. The big advantage is that they will keep answering even if the Primary is experience downtime. Having Secondary DNS is your DNS backup solution. 

You can learn more about it in this article, “What is backup DNS?”, and you can try our Secondary DNS plans with a 30-day free trial. 

Use DNS load balancing

DNS load balancing is also another nifty way to lower the chance of DNS outages. It is a mechanism for administrating the DNS traffic between the DNS server, based on criteria like the number of active connections, specific algorithm, time of connection, etc. 

It will reduce the stress on a particular DNS server and spread it between the network. 

It can help in case of a DDoS attack but also in a natural spike in traffic caused by increased clients’ queries. It can help you during a promotional period when you are experiencing higher traffic.

Be prepared with DNS Failover

DNS Failover is a trigger that will activate in case of a nameserver’s failure. It can automatically redirect the traffic without any human interaction, based on the information it gets from DNS monitors like ICMP ping, UDP requests, HTTP checks, etc. It is an easy way to keep your clients’ happy and provide DNS resolution, even if some of your DNS servers are experiencing some problems. We offer DNS Failover service with all of our paid plans.

Also, we recommend you to check our Brand new Monitoring service!

How to diagnose DNS outages?

When facing a DNS outage, quick diagnosis is essential to restore functionality. Follow these steps to pinpoint the problem:

• Ping the Domain

Use ping to check if the domain resolves and the server responds.

ping example.com

If it doesn’t resolve, it’s likely a DNS issue.

• Test DNS Resolution with nslookup

Verify if DNS is working by querying your DNS server with nslookup.

nslookup example.com

If it returns an IP address, DNS is working for that domain. But if it fails, the DNS server may be down or misconfigured.

• Run dig for detailed queries

Use dig for detailed DNS resolution data, including specific DNS record types.

dig example.com

Add +trace to follow the query path through name servers and find where it fails.

• Test with Alternate DNS Servers

Query public DNS servers (like Google’s 8.8.8.8) to rule out provider-specific issues.

nslookup example.com 8.8.8.8

If the domain resolves with a different DNS server, it suggests the problem is with your original DNS provider.

• Check DNS Propagation Delays

If you’ve recently made DNS changes (such as updating A or MX records), delays in DNS propagation could be the culprit. Use online tools like ClouDNS Free DNS tool to check whether your DNS records have propagated across global DNS servers.

• Check for DDoS attacks or high traffic loads

DNS outages can be caused by Distributed Denial of Service (DDoS) attacks or heavy traffic loads. Tools like TCPdump can help capture and analyze DNS traffic to detect abnormal patterns, such as a flood of queries or unusual IP activity.

Example:

sudo tcpdump -i eth0 port 53

This command captures DNS traffic, allowing you to inspect for signs of an attack. For real-time detection, combine TCPdump with network monitoring tools and DDoS mitigation services.

Troubleshooting 

What can you do when your domain is not reachable? 

As DNS administrator of the domain name, you can: 

• Suppose you have recently finished a DNS delegation. You might need to way up to 24 hours, so the changes are well propagated. 
• Check if you have paid for your domain name. If you have forgotten to pay your domain name, it won’t answer queries anymore when it expires. Set reminders for domain renovation and don’t miss the time. 
• Use the ping command to ping the DNS server from different locations to see if it is responding to any DNS requests. It is possible that you haven’t set up your nameservers correctly, and they are working but not answering queries for the domain name. 
• Try to reach the DNS server by using its IP address. If you can reach it, there might be a badly configured A or AAAA record that does not link well the domain name and its IP address. 
• Check your DNS monitor and see how the traffic is going. If you can’t see the monitor’s log, check if there were any unusual activities before the server stopped working. For example, it could have been a DDoS attack. If it is still happening, you can redirect the traffic and stop it. 

As a client who can’t reach a site: 

• You can have problems with the DNS cache of your device. You can flush the DNS of your device and your browser. This action will remove the previous DNS records that you have, and your device will search again for the A or AAAA record of the site you want to visit. If you had an older IP address, this could fix it. 
• Maybe your router is the problem. The router has a recursive DNS server that may need to be restarted. Pull its plug, then wait around a minute and connect it again. It should reboot and start working well again. 

Monitor your DNS server

Monitor your DNS for any strange pattern in traffic. There are different automatic monitors that you can set to see the traffic behavior. If something strange happens, you can see in almost real-time any changes and use the information to take action. 

You can monitor the DNS from different locations. That way, you can see if the problem is very local, is it regional, continental, or global. It will be easy to spot the problem.
DNS monitoring works best in combination with DNS Failover. You can set the monitor with the parameters that you prefer, and it will notify you and show you the data. But when you also have DNS Failover, you can connect this data and trigger automatic even in case of a down server. It can deactivate DNS records and replace them with working. It can also react in case the server gets up and add it to the list again. 

ClouDNS offers DNS Failover service for all of its paid customers. You can set it up and activate it for your domain fast and easily.

What are the consequences of a DNS outage?

If a DNS outage occurs, it could have a negative impact on your entire organization and community of customers. When DNS (Domain Name System) is down, websites, applications, and online services related to the domain name, such as emails, won’t function correctly. Unfortunately, that has the potential to damage operations, revenue, and brand reputation. In addition, you should act fast and quickly get it up and running again to regain all the temporarily lost functionality.

Yet, let’s assume the functionality of the DNS operations was seriously interrupted for a prolonged period of time. In that case, a DNS outage can potentially cause devastating consequences to the companies with an online presence. Here are some of the most common effects during this time: 

• Miss potential visitors
• Lose potential sales
• Have issues with services like email, FTP, VoIP, etc.
• Productivity losses
• Damage to reputation
• Impact on customers and strategic partners
• Diminished competitive advantage

It is crucial to implement all precautionary measures to avoid DNS outage’s negative influence on your business.

The biggest DNS outages in the history

• 2016 Dyn DNS Interruption: A significant disturbance shook the internet when Dyn, a leading DNS service provider, fell victim to an attack. Websites with heavy traffic, such as Twitter, Spotify, and Reddit, experienced outages. This event underscored the vulnerabilities tied to unsecured IoT devices.
• 2019 Cloudflare Outage: A misconfigured web application firewall rule caused a major disruption in Cloudflare’s services, impacting millions of websites.
• 2019 Google Cloud Outage: In June 2019, Google Cloud Platform experienced a significant outage that affected multiple services, including Gmail, YouTube, and Google Cloud Storage. A configuration change intended for a small number of servers in a single region was mistakenly applied to a larger number of servers across several neighboring regions.
• 2020 AWS Outage: In November 2020, Amazon Web Services (AWS) faced a significant outage that affected several services reliant on AWS’s infrastructure. This incident disrupted many online services and platforms, highlighting the vulnerabilities in centralized cloud infrastructures.
• 2021 Fastly Global Outage: In June 2021, a major global internet outage occurred, affecting numerous high-traffic websites including Reddit, Twitch, and even the UK government’s official website. This was traced back to a software bug in the Fastly CDN network, a critical infrastructure provider for many internet services.
• 2022 Microsoft Azure DNS Outage: In mid-2022, Microsoft’s cloud service, Azure, experienced a DNS outage. It impacted a wide range of services, from basic operations in Azure to third-party applications relying on Azure’s infrastructure. The outage underscored the need for robust failover systems and redundancy in cloud services.

Conclusion

A huge DDoS attack can lead to a DNS outage even if you have excellent infrastructure. But applying all the measurements can lower the time and the frequency of the DNS outages. Be prepared and intelligently manage your DNS traffic to be able to provide excellent service for your clients. Keep your business up!

The post What is a DNS outage (DNS downtime), and how to avoid it? appeared first on ClouDNS Blog.

But first, let’s explain a little bit more about what DNS records actually are.

DNS records briefly explained

DNS records are simple text-based instructions for a specific domain name. Their main purpose is to set precise rules for the domain. Additionally, they are created and gathered in a zone file in the DNS zone. All that information is stored on the Authoritative DNS server for the particular domain name. As we mentioned, DNS records are completely made of text. Therefore, they are pretty light. That allows DNS administrators to edit and adjust them easily. 

Every DNS record type has a different function, so each of them is important for the proper management of the domain name. Moreover, when a user makes a request, the Recursive DNS servers search for a precise DNS record type. 

For the rest of this article, we are going to present to you some of the most important and interesting DNS record types. 

Common DNS record types

There are several types of DNS records, each serving a different purpose. Let’s take a look at some of the most common ones:

SOA Record

SOA (Start of Authority) shows the start of the authority DNS zone and specifies the global parameters of the zone. Every zone must have one, and you can’t add two per zone. It has the following parameters: Serial number, Primary Nameserver, DNS admin’s email, Refresh Rate, Retry Rate, Expire Time and TTL.

A and AAAA Records

These DNS record types are perhaps the most popular and also most important. The A record and the AAAA record are both responsible for mapping a domain name to its corresponding IP address. This is what enables users to access your website via its domain name. The difference is that A record points to an IPv4 and the AAAA record to IPv6.

MX Record

The MX record, commonly also known as mail exchange record, is used to specify the email server responsible for accepting incoming email messages for a domain name. This DNS record type is crucial for ensuring that your email gets delivered to the correct mail server. Basically, it says which server should receive the incoming emails. If it is not directed well, you won’t receive emails.

CNAME Record

CNAME record is another very popular DNS record type where the short acronym “CNAME” stands for Canonical Name. It allows you to point one hostname to another, not to an IP address like the A and AAAA records. You can use it when you want to create an alias for a domain name. It serves just for subdomains. It is important to note that you can add only one CNAME record per hostname.

TXT Record

The TXT record allows you to add and store text-based information about a domain name. There are all kinds of TXT records and some of them people can easily understand, and others are specifically for machines to read. For example, DKIM (DomainKeys Identified Mail) record is a TXT record that associates a domain name with a specific email message. There is also DMARC (Domain-based Message Authentication, Reporting, and Conformance) record that identifies and blocks spam and phishing emails by verifying the emails.

SPF Record

Creating an SPF (Sender Policy Framework) record shows who is authorized to send emails with a particular domain. Without it, all the emails you send will go directly to the spam folder of the recipients. It is helpful for preventing email spoofing and phishing attacks.

NS Record

The short acronym “NS” stands for Nameservers, and this NS record points the domain name to its authoritative DNS servers responsible for the DNS zone. The NS record is essential for ensuring that your domain name is properly registered and configured.

SRV Record

SRV records are responsible for defining the locations of servers for specified services, such as voice-over IP (VoIP), instant messaging, and others.

Web Redirect (WR) Record

The Web Redirect record does precisely what it says. It redirects from one address to another. There are a few types: 301 redirect which is a permanent redirect, and 302 redirect, which is temporary, if the address has been moved but not permanently. You can do such a redirection with SSL too.

ALIAS Record

ALIAS record is a very similar to the CNAME record. It allows you to add various hostnames for the same subdomain. You can use it for the root domain as well. This type of record is built into the ClouDNS.

RP Record

The RP record, or Responsible person record, shows who is responsible for the domain name and specifies its email address.

SSHFP Record

Secure Shell Fingerprint record is used for Secure Shell (SSH). The SSHFP record is typically used with DNSSEC enabled domains. When an SSH client connects to a server, he or she checks the corresponding SSHFP record. If there is a match, the server is legit, and it is safe to connect to it.

PTR Record

The PTR record, also commonly known as the Pointer record, points an IP address (IPv4 or IPv6) to a domain name. It is the exact opposite of the A and AAAA records, which match the hostnames to IP addresses. PTR records are used for Reverse DNS.

NAPTR Record

IP telephony uses Naming Authority Pointer records, or for short NAPTR records,  for mapping the servers and the users’ addresses in the Session Initiation Protocol (SIP).

CAA record

Certification Authority Authorization (CAA record) record gives the ability to the DNS domain name holder to issue certificates for his/her domain. The record can set policies for the whole domain or for specific hostnames.

Wildcard DNS Record

The Wildcard DNS record will match requests for non-existing domain names. It is specified with a “*” for example *.cloudns.net

For more information, examples, and video tutorials check the following DNS record wiki page.

How many DNS record types are there?

The Domain Name System (DNS) offers an extensive collection of DNS record types, each tailored to specific functions within the internet’s architecture. Currently, there are over 60 standardized DNS record types, which highlights the system’s complexity and adaptability to various networking needs.

Among these record types are the fundamental A and AAAA records, which respectively map domain names to IPv4 and IPv6 addresses, enabling the routing of internet traffic. MX records handle mail server information, directing emails to the appropriate destination, while CNAME records help aliasing one domain name to another.

Beyond these basics, there is a large number of specialized DNS record types designed to cater to specific requirements. TXT records store text data, serving purposes like domain verification and SPF (Sender Policy Framework) for email authentication. PTR records enable reverse DNS lookups, aiding in network diagnostics and security measures.

Moreover, DNSSEC (Domain Name System Security Extensions) has introduced additional record types which strengthen DNS security. These include DNSKEY records for cryptographic keys and RRSIG records for digital signatures, ensuring the authenticity and integrity of DNS data.

As technology advances, new record types may emerge to address challenges and requirements in internet communication and security. Despite this evolution, the core DNS record types remain vital components of the internet’s infrastructure, supporting its functionality and reliability.

Conclusion

Knowing more DNS records and how to use them will give you an advantage in your DNS usage. You can manage better, and you can get better results.
If you can’t figure out how to use some of the records on your own, you can always contact our Live chat Support who would be happy to help you.

Check our DNS Plans

The post Types of DNS records – What are they and what is their purpose? appeared first on ClouDNS Blog.

The Domain Name System (DNS) is often compared to a phonebook, and there are a lot of similarities. It is another type of database. DNS is a global system that we all use on a daily basis when we want to access any website. It contains and distributes information about domain names and their corresponding IP addresses. This way, when we type a simple domain name, our browsers or application will use the DNS to search for its IP address and connect us. The DNS is divided into domains from different levels, and it is managed through DNS zones that are decentralized. An administrator of a higher level can delegate a zone to another under it. For example, when you get a domain name (secondary-level domain like yoursite.com), the higher level .com (TLD) can delegate you the right to manage the zone yoursite.com. You can further delegate responsibility for all subdomains like mail.yoursite.com, ftp.yoursite.com, etc. To manage domain names, you add DNS records, which are a set of instructions related to your domains, hosts, services, and more.

Domain Name System explained

List of DNS terms

Here you have the most important DNS terms that you will need to manage your domain name. First, you can learn the basics of DNS, and later you can expand your knowledge with larger articles that go into greater details on topics like DNS records, DNS features, and processes. 

Domain Name

It’s an identifier of a host, a text line, that servers for mapping to an IP address (a line of numbers like: 46.166.142.62) for easy access to a website. By now, you have typed a lot of different domain names in the URL bar of your browser to reach different websites. Example: cloudns.net

Machines have always searched websites through their IP address. Numbers are the best way for machines to understand each other. But numbers are hard to be remembered by humans. That’s why domain names were created. To have a friendly choice for humans to reach the websites they look for.

IP Address

An Internet Protocol address is another host identifier that is created of a line of numbers divided into groups by periods. Example: 46.166.142.62. IP addresses are needed so devices can connect to networks and communicate using the Internet Protocol (IP).

The set of numbers on every public IP address is mathematically generated and allocated by the Internet Assigned Numbers Authority (IANA). An entity of the Internet Corporation for Assigned Names and Numbers (ICANN).

Basically, IP addresses allow the identification, location, and communication of hosts on a network. Every device uses a unique IP address. This way, the Internet and networks, in general, can distinguish all the websites, routers, connected computers.

Many IPv4 addresses are still in use, but the latest standard IPv6 is growing in popularity.

TLD (Top-level Domain)

Domain names have a hierarchy structure. The top-level domain is one of its parts, and it’s located, reading from right to left, just after the final dot for the root and before the secondary-level domain name. Examples: .com, .gov, .uk, .ru, etc.

Initially, TLDs were created to organize domain names by their purpose, geographical location, field, operation radius. By only reading this part of a domain name, users could also know if a website they visited belonged to a commercial, government, non-profit organization, operating regionally, locally, internationally, and so on.

In the beginning, this use was more strict. In 2010, the Internet Corporation for Assigned Names and Numbers (ICANN) accepted the creation of new, generic, trademark TLDs. Now, TLDs are chosen to obey Marketing objectives too.

FQDN (Fully Qualified Domain Name)

It’s the most complete domain name that hosts can have. It points to the exact location of a domain name in the domain name system (DNS) tree hierarchy. This is expressed through the three parts that shape every domain name: hostname, second-level domain name, and top-level domain name (TLD). Following this structure, here you have an example: www.cloudns.net.

Anycast DNS

Anycast DNS is a traffic routing method where the same IP address is used for multiple nameservers located in different locations. Usually, there are many locations (points of presence) – at least 20 for a well-sized DNS provider. Having a large number of servers makes Anycast DNS resistant to DNS attacks and provides redundancy in general. 

When a client request a domain, the router will direct its request to the nearest nameserver. This will reduce the latency and offer a better experience for the clients.

Dynamic DNS

Dynamic DNS, also known as DDNS, is an automatic method of updating nameservers. The most common use case is to update IP addresses that are contained in A records (IPv4) or AAAA records (IPv6) when a change has occurred. It is particularly useful for CCTV cameras or remote services because with Dynamic DNS, you don’t need to pay for static IP addresses. The IP addresses will change over time, but they will be updated, and you won’t experience problems. After the initial setup process, you don’t need to interact with the settings, and it will continue to function.

DNSSEC

DNSSEC is a security extension that has the goal to protect DNS communication and stop DNS spoofing. It encrypts the DNS communication with a combination of private and public keys. One that the zone administrator uses to sign it and the other for authentication of the origin of the data. What makes it a good protective mechanism is that it is a complete chain of trust. Starting from the root zone down to the TLD zone, the domain zone, and subdomains, each zone above will have the key for the next one. It adds security to the fast DNS process without a significant slowdown.

DNS Server (types)

There are different DNS servers, and each has specific functionality.

Root server. It belongs to the highest level of DNS servers. It’s the authoritative name server for a specific DNS root zone. It points to the TLD of the requested domain name.

TLD server. It’s responsible of specific TLDs (.com, .gov, .uk, .net, etc.). It will point to the exact, authoritative name server that can provide the IP address for the requested domain name.

Recursive DNS server. The server takes the user’s DNS request and looks for the IP address or other information needed for the requested domain name. It will communicate with all the other DNS servers in the hierarchy for getting this information.

Authoritative DNS server. It contains all the DNS records for the zone it’s in charge of. It answers the requests that recursive DNS servers have by providing the corresponding A or AAAA record and the IP address of the requested domain or another DNS record.

Primary authoritative DNS servers. They answer DNS requests, and they store the original zone file. Therefore, DNS records’ modifications can only be made on these servers. 

Secondary authoritative DNS servers. They also respond to DNS requests, but what they store is a copy of the zone file. This copy is not editable at all, only readable. 

DNS Zone

The DNS system has a structure that looks like an inverted tree. It is divided into domain names on different levels. The highest level is the root, after many TLDs, secondary-level domains, and later multiple levels of subdomains. To administrate those domain names, there are DNS zones on each level. The DNS zones are partitions of the Domain Name Space that contain DNS zone files with DNS records for managing. A DNS zone administrator can add or remove DNS records inside the Primary DNS zone.

DNS records

DNS records are simple files that contain text with instructions related to the domain name they belong to. They can link domain names to IP addresses, add instructions for email servers, point to specific services, and much more. The DNS records are hosted inside a host file in a DNS zone. The zone is located inside an authoritative nameserver.

There are many types of DNS records, but the most popular ones are:

A record – Links a domain name to an IP address. 

CNAME record – Forwards subdomains to the domain name.

MX record – Indicates the email servers that should receive emails for the domain name.

TXT record – Multiple verifications and authentication purposes.

NS record – Shows the nameservers for the domain name.

SOA record – Start of authority.

SRV record – Links services to port numbers.

PTR record – The Pointer record links an IP address to a domain name.

The Importance of DNS Terminology

Understanding DNS terminology is crucial for various reasons, including the following:

• Efficient Troubleshooting: Solid knowledge of DNS terms allows IT professionals to diagnose and resolve technical issues more efficiently. Identifying the root cause of problems, such as domain resolution failures or misconfigured DNS records, becomes significantly easier and faster.
• Enhanced Security: Cybersecurity is a top priority nowadays. Therefore, it is best for professionals to understand DNS terminology in order to detect and respond to potential threats. Understanding terms like DNSSEC, DNS spoofing, cache poisoning, and DDoS attacks helps strengthen the security of networks and web services.
• Performance Optimization: Website owners and developers can benefit from understanding DNS terminology to optimize the performance of their online presence. Fine-tuning DNS settings, minimizing TTL values, and ensuring proper DNS record configurations contribute to faster and more reliable website performance.
• Effective Communication: Clear communication within IT teams, especially between developers, network administrators, and support teams, is crucial, especially when they need to communicate complex technical issues. A common understanding of DNS terms allows effective communication and collaboration within teams.
• Domain Management: Individuals and organizations involved in registering and managing domains must be familiar with DNS terminology to make informed decisions. Knowledge of terms like TLDs, registrars, and DNS hosting providers empowers domain owners to navigate the complexities of the domain ecosystem.

Conclusion

This list of basic DNS terms you should know is a good start for exploring the DNS. If you want to learn even more, follow our blog, in which we regularly post new extended articles. Also, don’t miss our Wiki page and YouTube channel.

The post Basic DNS terms you should know (List + Infographic) appeared first on ClouDNS Blog.