How to check the TTL using Windows OS?

You will need to open the Command Prompt as an administrator. From there, you need to use the nslookup. Write this on the command line “nslookup -type=soa www.cloudns.net”. You will get an answer from the authoritative server with the TTL.

You can change the type of the record and look it up for A, AAAA, MX or another type.

How to check the TTL using Linux OS and Mac OS?

You will need to use the dig command.

“dig a cloudns.net” This will give you a long answer. If you want just the TTL, you can try dig +nocmd +noall +answer +ttlid a www.cloudns.net

You can check the different DNS records by changing the text on the last before the domain. For example for AAAA records it will be: dig +nocmd +noall +answer +ttlid aaaa www.cloudns.net and for the MX it will be: dig +nocmd +noall +answer +ttlid mx www.cloudns.net

The previous answers are provided by the recursive servers. If you want to ask directly an authoritative nameserver you should add “+trace” after the “dig” and it will look like this: dig +trace +nocmd +noall +answer +ttlid aaaa www.cloudns.netTTL for different DNS records

• If you want to setup different TTL for every single record you can use our Anycast DNS network!

Easy way to check the SOA TTL value

Now, let’s see how to check the SOA TTL value, which is important for understanding the duration DNS records are cached and how quickly changes are propagated across the internet. For this purpose, we will use the ClouDNS Free DNS tool, a straightforward and effective solution for DNS management and analysis.

1. Access ClouDNS Free DNS Tool
Navigate to the ClouDNS website and locate their Free DNS Tool. This tool is specifically designed for conducting DNS audits and other DNS-related inquiries.

2. Enter the domain name
In the Free DNS Tool interface, you’ll find a field to input the domain name you wish to investigate. This is where you type in the full domain (for example, “cloudns.net”). It’s crucial to ensure the domain name is entered correctly to get accurate results.

3. Choose DNS audit and Select DNS resolver
Once the domain is entered, you need to specify the type of inquiry you’re making. Select “DNS audit” from the available options. Then, choose a DNS resolver. Typically, you might have options like Cloudflare, Google, etc. The choice of DNS resolver can influence the results, as different resolvers might have different cached data.

4. Review the results
After initiating the audit, the tool will process your request and display the results. In these results, look for the SOA (Start of Authority) record section. This part of the report will include information about the primary nameserver, the responsible party for the domain, and various timers related to the domain’s DNS records.

Most importantly, locate the “Default TTL” value within the SOA record section. This number, typically shown in seconds, is the SOA TTL value for the domain. It indicates the duration for which DNS records are cached by resolvers.

Shorter or longer TTL?

Many clients prefer to set the TTL to a long period like 2 days (172 800 seconds). This will reduce the load on the DNS servers, because the queries need to be done less frequently. This can be good if you have a very limited DNS plan, but your clients won’t be happy about it. Make your clients’ experience better, with lower TTL and frequently updated records.  Shorter TTL is useful if you have a very dynamic environment.

A and AAAA records. You can set it as low as 60 seconds if you really need your clients to get the latest update, but we recommend to have it around 1-2 hours to reduce the load on the servers. You can put it as long as 12 hours or a whole day.

SOA record. Unlike other DNS records, SOA controls the speed of DNS updates. A longer TTL (e.g., 48 hours) delays updates but reduces server load. A shorter TTL (e.g., 2 hours) speeds up updates but increases server queries. Choose based on your update frequency and server capacity.

CNAME record. If you need to deliver a lot of content to different parts, you can lower the TTL but in normal conditions you can leave it to 12 hours

MX record. System that have a static IP (it doesn’t change) can put 1800 seconds or more, but the rest with dynamic IP must keep the TTL low.

TXT record. This one you don’t change a lot, so you can set it up to 12hours.

You can experiment with the TTL to see which suits you best. Remember the lower it is, the more often the recursive servers will update the information which is good for your clients. But this will signify a bigger load on your servers and more queries. You should see the results and think if you want to move to a lower or to a higher DNS plan.

30-day Free Trial for Premium Anycast DNS hosting

The post TTL and how to check TTL appeared first on ClouDNS Blog.

Recursive DNS server explained

The Recursive DNS server called, also commonly DNS resolver, has the important responsibility of seeking requested data and responding to users’ DNS queries.

In computing, when we talk about recursion, it is clearly associated with a technique that aims to solve a particular problem. In addition, that involves a program or solution that continuously repeats itself until it reaches the desired goal.

A Recursive DNS server is positioned to function in the middle between the Authoritative DNS server and the end-users that initiate DNS requests. So, each time a user desires to visit and explore a particular website, it types its domain name into the address bar of the browser. From there, the Recursive DNS server receives the request and starts searching for the IP address (IPv4 or IPv6) that corresponds to the domain name. Shortly after the required IP address is found, the DNS resolver returns to the user’s device and provides the needed information. Then the browser on the device (smartphone, laptop, computer, etc.) of the user is able to connect and load the desired website. 

The number of available Recursive DNS servers all over the world is significant. However, the most popular among them are the ones of the Internet service providers (ISP).

Tasks of the Recursive DNS server

The role of the DNS resolver is to complete one of the following tasks:

1. Checks if the IP address is stored in the cache memory. There is a certain period of time, pre-defined by the domain’s owner called Time to Live or TTL. It says for how long the Recursive server can hold the information. If it is still there, it will return the answer fast and won’t take further actions.
2. Searches for the IP address elsewhere. If it is not in the cache, it will continue the searching process until it gets to an Authoritative server which has the information.

How does it work?

The Recursive DNS server takes a very important role in the DNS resolution process. As we mentioned earlier, it operates between the user and the Authoritative DNS server. Yet, it completes several crucial tasks. Let’s summarize how it operates and what actions it performs in this vital process: 

• The DNS resolver is the one that obtains the DNS query from the user.
• It then asks the Root server about the location of the TLD (Top Level Domain) server.
• The Recursive queries the TLD (Top Level Domain) server for information about which is the accountable Authoritative DNS server for the precise domain.
• It makes a request to the Authoritative DNS server responsible for the particular domain. 
• The Resolver gets back to the user and provides the requested data.
• It caches the DNS information for further use.

The existence of Recursive DNS servers is crucial. This is because they support the Authoritative DNS servers, which would not otherwise be able to handle the workload created by themselves. Additionally, DNS Resolvers distribute the load of the huge number of user requests and make the resolution of domain names way easier.

Check out Fantastic Premium DNS service plans by ClouDNS!

Recursion and Iteration: Explaining the Dynamic Duo

Recursion and iteration are two programming concepts that play a crucial role in the functionality of DNS servers, particularly recursive ones. Let’s explore these concepts:

• Recursion 

Recursion, in the context of DNS, refers to the process where a DNS server, upon receiving a query for a domain name, doesn’t have the necessary information in its cache and initiates a series of requests to other DNS servers to resolve the query. Each subsequent request dives deeper into the DNS hierarchy until the authoritative DNS server for the queried domain is reached.

Imagine recursion as a detective following a trail of clues to solve a mystery. The DNS server starts with limited information, asking other servers for more details until it discovers the complete answer. This recursive process ensures that even if a DNS server doesn’t have the needed information, it can still find and deliver a response after consulting other authoritative sources.

• Iteration

Iteration, on the other hand, involves repeating a set of instructions until a specific condition is met. In the DNS context, iteration occurs when a DNS server sends iterative queries to authoritative servers and, at each step, refines the search until it obtains the precise information needed to resolve a domain name.

Think of iteration as a systematic approach where the DNS server persistently refines its search, step by step, until it comes to the solution. This process allows for efficient querying, minimizing the chances of overwhelming authoritative servers with unnecessary requests.

• Recursion and Iteration in Recursive DNS Servers

Recursive DNS servers blend recursion and iteration to navigate into the complex DNS hierarchy. When a recursive DNS server receives a query, it first checks its cache to see if the information is available. If not, it starts a recursive process, reaching out to authoritative servers and using iteration to specify its search for the required data. This dynamic dance between recursion and iteration ensures that DNS queries are resolved quickly and accurately. 

The Benefits of Recursive DNS Servers

Now that we’ve explained the meaning of recursion and iteration let’s explore the benefits that Recursive DNS servers bring to the table.

• Enhanced Performance and Speed: Recursive DNS servers significantly improve the speed of DNS resolution. Maintaining a cache of previously resolved queries allows these servers to respond promptly to reappearing requests without crossing the entire DNS hierarchy again. This results in faster load times for websites and a smoother browsing experience for users.
• Reduced Network Latency: With their ability to store and reuse resolved queries, Recursive DNS servers help minimize network latency. By reducing the time it takes to get information from authoritative servers, these servers contribute to quicker and more responsive internet connections.
• Improved Security: Recursive DNS servers can protect users from malicious activities. Through features like DNS filtering and blocking known malicious domains, these servers safeguard against phishing attacks, malware, and other online threats. They can perform detailed checks and validations before serving DNS responses, adding an extra layer of security to the online experience.
• Load Distribution and Balancing: Recursive DNS servers contribute to the efficient distribution of network traffic by balancing the load on authoritative servers. These servers reduce the load on the DNS infrastructure by caching and serving responses locally.
• User Privacy: They can enhance user privacy by implementing features like DNS over HTTPS (DoH) or DNS over TLS (DoT). These encryption protocols add a layer of security, preventing unauthorized parties from intercepting and monitoring DNS requests.

Vulnerabilities

Cybercriminals are well aware of the importance of Recursive DNS servers. Unfortunately, they managed to use their vulnerabilities and initiate different malicious attacks. Some of the DNS resolvers are public, which makes them an easy target. Attackers often use DNS spoofing attacks or execute DDoS attacks in order to shut the servers down directly.

• Recursive DNS servers and the amplified attacks

DNS Amplified Attacks are a very common threat on the Internet. They exploit the public Recursive DNS servers to generate high traffic and to damage the target.

• Public (Open) recursive DNS

To leave your Recursive DNS server public is dangerous. Such devices are with minimum security and visible IP address. This means that anyone, including cyber-criminal, can easily access it and later use it as a botnet device to amplify their next attack.
Many of the network administrators don’t know their recursive servers are open, and this can lead to severe problems. If you doubt about your DNS server, you can check it on this page: http://openresolverproject.org

• Oversized packets

A threat that some of the attackers take advantage of is manipulating the query packets. They send multiple queries to recursive servers, but with a modified IP addresses, directing all of the generated traffic towards the victims. They use many servers, and if the traffic is high, they can crush the victims’ servers.

Can you have safe Recursive DNS servers?

Yes, it is possible to secure your servers. We recommend you to use our Private DNS servers. They are hidden from the public eye and still have all of the premium features like TTL management, Cloud domains, Secondary DNS, SOA Settings and Hourly statistics
You don’t need to get all of them. You can strategically choose just a few of them where you most need them.

Conclusion 

The Recursive DNS servers are a fundamental component of the global network Internet and the DNS (Domain Name System). The role they play in the DNS resolution process is significant. DNS resolvers simplify and manage to balance the load of numerous DNS requests daily!

The post What is a Recursive DNS server? appeared first on ClouDNS Blog.