Understanding DNS

Before delving further into DNS plan types, let’s familiarize ourselves with what DNS really is.Each time you enter a web address into your browser, a DNS server translates that address into an IP address, guiding your request to the right web server. Simply put, the DNS is the phone book of the internet – converting human-readable domain names into machine-readable IP addresses.

Free DNS

Different companies offer such a Free DNS plan like us from ClouDNS. With this plan, you can manage your DNS. It has many of the features of a professional DNS plan. You can use up to 4 DNS servers and 1 DNS zone. You will have one mail forward. This plan is popular among people who need Dynamic DNS for their connected devices like CCTV cameras and other security measurements. It is used for personal blogs or parked domains.

Using this plan, the user can use all kinds of DNS records, including A, AAAA, MX, TXT and more. Something that is rarely found in such Free DNS plans is that we provide unlimited DNS queries. This can be a big plus.

It is a good plan for starters, who wants to learn using DNS. People who want to experiment and get how does the DNS work. It can be useful for small blog sites that still don’t get too much traffic. This kind of plans can’t offer the uptime of the Premium DNS plans so users of it, can experience occasional downtime and they are more vulnerable to DNS attacks.

Look how to add Free Zone in ClouDNS!

Premium DNS

Premium DNS plans have more of everything. They can use far more DNS servers and DNS zones. They can manage the traffic better. By using such a plan, you can see improvement in the loading speed, the security, better uptime and even better SEO.

DNS and SEO: How does DNS service affect SEO?

This kind of plans are for every website, that is more than just a personal blog with few monthly visitors. Every company that can’t afford to have downtime should choose a professional plan.

Premium DNS vs. Free DNS

When it comes to managing online data flow and protection, choosing the right type of Domain Name System (DNS) is crucial. Our comparison between Premium DNS and Free DNS will provide an understanding of the features, capabilities, and benefits that each service brings to your online activities.

• Better uptime – Our Premium DNS plans offer 60+ Anycast locations, up to 8 DNS name servers. You can also enjoy DDoS protection for maximum, SLA guaranteed, uptime. In case of a downtime, for each minute, we will extend your account with 10!

• More advanced features – Many more DNS zones and DNS records, unlimited queries, and many more mail forwards, DNSSEC, Reverse DNS zones, and more. Don’t forget DNS Failover and Monitoring checks.

• More DNS servers – Up to 8, depending on your plan. And up to 4 DDoS protected ones. They are strategically located around the world.

• Anycast DNS for better load balancing – Anycast is far superior technology in comparison with the older Unicast protocol. It manages queries a lot more efficiently. It provides the best route for each query to reduce latency.

• DDoS protection for extra security – DDoS attacks have been widespread for a while. They can completely cripple your network. ClouDNS offers 4 DDoS protected servers that can resist even heavy traffic.

• More DNS Zones – The free DNS plan that we offer has just 1 DNS zone that you can manage. The premium plans offer up to 400!

• Secondary DNS zones – You can use our Secondary DNS zones if you already have the master elsewhere. It is easy to set up, and it doesn’t take a long time. With Secondary DNS zones, you can improve the redundancy.

• More Mail Forwards – The free DNS plan has 1, but the premium plans have up to 1000.

• Real-time statistics – While the free plan provides statistics, it only on a daily, monthly, or yearly basis. If you want advanced real-time statistics that updates hourly check the premium plans.

How to Transition from a Free DNS Plan to Premium DNS with ClouDNS

Transitioning from a Free DNS plan to a Premium DNS plan on ClouDNS is a straightforward process that can significantly enhance your website’s performance, security, and reliability. Here’s how you can easily make the switch:

Step 1: Log into Your ClouDNS Account – Start by logging into your ClouDNS account. Use your existing credentials to access the dashboard where you manage your DNS settings.

Step 2: Locate the Upgrade Option – Once you’re logged in, look for the “Free” icon situated next to your email account at the top of the dashboard. This icon indicates your current Free DNS plan and provides a quick access point to upgrade.

Step 3: View Available DNS Hosting Plans – Clicking on the “Free” icon will bring up a list of all the DNS hosting plans that ClouDNS offers. This includes various Premium DNS plans tailored to different needs. Here, you can review the features and benefits of each plan to determine which one suits your requirements.

Step 4: Choose Your Plan Duration – After selecting the Premium DNS plan that fits your needs, you’ll be prompted to choose the duration of your subscription. ClouDNS offers multiple options, including 6 months, 1 year, or 2 years. Pick the period that best aligns with your budget and long-term plans.

Step 5: Complete the Purchase – Once you’ve selected your plan and duration, click on “Buy Now” to proceed to the checkout. You will need to fill out the required information to complete the payment process. ClouDNS supports various payment methods, making it convenient to finalize your purchase.

After completing the payment, your account will be upgraded to the Premium DNS plan. You can now take advantage of enhanced features such as better uptime, increased security, and improved DNS management tools.

Contextualizing your DNS needs: Factors to consider

Opting for either a free or Premium DNS service is not a decision to be taken lightly. While it’s tempting to choose the most economical option, it’s wise to weigh certain considerations to make an informed choice for your website’s long-term success:

1. Size and nature of your needs: Personal blogs and small websites usually don’t require the robust features of a Premium DNS, making a free DNS a reasonable choice. However, for larger websites or e-commerce platforms where downtimes mean lost revenue, Premium DNS services become indispensable for their reliability and stability.
2. Security concerns: Websites dealing with sensitive user data, especially eCommerce stores, need to prioritize their security features like DNSSEC, which often come with Premium DNS. 
3. Budget: Of course, budget plays a crucial role in your decision. Evaluate how much you are willing to invest in DNS services and if it aligns with your website’s requirements.
4. Traffic volume: If your website witnesses a significant volume of traffic, a Premium DNS with load balancing and faster routing can dramatically improve the user experience. 
5. Scalability: If you foresee quick expansion and growth for your website, investing in a Premium DNS service could provide the scalability you will eventually require.

Why does your choice of DNS matter?

Your choice of DNS acts as the vehicle driving the smooth operation of your website. It’s not just about translating a domain name to an IP address; it’s about ensuring your website can efficiently connect with users around the world.

• Speed: The performance speed of your DNS can significantly affect your website’s loading speed. In an era where waiting an extra second can lead to visitors abandoning your site, a faster DNS lookup can make a considerable difference.
• Uptime: Imagine owning a physical store but randomly closing several times a day – definitely not good for business, right? That’s essentially what website downtime is. A reliable DNS server ensures maximum uptime for your website, leading to consistent user experience and potentially higher revenue.
• Security: An insecure DNS can expose your website to cyber-attacks, leading not only to potential revenue loss through downtime but also damage to your brand reputation. A secure DNS can act as your frontline defense against cyber threats.

Conclusion

There are plenty of reasons to choose a Premium DNS over a Free DNS plan. Think about your needs, how much traffic are you expecting and how important is the uptime for your business. If you are not sure, you can start with a Free DNS or a cheap plan and slowly upgrade with the time. But if you know your business needs our sales team is here to meet your requirements. Just fill the form and our Sales representative will contact you as soon as possible.

The post Can we use free DNS? Free DNS vs. Premium appeared first on ClouDNS Blog.

It is a process of sharing DNS records, the whole zone file, or only the most recent DNS records. In order to explain it, let’s first see what a zone file is. 

DNS zone and DNS zone files

The DNS zones are a part of the DNS that can be administrated through an authoritative DNS server. The whole DNS is organized with a hierarchical structure – root level, TLD, domain name, subdomain, etc. There are different levels that can be managed independently. The purpose of the division is exactly to facilitate the administration of the DNS. DNS zones allow exactly this, to manage a partition of the domain namespace. The DNS administrator of a higher level needs to delegate a Master DNS zone to another administrator, so he or she can manage a lower level zone. The DNS zones have zone files that define them.

Zone files are simple text files with DNS records. A zone file will contain the whole information for a domain:

• SOA record, which indicates the start of authority.
• A records for IPv4 addresses.
• AAAA records for IPv6 addresses.
• CNAME records for canonical records that indicate the canonical domain.
• MX records for the receiving email servers for the domain. 
• TXT records for various verification methods
• SRV records for services. 
• PTR for a reverse DNS lookup.
• And more.

Premium DNS Service!

DNS zone file format

The DNS zone file format is described in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). This file contains a sequence of line-oriented entries. Each of them is a directive or a text description of a particular DNS resource record.

Directives serve as control entries, and their presence affects the entire zone file. They are presented with a dollar sign followed by the name. Here are some examples of directives:

• $ORIGIN – It shows a domain name that is used as the origin for any following subsets of domain names.
• $INCLUDE – It shows one or several file names to include too. Optionally, it can add other origin domain names.
• $TTL – It shows a number, which is the default TTL (Time-to live) value for the file itself.
• $GENERATE – It is a non-standard extension that is used to insert several resource records with a single entry.

Every resource record entry contains several fields. They could be ordered in two ways, and both of them are acceptable:

name – ttl – record class – record type – record data

name – record class – ttl – record type – record data

• Name – It shows the name of the precise individual record that the administrator created. This field also could be left blank.
• TTL – It shows the specific amount of time (in seconds) after which the record should be discarded, and a new DNS resolution process should be completed to obtain the new data. In other words, this value shows for how long the information should be kept inside the DNS cache. It is possible to be omitted. In this case, the resulting value is going to be established from the default TTL.
• Record class – This field shows the namespace of the record information. Most commonly, here, you will see the parameter IN, which represents the Internet namespace. It is possible to be omitted, so then the resulting value is going to be established from the previous record.
• Record type – This field shows an abbreviation of the kind of information held in the last field, record data. In other words, here is specified the precise type of DNS record, for example, A (hostname to IPv4 address), AAAA (hostname to IPv6 address), MX (receiving email server for the domain), SOA (start of authority), NS (shows the authoritative name server), TXT (text record), PTR (IP address to a hostname), etc.
• Record data – This field shows the information that the precise record has. It is possible to consist of one or several information elements, depending on the type of the DNS record. For instance, the A record shows the link between a hostname and an IPv4 address, requiring only an address. On the other hand, an MX record also requires a domain name and priority.

What is DNS Master Zone

The DNS Master Zone (also known as DNS Primary Zone) is the part of the namespace to which you have the control to add and remove DNS records, and that way, you can manage your domain name. Each host (part of the domain) that you can manage needs a DNS Master Zone so that you can administrate it, and also, you can have just one per host. 

It hosts your zone file, which is the text document that contains all the DNS records for your domain name/host. 

The DNS Master Zone permits read and write. It is located inside a Master authoritative nameserver. 

For better security, availability, and redundancy in general, you will need DNS Slave Zones (DNS Secondary Zones) inside Slave DNS servers (Secondary DNS). The Slave Zones are read-only copies of the original Master Zone. 

DNS Zone transfer

In DNS, you can copy data from the Master DNS zone to the Secondary DNS zones through a process called DNS Zone transfer. There are two types of zone transfer: 

• Full zone transfer (AXFR) – a complete zone transfer, where the Secondary DNS servers copy the whole zone file. 
• Partial zone transfer (IXFR) – In this case, the Secondary servers will check all the new changes that happened since their last update (deleted and added DNS records) and get only them. 

To function correctly, the system needs to keep been updated. That could happen in two ways:

• Push – The Master DNS server can propagate a zone transfer to the Secondary DNS servers. 
• Pull – The Secondary DNS server can check for changes inside the Master zone, and if they find any differences by comparing the SOA records, they can start a zone transfer. 

You can do it manually with the Dig command (if you have permission) or automatically if you have set it before. It is very important who can perform zone transfer and how. A good practice is to use the Whitelisting technique for your Secondary DNS servers. That way, only their IP addresses will be inside a whitelist, and only they can get access to the zone file and the new DNS changes. 

Allowing everybody to be able to perform zone transfer can be a huge risk. It can show to the person who is performing it, the whole zone file, and there can be DNS records that are only for internal use.

AXFR zone transfer (Full zone transfer)

AXFR zone transfers are the full DNS zone transfers of all DNS data. The Primary DNS server sends the whole zone file that contains all the DNS records to the Secondary DNS servers. This assures that the secondary DNS server is well synced. It will have all the latest changes that were made to the Master DNS zone. 

You will use full DNS zone transfer when: 

• You are adding new Secondary DNS servers. They will be empty, and that way, you can directly add all of the records at the same time. 
• You want to be sure that all of the Secondary DNS servers are up to date. If you have some DNS servers that, for some reason, were out of sync, this is an easy way to do it. 

People often prefer IXFR zone transfers over AXFR transfers because they don’t take so much bandwidth. Fewer data travels, and fewer resources are used.

IXFR zone transfer (Partial zone transfer)

IXFR zone transfer is just a partial zone transfer that involves transferring only the newest changes from the Master DNS server to the Secondary DNS servers. 

The incremental transfers IXFR are not complete transfers. They don’t copy the whole zone file.They are ideal when you have added or deleted just a few new A records, for example, and you don’t want to push a heavy AXFR transfer.

When we are talking about partial zone transfer, the SOA record plays a big part. The Secondary DNS servers will periodically check the SOA record of the Master DNS server, and if its number is higher, they will ask for the changes since they were last updated. The same record will also provide a refresh rate that will show how often the Secondary servers should check for changes and retry rate if the procedure fails. 

The Master DNS server also can directly tell the Secondary DNS servers that there were new changes with a notification called DNS NOTIFY. This can trigger an IXFR zone transfer. 

The advantage of the partial DNS zone transfer is that it uses far fewer resources because only the new changes will be updated.

Why Is DNS Zone Transfer Needed?

DNS Zone Transfer is needed to: 

• Set up newly added Secondary DNS servers. They need to get the DNS records from the Primary because they will be empty at first. 
• The zone file at each DNS server needs to be up to date. If the data inside a Secondary DNS server is too old, it won’t be valid anymore and will be deleted. This will leave the network with one less DNS server that could answer queries. 
• Old DNS data could stop services from working. If there were changes made in the Primary DNS server, but the changes were not propagated, the Secondary DNS server might have A records, leading to old IP addresses that are no longer in use. 
• Manually editing DNS records at each DNS server is time-consuming and could be an impossible task if there are many DNS records and many DNS servers. 

Transferring a DNS zone using Dig

You can perform a full DNS zone transfer using the popular Dig command. You can go ahead and try it with zonetransfer.me. and its nameserver. It is a website created for testing. Later you can try with yours. 

Follow these steps:

1. Open the Terminal application on your Linux computer. 
2. Type “dig zonetransfer.me -t ns”. In the answer section, you will see the nameservers for the domain name. We will use one of them for our next dig command, the @nsztm1.digi.ninja.
3. Now type “ dig axfr zonetransfer.me @nsztm1.digi.ninja.”. Wait a few seconds, and you will see all the DNS records – SOA, TXT, A, AAAA, MX, NS, etc.

Common reasons for a failed zone transfer

A DNS zone transfer can be a useful way to get information about different domains and networks, however, it is not a guarantee that the transfer will always be successful. Common reasons why a DNS zone transfer may fail include unsupported file formats, incorrect information in the DNS records, and an improperly configured firewall.

One of the most frequent reasons for a failed DNS zone transfer is unsupported file formats. DNSSEC is an emerging protocol that is not supported by all DNS servers and can therefore lead to a failed transfer. An incorrect entry in the DNS records, such as a missing domain name server, can also cause the transfer to fail. Other issues, such as an improperly configured firewall, can also be to blame. To ensure successful transfers, it is important to use supported file formats, double check DNS records regularly, and audit firewall settings to make sure they are not blocking certain types of traffic.

Troubleshooting zone transfer issues

• Verify Transfer Settings: Ensure that the zone transfer settings in both primary and Secondary DNS server configurations are correct.
• Confirm Server IP Addresses: Double-check that the IP addresses of the primary and secondary servers are accurately specified.
• Check Transfer Permissions: Make sure that the transfer permissions are properly set to allow the necessary data exchanges.
• Assess Network Connectivity: Verify that the network connection between the servers is stable and functioning.
• Inspect Firewall Settings: Ensure that port 53 is open for DNS traffic on any firewalls between the servers.
• Review DNS Server Logs: Analyze the DNS server logs for any error messages that could indicate the cause of the zone transfer issues.

Zone transfers and hackers’ attacks

Hackers can obtain the zone file by performing an AXFR request. You can prevent this if you allow just trusted DNS servers to perform AXFR queries. You can use Whitelisting to add the IP addresses of the allowed DNS servers that can perform DNS zone transfer. 

A good way to perform Secure zone transfers is to use DNS Transaction Signatures – TSIG. It is a way to secure the communication between two points using symmetric encryption (hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512). 

Inside the zone file, there are DNS records that can be for inside use only. You can imagine that this kind of information could be dangerous in the hands of a cyber-criminal.

Conclusion

DNS zone transfer is a vital process for the synchronization and consistency of DNS records between Primary and Secondary DNS servers. It involves copying DNS records through AXFR (Full Zone Transfer) for complete synchronization and IXFR (Incremental Zone Transfer) for updating only recent changes. Proper configuration of transfer settings, network connectivity, and security measures such as IP whitelisting and DNS Transaction Signatures (TSIG) are crucial to prevent unauthorized access and ensure reliable zone transfers. By maintaining up-to-date and accurate DNS records across servers, zone transfers play a key role in the stability, efficiency, and security of the DNS infrastructure.

The post DNS zone transfer and zone file (Updated) appeared first on ClouDNS Blog.

But first, let’s explain a little bit more about what DNS records actually are.

DNS records briefly explained

DNS records are simple text-based instructions for a specific domain name. Their main purpose is to set precise rules for the domain. Additionally, they are created and gathered in a zone file in the DNS zone. All that information is stored on the Authoritative DNS server for the particular domain name. As we mentioned, DNS records are completely made of text. Therefore, they are pretty light. That allows DNS administrators to edit and adjust them easily. 

Every DNS record type has a different function, so each of them is important for the proper management of the domain name. Moreover, when a user makes a request, the Recursive DNS servers search for a precise DNS record type. 

For the rest of this article, we are going to present to you some of the most important and interesting DNS record types. 

Common DNS record types

There are several types of DNS records, each serving a different purpose. Let’s take a look at some of the most common ones:

SOA Record

SOA (Start of Authority) shows the start of the authority DNS zone and specifies the global parameters of the zone. Every zone must have one, and you can’t add two per zone. It has the following parameters: Serial number, Primary Nameserver, DNS admin’s email, Refresh Rate, Retry Rate, Expire Time and TTL.

A and AAAA Records

These DNS record types are perhaps the most popular and also most important. The A record and the AAAA record are both responsible for mapping a domain name to its corresponding IP address. This is what enables users to access your website via its domain name. The difference is that A record points to an IPv4 and the AAAA record to IPv6.

MX Record

The MX record, commonly also known as mail exchange record, is used to specify the email server responsible for accepting incoming email messages for a domain name. This DNS record type is crucial for ensuring that your email gets delivered to the correct mail server. Basically, it says which server should receive the incoming emails. If it is not directed well, you won’t receive emails.

CNAME Record

CNAME record is another very popular DNS record type where the short acronym “CNAME” stands for Canonical Name. It allows you to point one hostname to another, not to an IP address like the A and AAAA records. You can use it when you want to create an alias for a domain name. It serves just for subdomains. It is important to note that you can add only one CNAME record per hostname.

TXT Record

The TXT record allows you to add and store text-based information about a domain name. There are all kinds of TXT records and some of them people can easily understand, and others are specifically for machines to read. For example, DKIM (DomainKeys Identified Mail) record is a TXT record that associates a domain name with a specific email message. There is also DMARC (Domain-based Message Authentication, Reporting, and Conformance) record that identifies and blocks spam and phishing emails by verifying the emails.

SPF Record

Creating an SPF (Sender Policy Framework) record shows who is authorized to send emails with a particular domain. Without it, all the emails you send will go directly to the spam folder of the recipients. It is helpful for preventing email spoofing and phishing attacks.

NS Record

The short acronym “NS” stands for Nameservers, and this NS record points the domain name to its authoritative DNS servers responsible for the DNS zone. The NS record is essential for ensuring that your domain name is properly registered and configured.

SRV Record

SRV records are responsible for defining the locations of servers for specified services, such as voice-over IP (VoIP), instant messaging, and others.

Web Redirect (WR) Record

The Web Redirect record does precisely what it says. It redirects from one address to another. There are a few types: 301 redirect which is a permanent redirect, and 302 redirect, which is temporary, if the address has been moved but not permanently. You can do such a redirection with SSL too.

ALIAS Record

ALIAS record is a very similar to the CNAME record. It allows you to add various hostnames for the same subdomain. You can use it for the root domain as well. This type of record is built into the ClouDNS.

RP Record

The RP record, or Responsible person record, shows who is responsible for the domain name and specifies its email address.

SSHFP Record

Secure Shell Fingerprint record is used for Secure Shell (SSH). The SSHFP record is typically used with DNSSEC enabled domains. When an SSH client connects to a server, he or she checks the corresponding SSHFP record. If there is a match, the server is legit, and it is safe to connect to it.

PTR Record

The PTR record, also commonly known as the Pointer record, points an IP address (IPv4 or IPv6) to a domain name. It is the exact opposite of the A and AAAA records, which match the hostnames to IP addresses. PTR records are used for Reverse DNS.

NAPTR Record

IP telephony uses Naming Authority Pointer records, or for short NAPTR records,  for mapping the servers and the users’ addresses in the Session Initiation Protocol (SIP).

CAA record

Certification Authority Authorization (CAA record) record gives the ability to the DNS domain name holder to issue certificates for his/her domain. The record can set policies for the whole domain or for specific hostnames.

Wildcard DNS Record

The Wildcard DNS record will match requests for non-existing domain names. It is specified with a “*” for example *.cloudns.net

For more information, examples, and video tutorials check the following DNS record wiki page.

How many DNS record types are there?

The Domain Name System (DNS) offers an extensive collection of DNS record types, each tailored to specific functions within the internet’s architecture. Currently, there are over 60 standardized DNS record types, which highlights the system’s complexity and adaptability to various networking needs.

Among these record types are the fundamental A and AAAA records, which respectively map domain names to IPv4 and IPv6 addresses, enabling the routing of internet traffic. MX records handle mail server information, directing emails to the appropriate destination, while CNAME records help aliasing one domain name to another.

Beyond these basics, there is a large number of specialized DNS record types designed to cater to specific requirements. TXT records store text data, serving purposes like domain verification and SPF (Sender Policy Framework) for email authentication. PTR records enable reverse DNS lookups, aiding in network diagnostics and security measures.

Moreover, DNSSEC (Domain Name System Security Extensions) has introduced additional record types which strengthen DNS security. These include DNSKEY records for cryptographic keys and RRSIG records for digital signatures, ensuring the authenticity and integrity of DNS data.

As technology advances, new record types may emerge to address challenges and requirements in internet communication and security. Despite this evolution, the core DNS record types remain vital components of the internet’s infrastructure, supporting its functionality and reliability.

Conclusion

Knowing more DNS records and how to use them will give you an advantage in your DNS usage. You can manage better, and you can get better results.
If you can’t figure out how to use some of the records on your own, you can always contact our Live chat Support who would be happy to help you.

Check our DNS Plans

The post Types of DNS records – What are they and what is their purpose? appeared first on ClouDNS Blog.

DNS Monitoring explained

DNS Monitoring gives you the ability to manage and examine the performance of a DNS server. The main goal is to assist you with detecting server-side and client-side DNS issues. In addition, it guarantees the health of DNS servers by sending a DNS request. You are able to choose different query types depending on the DNS record you want to check, for example, A, AAAA, MX, NS, PTR, or CNAME. Then you specify a required expected response that is compared to the actually received response.

DNS Monitoring has a very important role in your network Monitoring service. Moreover, it ensures the safety and proper connection between the end-users and the website or service that they want to use. It is extremely useful when it comes to the fast detection of unpleasant issues or for recognizing potential security breaches. Additionally, it is helpful for stopping some popular malicious attacks. Thanks to the regular checks, you can effortlessly detect unexpected issues or localize DNS outages. As a result, you can prevent a large negative impact on your website or on the safety of your users that want to reach your services by detecting and resolving the problem fast.

Why is DNS Monitoring important?

The Domain Name System (DNS) is an essential part of the Internet. Yet, it was not designed with security in mind. For that reason, cybercriminals have developed ways to take advantage of its vulnerabilities. Therefore, DNS monitoring is vital for helping you protect your online presence and catch issues before they become significant problems. DNS monitoring gives you the ability to recognize several different DNS errors. The majority of them result from malicious attempts and could be a significant threat to your security. On the other hand, there are also communication flow interruptions. They compromise the functionality of your domain’s DNS resolution process and lower the traffic toward your site.

Configuration Errors

DNS Monitoring can detect errors like incorrect IP addresses and assure that outages are not prolonged. The less time your website or service is down, the less your traffic flow is interrupted. That way, you can maintain and increase your uptime, and every user that wants to reach your website (or service) will have that opportunity without any difficulties.

A configuration error can stop users from reaching your website and make it seem like their internet is not acting correctly. This could drive traffic away from your domain and meddle with your business.

DNS Spoofing (DNS poisoning)

DNS Spoofing, also commonly known as DNS poisoning, is a popular cyber threat that cybercriminals use. Recursive DNS servers hold the hostname data with all related DNS records for a particular amount of time (depending on the TTL). That way, they operate more efficiently because they do not repeat the resolution process for the same IP address. However, it also leads to vulnerabilities.

Cybercriminals insert fraudulent data into the DNS cache on the server, like fake IP addresses. Commonly, that is achieved due to viruses and malware. As a result, the users’ requests are directed to a malicious phishing website, which looks similar to the original one. There they type their sensitive information, such as passwords, credit card details, etc. A lot of people do not even notice that they have been directed to malicious pages. No one wants to put its clients at risk of phishing schemes. Additionally, compromising user information can seriously impact your business.

DDoS and DoS Attacks

Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks are massive cyber threats that are able to bring down your server. They involve large amounts of fake traffic with the main goal of overcoming your resources and making your website or service unavailable for regular users. It is important to mention that the earlier the attack is detected, the more quickly it can be handled. Therefore, it is best to stop it before the DNS records on the server become weaponized by the cybercriminals.

DNS Tunneling

DNS Tunneling is another cyber threat that attackers commonly use. Typically, DNS servers handle a massive amount of traffic, and there are no security measures regarding the exchanged data packets. DNS Monitoring can help detect tunneling and serve to prevent any further data from being exchanged. This is an essential addition to your existing security measures.

DNS outage

DNS outage does not allow your users to connect and reach your website or service. It is possible to last just several minutes, but it could continue up to several hours or even days. So you can probably imagine how seriously it can affect your business and services. With DNS Monitoring, you can easily find and understand where the issue is coming from and quickly fix it.

How does it work?

You can find DNS monitoring as a part of ClouDNS Monitoring service. It works by regularly checking if the DNS server responds to all DNS queries. With such type of check, you can initiate DNS queries for a desired hostname and query type – A (for IPv4), AAAA (for IPv6), MX, NS, PTR, or CNAME. There are two scenarios that follow once you set your expected response.

• The check is marked UP, when the received response is equal to the required expected one.
• The check is marked DOWN, when the received response is not equal to the required expected one.

The DNS monitoring check validates the conditions of DNS servers by sending a DNS request and comparing the received response with the expected one.

You can also take a look at our article about DNS monitoring Checks!

Why do you need it?

DNS monitoring is necessary because DNS performance is essential to your network, servers, and applications. Thanks to the DNS servers, your website or service works effectively and efficiently, yet they should be monitored for vulnerabilities. In case you neglect their adequate supervision, you may compromise both the security of your business and your clients.

With the ClouDNS Monitoring service, you can keep an eye on your servers and quickly detect any issues. As you know, timing is crucial, so the fast resolving of the issues is going to guarantee the integrity of your servers. So, as a result, everything should continue operating smoothly.

Benefits of DNS monitoring

DNS monitoring is a critical component of any organization’s network management strategy. By monitoring DNS traffic, organizations can proactively identify and address issues before they escalate. Here are some of the main benefits of the implementation of DNS monitoring:

• Improved Server Availability

It can help improve server availability by identifying and resolving issues that can cause downtime or service disruptions. For example, DNS servers can be vulnerable to hardware or software failures, network connectivity issues, and cyber attacks, which can affect the availability of websites and other online services. DNS monitoring services can detect and alert tech teams of problems before they escalate, allowing them to take proactive measures to resolve them.

• Improved DNS Server Troubleshooting

DNS monitoring can help improve DNS server troubleshooting by providing visibility into the DNS infrastructure and the flow of DNS queries. Tech teams can use DNS monitoring tools to identify blockages, misconfigurations, and other issues affecting the performance of the DNS server. The information helps them troubleshoot and resolve issues more quickly, minimizing downtime and service disruptions.

• Faster Detection of Outages

DNS monitoring can be useful for detecting outages faster by providing real-time visibility into the DNS infrastructure. It can alert tech teams about issues, such as DNS server failures or network connectivity problems, as soon as they occur. That way, IT teams can quickly identify the root cause of the problem and take action to restore services.

Monitoring Plan

Comparison with other monitoring techniques

DNS monitoring is a specialized approach focusing on the health and security of the Domain Name System, which is crucial for translating domain names into IP addresses. While DNS monitoring is vital, it’s one part of a broader network monitoring strategy that includes other techniques such as network performance monitoring, application monitoring, and security information and event management (SIEM). Here’s how DNS monitoring compares with other monitoring techniques:

• Network Performance Monitoring (NPM): NPM tools focus on the performance and availability of networks and network components (like routers and switches). While NPM can identify network congestion and hardware failures that indirectly affect DNS services, DNS monitoring directly assesses DNS health, ensuring that domain name resolution processes are working as expected.
• Application Monitoring: This technique focuses on the performance and availability of specific applications. It can help identify issues within an application that may impact user experience but doesn’t directly monitor DNS processes. DNS monitoring complements application monitoring by ensuring that users can reach the applications in the first place.

Security Information and Event Management (SIEM): SIEM systems collect and analyze aggregated log data from various sources to detect and respond to security incidents. While SIEM can identify security breaches that may indirectly affect DNS services, DNS monitoring provides specific insights into DNS-related security threats, such as DNS spoofing or tunneling attacks.

Conclusion

So, now you know what DNS Monitoring is and why it is so important for your security. First, there are different criminal attempts that could be prevented when you keep an eye on your servers. Additionally, it is beneficial for simplifying the process of finding and fixing network issues. Finally, it helps you prepare and not be surprised in such situations.

The post Monitoring your DNS, should you do it? appeared first on ClouDNS Blog.

What is the Host command?

The Host command is a software with a command-line interface that serves to test DNS. Internet Systems Consortium created it, and it is distributed as a permissive free software with an ISC license. 

As we mentioned already, the Host command is a utility tool for network diagnostic that you can use to probe different DNS records. You can see the A or AAAA records to get the IP address of a domain, see the name servers, find the start of authority, MX records, and more.

The purpose of the Linux Host command

The purpose of the Linux Host command is to query Domain Name System (DNS) servers to resolve domain names to IP addresses or vice versa. It is a command-line tool that can be used to retrieve DNS information about a hostname or domain, such as its IP address, aliases, or mail exchange (MX) records.

The Host command is a beneficial tool for developers and IT professionals who need to troubleshoot network issues or debug applications that rely on DNS. By using the Host command, they can quickly determine if a hostname is resolving to the correct IP address or if there are any issues with the DNS resolution process.

Additionally, the Host command can be used to perform advanced DNS queries, such as retrieving different types of DNS records and setting a specific timeout value. This makes it a versatile tool that can be used in various scenarios, from simple DNS lookups to more complex network debugging tasks.

Host command syntax

If you want to see the syntax of the Host command and the options that it has, you can simply write “host” and press “Enter.”

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W time] [-m flag] [-4] [-6] hostname [server]

Host command Options

Here you can see all the available options. Whenever you forgot them, just write “host” in the Terminal.

Host command examples

For all the cases we will use Google.com. You can change Google.com with your domain or whichever else domain that you are interested in. We will give you several examples that can be useful for your work.

Search for the IP address of the domain.

host google.com

This command will show the content of the A and AAAA records. You will get IPv4 and IPv6 results for the domain.

SOA Record

See the Start of Authority records with this command. The SOA record is used for zone transfer. There could be only one SOA record per zone file. If you see more, then you need to fix the problem.

host –C google.com

Check the name servers of the domain

host –t ns google.com

It will display the name servers of the host. The –t, we use to specify the type of query. When you know all of the available name servers, you can test them individually. 

Check a particular name server

You want, for example, to review the ns1. To see if it is responsive or is there any problem, so you type:

host google.com ns1.google.com

 CNAME record

host –t cname mail.google.com

You can use it to find CNAME record. Those records will link one alias to the true name, the canonical. 

MX record

Check the incoming mail server with this query. You can see if they are responding correctly. 

host –n –t mx google.com

TXT Record

You can also check TXT records. There are various TXT DNS records that serve for authentication or verification. One of them is the SPF record that shows who can send emails from the particular domain. 

host –t txt google.com

Decide the Waiting time for a query

You can use –w to wait forever or –W and time in seconds to decide how long to wait for a reply.

host –T –W 10 google.com

Reverse lookup

You can also check the IP and see the host. It is a must to set the Reverse Lookup Zone for your mail server to work properly. 

host 216.58.194.142

Host command to see all of the DNS records for a domain

host –a google.com

You will get information about various types of records – NS, AAAA, MX, etc. With that report, later, you can probe each DNS individually. 

Change the default number of tries from 1 to the number you desire

host -R 8 google.com

In this example of host command, we changed from 1 to 8, the number of tries. The domain will have 8 chances to respond. When it manages to answer, it will stop the retries.   

-R : In order to specify the number of retries you can do in case one try fails. If anyone try succeeds then the command stops.

Troubleshooting Tips

When using the Linux Host command for DNS queries, you may encounter various issues. Here are some troubleshooting tips to help you resolve common problems:

• Domain does not resolve: If a domain doesn’t resolve, first ensure that the domain name is correctly spelled. Next, check your network connection and confirm that your DNS servers are set up correctly. Use other DNS tools like dig or nslookup for comparison. If the issue persists, it might be due to DNS propagation delays, which can take up to 48 hours after a DNS change.
• Interpreting error messages: Error messages can provide insights into what’s wrong. For example, “Host not found” suggests the domain name does not exist or DNS propagation has not completed. “Connection timed out” indicates a problem reaching the DNS server, possibly due to network issues or incorrect DNS server settings.
• DNS propagation delays: After DNS changes, it can take time for the updates to propagate through the internet’s DNS system. Use tools like whois or online DNS checkers to see if your changes have propagated. Patience is key here, as this process is beyond your direct control.

Alternatives to the Host command

There are several alternative DNS probing tools that you can use in place of the Host command, and some of the most popular ones include:

• Nslookup command: This tool is available on Linux, macOS, and Windows, and is straightforward to use. It’s a reliable, always-on-hand option for DNS lookups.
• Dig command: Some users prefer this tool over Host as it has additional options and can retrieve all types of DNS records.
• Ping command: While not as comprehensive as other tools, this network utility is useful for checking host availability by sending packets to a host or IP address to see how it responds.

Exploring and learning to use various DNS probing tools is great. Having multiple options on hand can be beneficial, especially if you manage multiple sites or need to troubleshoot different types of network issues.

Conclusion:

This was the Host command. Now you have one more way to troubleshoot your DNS. If you are interested in diagnostic tools, we recommend you the following articles too: Dig command, Nslookup, Traceroute, MTR and Ping. They will expand your knowledge in DNS diagnostic.

The post Linux Host command, troubleshot your DNS appeared first on ClouDNS Blog.

How does Dig Command work?

Dig Command works the same way as a typical DNS query. Let’s take an A record request. If you want to see the A record, you want to know the IP address of a particular domain. The request will first check if your router has the information of many sites’ addresses in its cache. If it doesn’t have it, the request must be answered from another recursive server. The common solution is that your query will be responded from the recursive servers of your internet provider. It is possible that it doesn’t know it either. No problem, your query will go on a search for the root server. The request will go to the top-level domain like .COM or .EU, and in the end you will get the IP address from the authoritative server for the domain you were checking. 

Dig Command Syntax

Understanding the syntax of the dig command is crucial for effectively utilizing it for DNS troubleshooting and queries. The basic syntax of the dig command is as follows:

dig [@server] [name] [query type] [options]

• [@server]: Specifies the DNS server to query. If omitted, dig uses the default server specified in your system’s resolver configuration (usually defined in /etc/resolv.conf).
• [name]: This is the domain name or IP address you want to query. For example, cloudns.net.
• [query type]: This specifies the type of DNS record you are interested in. Common types include A, MX, SOA, TXT, PTR etc. If this is left out, dig defaults to querying the A record.
• [options]: Dig offers a wide range of options to modify its behavior and output. For example, +short displays only the answer section of the query. Other options include +trace for tracing the path of the query across DNS servers, +noall +answer to show only the answer section, and many more.

How to install the dig command on Linux?

First, let’s check if you already have the dig command installed. You can do that by opening the terminal and writing dig -v. If you have it, your computer will show a message similar to this one:

DiG 9.11.3-1ubuntu1.7-Ubuntu.

Many new Linux distros have it pre-installed. In case you don’t have it, you will get the following message:

dig command not found

For Linux Mint, Ubuntu and other Ubuntu-based Linux distributions you can use the following command:

sudo apt install dnsutils

If you are using Fedora or CentOS you should use:

sudo yum install bind-utils

And for Arch Linux users:

sudo pacman -S bind-tools

Understanding the dig command

Let’s start with a simple example to understand it. We will use google.com for the testing. You can try it directly with your domain, by simply replacing google.com with your domain.

dig google.com

The first line will inform you about the version of the dig command and the second about the global option.

After that, you will get technical information provided by the DNS nameserver. The header shows you what did you do and was it successful. If there is “NOERROR” that there was no problem.
You will see the answer for the EDNS.
Following line shows that by default you are requesting the A record.
You will get the answer for the A record – the correspondent IP address and you will get statistic about the query.

10 Most used Dig commands

More dig command examples:

dig google.com +short

This will show you just the IP address without any additional information. Quick and easy to use the answer that is basically the answer of an A record. 

dig google.com MX

You can query different types of records like the mail exchanger ones. MX records show the responsible mail server for accepting emails. You can see if all of the servers are working the right way and if they are responding too slowly.

dig google.com SOA

SOA – the start of authority, shows the authoritative DNS server. In this record, you see valuable information about the zone. There is only one SOA per zone. 

dig google.com TTL

TTL – time to live. It shows how long the data should be kept. You can read more about TTL HERE. People usually leave longer TTL, and that way, they lower the DNS servers’ load. When you are creating records, you can set it to a low value, if you like. Also, it is possible to set different TTL for different DNS records.  

dig google.com +nocomments +noquestion +noauthority +noadditional +nostats

Only answer query. Use it if you don’t want to receive extra information. A clear and short answer that will evade the extra statistics that you might want to skip. 

dig google.com ANY +noall +answer

Query all types of DNS records. It will show all the different types of DNS records. This will give you an overview of the domain. Later you can use the dig command for the exact DNS records that you want. 

dig -x 172.217.1.142

Reverse DNS lookup. You can also do the opposite and check the IP address. The rDNS is used for verification. The result will be a PTR record that verifies the nameserver. It is needed that a PTR record exists. Otherwise, this revers checking can’t give an answer.

dig @8.8.8.8 +trace google.com

Trace DNS Path. It will show the whole route that a DNS query takes. Every hop from a server to server. It can show you where exactly server is not working. You might be surprised how far does your query travels. Check it from different locations, and you might see where in the world you need a new point of presence to reduce the latency for the users there.

11 dig -p 5300 google.com

Specify Port Number. If you have changed the standard port 53 to another for increased security, you can make a dig command to check if it is working correctly. And of course, you can check if you have closed the standard ports, and you don’t have any “open doors” for attackers. 

dig _sip._udp.YOURDOMAIN.com SRV

Another record that you can check with this command is the SRV. The SRV records are often used in VoIP. In this example, we are checking the SIP service, and we will use the UDP protocol. The answer will show you the time for response and the server’s IP responsible for the SIP service. 

dig google.com TXT

To see all of the TXT records, use this command. TXT records can be used for verifications and can have different variations. For example, it can be a DMARC record. To see a particular one, you can use the following command and change the “dmarc” with the one you need. 

dig _dmarc.google.com TXT

Now you know the basics of the dig command on Linux. You can start experimenting by yourself.

We can recommend you a few more tools that can be useful for your DNS diagnostic Nslookup, Traceroute, MTR, Host, and Ping.

Conclusion

The dig command is an indispensable tool for DNS troubleshooting and analysis. Its flexibility and powerful options make it a preferred choice for network administrators and IT professionals. By understanding how to install and use the dig command, as well as mastering its syntax, you can efficiently diagnose and solve DNS-related issues. Whether you’re checking DNS records, performing reverse DNS lookups, or tracing the path of DNS queries, dig provides you with the insights needed to ensure your domain’s DNS is functioning correctly. Remember, practice is key to becoming proficient with the dig command, so don’t hesitate to experiment with different queries and options. With this knowledge, you’re well-equipped to tackle any DNS challenges that come your way.

The post Linux dig command, how to install it and use it appeared first on ClouDNS Blog.

DNS trace (dig + trace)

Using DNS trace, you can troubleshoot your DNS. You can use it on Linux OS, Mac OS and even on Windows (using Cygwin). You will trace the route of a DNS query. If there is a problem, you will see exactly where it is.

$ dig +trace www.cloudns.net

(you can write your website)

First, you request a webpage, for example, www.cloudns.net.

The query gets to the root name server for it.

This name server will show you the TLD authoritative server.

Your recursive resolver queries the .com TLD authoritative server for www.cloudns.net.

The .com TLD authoritative server refers your recursive server to the authoritative servers for cloudns.net.

Your recursive resolver queries the authoritative servers for www.cloudns.net and receives the IP as the answer.

Your recursive resolver caches the answer for the duration of the time-to-live (TTL) specified on the record and returns it to you.

This is how domain resolution works. You can get valuable information about the speed and accuracy of the answer.

Additionally, DNS trace is invaluable for diagnosing and understanding DNS propagation issues. It helps identify delays in DNS updates or misconfigurations across different levels of the DNS hierarchy. By understanding the path a DNS query takes, administrators can pinpoint issues more efficiently and ensure that DNS records are correctly resolved. Additionally, DNS trace is an excellent educational tool for those learning about the complexities of internet addressing and domain name resolution.

Premium DNS Service!

Online Ping

Online Ping is a DNS tool that administrator use for checking the connectivity and the speed. Using this command, you send a small data packet to a particular IP address. Then wait to get a feedback packet. You can also use it to ping a name resolution. If you get an answer when you do a ping to an IP but not when you do it to a name, then the two don’t match.

ping www.cloudns.net

Beyond checking connectivity and speed, Online Ping can be used to monitor the availability and response time of a server or network device continuously. This is crucial for maintaining high uptime for critical services and websites. Regular ping tests can alert administrators to network congestion, latency issues, or outages that may affect user experience. It’s a simple yet powerful tool for ensuring that network paths are optimal and services remain accessible.

What is ICMP Ping monitoring?

Traceroute

Tracing the route is similar to the ping. Using this DNS tool, you send a packet of data to an internet host, and it gives you back a result for every hop your query makes in seconds. If your website has a slow response, using this tool you can see where exactly it is the problem.

Try our Free DNS tool! 

traceroute www.cloudns.net

Traceroute not only helps in identifying where problems lie in the network path but also in understanding network infrastructure and performance. By showing the route data packets take to reach their destination, traceroute can reveal unexpected routing behavior or bottlenecks. This insight is useful for network optimization and planning, as well as for security purposes to detect any unauthorized or suspicious network paths.

DNS lookup (nslookup)

You can use this tool on different Operating systems for making DNS queries to get to an IP address or for specific DNS records. You can use it to see if you have any problems with any kind of DNS record that you are using.

nslookup www.cloudns.net

In addition to querying IP addresses or specific DNS records, nslookup is also useful for verifying and troubleshooting DNS configurations and propagation status. This tool can help ensure that your DNS settings are correctly implemented and propagated across the internet, which is critical for website accessibility and performance. It’s also beneficial for security analysis, allowing administrators to check for DNS-based threats or misconfigurations.

10 most used nslookup commands

Reverse DNS lookup

It does what it says, here you start with an IP address and you can find the domain name. This process uses PTR records that show exactly that. You can use it for troubleshooting.

dig -x 136.243.33.126

Reverse DNS lookup is not only crucial for troubleshooting but also plays a significant role in network security and anti-spam efforts. By verifying the domain name associated with an IP address, administrators can identify potential sources of spam or malicious activity. Furthermore, reverse DNS lookups are used in email authentication processes to reduce spam by verifying that the IP address sending the email matches the domain from which it claims to come.

Read more for the Reverse DNS and PTR records in our article: rDNS explained in detail

Conclusion

In conclusion, mastering the use of essential DNS tools like DNS trace, Ping, Traceroute, Nslookup, and Reverse lookup is paramount for network administrators and troubleshooters. These tools offer invaluable insights into diagnosing connectivity issues, optimizing network performance, and ensuring the smooth operation of online services. By harnessing their capabilities effectively, administrators can navigate the complexities of DNS management with confidence, ultimately leading to a more stable and reliable networking environment.

The post Тools – DNS trace, Ping, Traceroute, Nslookup, Reverse lookup appeared first on ClouDNS Blog.

The Domain Name System (DNS) is often compared to a phonebook, and there are a lot of similarities. It is another type of database. DNS is a global system that we all use on a daily basis when we want to access any website. It contains and distributes information about domain names and their corresponding IP addresses. This way, when we type a simple domain name, our browsers or application will use the DNS to search for its IP address and connect us. The DNS is divided into domains from different levels, and it is managed through DNS zones that are decentralized. An administrator of a higher level can delegate a zone to another under it. For example, when you get a domain name (secondary-level domain like yoursite.com), the higher level .com (TLD) can delegate you the right to manage the zone yoursite.com. You can further delegate responsibility for all subdomains like mail.yoursite.com, ftp.yoursite.com, etc. To manage domain names, you add DNS records, which are a set of instructions related to your domains, hosts, services, and more.

Domain Name System explained

List of DNS terms

Here you have the most important DNS terms that you will need to manage your domain name. First, you can learn the basics of DNS, and later you can expand your knowledge with larger articles that go into greater details on topics like DNS records, DNS features, and processes. 

Domain Name

It’s an identifier of a host, a text line, that servers for mapping to an IP address (a line of numbers like: 46.166.142.62) for easy access to a website. By now, you have typed a lot of different domain names in the URL bar of your browser to reach different websites. Example: cloudns.net

Machines have always searched websites through their IP address. Numbers are the best way for machines to understand each other. But numbers are hard to be remembered by humans. That’s why domain names were created. To have a friendly choice for humans to reach the websites they look for.

IP Address

An Internet Protocol address is another host identifier that is created of a line of numbers divided into groups by periods. Example: 46.166.142.62. IP addresses are needed so devices can connect to networks and communicate using the Internet Protocol (IP).

The set of numbers on every public IP address is mathematically generated and allocated by the Internet Assigned Numbers Authority (IANA). An entity of the Internet Corporation for Assigned Names and Numbers (ICANN).

Basically, IP addresses allow the identification, location, and communication of hosts on a network. Every device uses a unique IP address. This way, the Internet and networks, in general, can distinguish all the websites, routers, connected computers.

Many IPv4 addresses are still in use, but the latest standard IPv6 is growing in popularity.

TLD (Top-level Domain)

Domain names have a hierarchy structure. The top-level domain is one of its parts, and it’s located, reading from right to left, just after the final dot for the root and before the secondary-level domain name. Examples: .com, .gov, .uk, .ru, etc.

Initially, TLDs were created to organize domain names by their purpose, geographical location, field, operation radius. By only reading this part of a domain name, users could also know if a website they visited belonged to a commercial, government, non-profit organization, operating regionally, locally, internationally, and so on.

In the beginning, this use was more strict. In 2010, the Internet Corporation for Assigned Names and Numbers (ICANN) accepted the creation of new, generic, trademark TLDs. Now, TLDs are chosen to obey Marketing objectives too.

FQDN (Fully Qualified Domain Name)

It’s the most complete domain name that hosts can have. It points to the exact location of a domain name in the domain name system (DNS) tree hierarchy. This is expressed through the three parts that shape every domain name: hostname, second-level domain name, and top-level domain name (TLD). Following this structure, here you have an example: www.cloudns.net.

Anycast DNS

Anycast DNS is a traffic routing method where the same IP address is used for multiple nameservers located in different locations. Usually, there are many locations (points of presence) – at least 20 for a well-sized DNS provider. Having a large number of servers makes Anycast DNS resistant to DNS attacks and provides redundancy in general. 

When a client request a domain, the router will direct its request to the nearest nameserver. This will reduce the latency and offer a better experience for the clients.

Dynamic DNS

Dynamic DNS, also known as DDNS, is an automatic method of updating nameservers. The most common use case is to update IP addresses that are contained in A records (IPv4) or AAAA records (IPv6) when a change has occurred. It is particularly useful for CCTV cameras or remote services because with Dynamic DNS, you don’t need to pay for static IP addresses. The IP addresses will change over time, but they will be updated, and you won’t experience problems. After the initial setup process, you don’t need to interact with the settings, and it will continue to function.

DNSSEC

DNSSEC is a security extension that has the goal to protect DNS communication and stop DNS spoofing. It encrypts the DNS communication with a combination of private and public keys. One that the zone administrator uses to sign it and the other for authentication of the origin of the data. What makes it a good protective mechanism is that it is a complete chain of trust. Starting from the root zone down to the TLD zone, the domain zone, and subdomains, each zone above will have the key for the next one. It adds security to the fast DNS process without a significant slowdown.

DNS Server (types)

There are different DNS servers, and each has specific functionality.

Root server. It belongs to the highest level of DNS servers. It’s the authoritative name server for a specific DNS root zone. It points to the TLD of the requested domain name.

TLD server. It’s responsible of specific TLDs (.com, .gov, .uk, .net, etc.). It will point to the exact, authoritative name server that can provide the IP address for the requested domain name.

Recursive DNS server. The server takes the user’s DNS request and looks for the IP address or other information needed for the requested domain name. It will communicate with all the other DNS servers in the hierarchy for getting this information.

Authoritative DNS server. It contains all the DNS records for the zone it’s in charge of. It answers the requests that recursive DNS servers have by providing the corresponding A or AAAA record and the IP address of the requested domain or another DNS record.

Primary authoritative DNS servers. They answer DNS requests, and they store the original zone file. Therefore, DNS records’ modifications can only be made on these servers. 

Secondary authoritative DNS servers. They also respond to DNS requests, but what they store is a copy of the zone file. This copy is not editable at all, only readable. 

DNS Zone

The DNS system has a structure that looks like an inverted tree. It is divided into domain names on different levels. The highest level is the root, after many TLDs, secondary-level domains, and later multiple levels of subdomains. To administrate those domain names, there are DNS zones on each level. The DNS zones are partitions of the Domain Name Space that contain DNS zone files with DNS records for managing. A DNS zone administrator can add or remove DNS records inside the Primary DNS zone.

DNS records

DNS records are simple files that contain text with instructions related to the domain name they belong to. They can link domain names to IP addresses, add instructions for email servers, point to specific services, and much more. The DNS records are hosted inside a host file in a DNS zone. The zone is located inside an authoritative nameserver.

There are many types of DNS records, but the most popular ones are:

A record – Links a domain name to an IP address. 

CNAME record – Forwards subdomains to the domain name.

MX record – Indicates the email servers that should receive emails for the domain name.

TXT record – Multiple verifications and authentication purposes.

NS record – Shows the nameservers for the domain name.

SOA record – Start of authority.

SRV record – Links services to port numbers.

PTR record – The Pointer record links an IP address to a domain name.

The Importance of DNS Terminology

Understanding DNS terminology is crucial for various reasons, including the following:

• Efficient Troubleshooting: Solid knowledge of DNS terms allows IT professionals to diagnose and resolve technical issues more efficiently. Identifying the root cause of problems, such as domain resolution failures or misconfigured DNS records, becomes significantly easier and faster.
• Enhanced Security: Cybersecurity is a top priority nowadays. Therefore, it is best for professionals to understand DNS terminology in order to detect and respond to potential threats. Understanding terms like DNSSEC, DNS spoofing, cache poisoning, and DDoS attacks helps strengthen the security of networks and web services.
• Performance Optimization: Website owners and developers can benefit from understanding DNS terminology to optimize the performance of their online presence. Fine-tuning DNS settings, minimizing TTL values, and ensuring proper DNS record configurations contribute to faster and more reliable website performance.
• Effective Communication: Clear communication within IT teams, especially between developers, network administrators, and support teams, is crucial, especially when they need to communicate complex technical issues. A common understanding of DNS terms allows effective communication and collaboration within teams.
• Domain Management: Individuals and organizations involved in registering and managing domains must be familiar with DNS terminology to make informed decisions. Knowledge of terms like TLDs, registrars, and DNS hosting providers empowers domain owners to navigate the complexities of the domain ecosystem.

Conclusion

This list of basic DNS terms you should know is a good start for exploring the DNS. If you want to learn even more, follow our blog, in which we regularly post new extended articles. Also, don’t miss our Wiki page and YouTube channel.

The post Basic DNS terms you should know (List + Infographic) appeared first on ClouDNS Blog.

In this example, we assume you bought a domain from Cloudns.net, and you are having one of our DNS plans. If that is not the case, the steps will be similar, but not the same. 

Set up a DNS zone for sites hosted on WordPress.com

1. Go to https://wordpress.com/ and follow the process to create a web site. Register and log in. 

2. Then choose the type of website, from the options, you would like to have.

3. Depending on the purpose of it, type a corresponding keyword, or a name you like.

4. Go for the free domain. You will be using the other domain name that you have already bought from us. In this example, the domain we will use is ricki.sx 

5. Go to Cloudns.net and log in to your profile. Create a Master DNS Zone file. The Master Zone will let you write and read onto the DNS database. 

To create it you must click on DNS zones and then select Master Zone option. Put just the domain name that you bought (without www. Or http://). 

Now you have created the DNS zone for WordPress, and it is time to put DNS records.

6. We will add a CNAME record that will redirect to where your site is hosted. The CNAME is a canonical record. It serves to show that one domain is an alias for another one. 

We will point the blog (blog.ricki.sx) to the domain (myburst.photo.blog) that was given from WordPress.com. 

7. Then we will create a permanent redirect (301 redirect) that will map the ricki.sx to http://blog.ricki.sx and another for the www subdomain (www.ricki.sx) to the same. 

8. The final action, we want to do, is to edit the redirects and add “Redirect with frame.” This will make your visitors see just the redirected domain and not the original. 

Ready.

Check our Premium DNS plans here!

Set up a DNS zone for WordPress site on hosting with cPanel.

1. Go to your hosting account and log in. Write down the IP address. You will need it in step 6.  

2. Enter the cPanel and click on the Addon Domains. Addon Domains let you control more than 1 domain for your hosting.

3. Now create an Addon Domain with the new domain name rick.sx and subdomain www. 

4. Go to your Cloudns.net and log in. 

5. Create a Master Zone, so later you can add DNS records. 

6. Create two A records. The first to direct from ricki.sx to the IP of the hosting (that one you wrote down back in step 1), and the second to direct from the www.ricki.sx to the same IP.  

Ready!

You can find more interesting articles on our blog.

DNS Troubleshooting – tools and commands

The post How to set up a new DNS zone for your WordPress site appeared first on ClouDNS Blog.

Problems like these can seriously affect your business. Your clients can get phished and send their private information to a fake address which is pretending to be you. This can damage your reputation and can lead to different bans for you.

Understanding Phishing Attack and How to Stay Protected

If you have such problems, then you need a Sender Policy Framework (SPF) to prevent spoofing and improve the reliability of your e-mail server. It is a validation system that verifies the legitimacy of your email server.

To use it you need to create an SPF record for your domain name. It is a type of DNS record that verifies which email server can send emails from the name of the specific domain.

Let’s define SPF record

This is how it looks like:

v=spf1 +a include:cloudns.net ~all

It has different mechanisms:

v=spf1 – shows that it is an SPF record and is the version 1

+a – it is authorization to the host, that it can send emails

include: authorization of the emails, that they can be sent from that particular domain

~all – this shows that, if another server sends an e-mail for your domain, it must be accepted but handled as spam. You can use -all if you want all other servers to be rejected

There can be more mechanisms like:

all – make a match of all local and remote IPs

ip4 – define a particular IPv4 address or a range of IPv4 (example: ip4:192.168.0.1 or ip4:192.168.0.0/24 for a whole network)

ip6 – set a specific IPv6 address or a range of IPv6 (example: ip6:fc00::1 or ip6:fc00::/7 for a whole network)

mx – for each MX record, it specifies all A and AAAA records

Mechanisms can have qualifiers before them:

+ – Pass, the address passed the test, accept the email (example: +mx)

–  – Hard Fail, the address failed, don’t accept the email (example: -ip4:192.168.0.1 or -all)

~ – Soft Fail, failed the test but it accept the emails, just tagged them as fails (example: ~all)

? – Neutral, no pass or fail, do whatever, probably accept email (example: ?all)

How to add SPF record

Now when you know what an SPF record is, you can watch the following video tutorial how to add it.

For more information, you can also check our wiki page about SPF record.

The benefits of adding an SPF record are clear, stop the illegal spammers from using your domain name to send a fake email and to be phishing private data. In the other hand, it will reduce dramatically the number of your email that goes directly to SPAM by recipients.

So, do that extra text and add this SPF record to your DNS for additional protection.

The post What is Sender Policy Framework, and how to setup SPF record? appeared first on ClouDNS Blog.