DNS explanation

DNS or Domain Name System is the backbone of the internet. It connects all the users to the content they need. That means it is a directory service which converts human-readable domain names into numerical IP addresses. It is a constant exchange of information, but sometimes the DNS fails and this causes downtime. A blackout period that can be evaded by using a Backup DNS.

Backup DNS

Backup DNS, also known as Secondary DNS or alternative DNS is a system of one or more DNS servers, who have a copy of the zone data (DNS records) of the Master (Primary) DNS server. It adds resilience, reducing the outage periods by answering requests even if the Master is down.

Backup DNS services provide an additional measure of insurance against service outages. They allow a website to remain up and running even if the primary DNS fails, often by serving DNS requests from a different location. Additionally, backups may use the same protocols as primary servers, or be hosted in distributed cloud networks, which increases reliability and performance. 

How does it work?

Backup DNS works through a few simple steps. Here are they:

1. First, when a user requests a website or application, the DNS query is sent to the primary DNS server. 
2. The primary DNS server then resolves the domain name to the corresponding IP address. But if the master DNS server is down, the request is rerouted to the backup DNS server. 
3. Then, the backup server resolves the domain name and returns the IP address to the requesting device, allowing access to the website or application.

Benefits of Backup DNS

Backup DNS is an essential part of any website or application infrastructure. The primary benefit of having it is improved website or application availability in the event of any primary DNS service failure. Your website or application will remain up and running even if the primary DNS fails, by redirecting users to a different DNS server. 

With a robust Backup DNS service, businesses are better protected from malicious attacks such as Distributed Denial of Service (DDoS) attacks. In addition, for even better safety from these types of cyber threats, there are DDoS Protected DNS services that add another layer of protection.

Backup DNS services can also provide faster DNS lookup times, improved representation of your website or application by serving identical content around the globe, and seamless switching in case of server outages. 

Another benefit lies in its scalability. It is designed to scale with any increase in traffic, both in terms of the number of queries handled and the size of the DNS database. As your website or application grows, Backup DNS can help ensure that you don’t lose any traffic simply due to lack of capacity. Additionally, this services often come with built-in features such as failover capabilities, Anycast DNS, and more, which can all improve the overall performance and reliability of your website or application.

What is the worst that can happen? Dyn DNS attack of 2016

Just ask the Dyn DNS users who were victims of the massive DDoS attack of 2016. Many well-known websites and services were affected: Airbnb, Amazon, Twitter, BBC, CNN, Etsy, Github, PayPal, Spotify, and more. Their users were left without service for quite some time. The attackers created a massive amount of traffic that caused the victim’s system to get stuck and eventually crashed. They did that by using an enormous amount of botnets IoT devices (internet of things). There are plenty of connected devices with low protection that can be easily hijacked. The number of such IoT devices is rapidly growing, but their security level is not improving. This means we will have plenty of similar DDoS attacks in the future.

Who needs Backup DNS?

Backup DNS is beneficial for any organization whose website or application is critical to their success, as it adds an extra layer of protection and reliability. 

It is particularly important for businesses that serve large amounts of online traffic, such as online retail, media, etc. This is because having a reliable Backup DNS prevents disruption of service and lost revenue. 

Additionally, businesses that are subject to malicious attacks, such as governments. banks, healthcare institutions, also benefit from Backup DNS services, as these services can help prevent attackers from overwhelming their primary DNS server.

Additionally, small businesses that are just starting out and may not have the budget of large companies also benefit from this backup service. Why? Because this service is at an affordable price and ClouDNS offers a 30 day free trial for no cost testing. Check out our Secondary DNS service! 

Ultimately, Backup DNS is an invaluable tool for organizations of any size.

Conclusion

If you have more DNS servers, working together on a grid, the traffic that comes from such a DDoS attack will distribute between them. Some of your servers may go down for a while, even your master DNS can go down, but thanks to the DNS backup, the rest will continue, and your clients won’t be left without a service.

The post What is Backup DNS? appeared first on ClouDNS Blog.

DNS zone is a delegated partition of the Domain namespace, container of DNS settings and DNS records inside a DNS zone file. The DNS records point domain names to IP addresses, show information about services, serve for verification and authentication purposes and more. 

The DNS namespace can have single or multiple DNS zones, each managed by a particular DNS host/service. It has a hierarchy structure where the top is the root level, followed by the top-level domain, domain, subdomain, etc. This division helps for administrative purposes. It decentralizes the DNS, making it possible to be managed on different levels, and also reduces the tasks of nameservers by dividing their responsibilities. It is like an enormous pie. Each piece of it allows better separation of the administrative load and helps with redundancy.

There are three types of DNS zones – Primary (Master) DNS zone for control, Secondary (Slave) DNS zone for redundancy and better performance and Reverse DNS zone for network troubleshooting and for email servers IP to validation.
 
The first contains all the original DNS records, and the second gets them from the Primary DNS zone. The process is called DNS zone transfer. The Primary DNS server could push it, or the secondary can get the changes when its cache expires. 

Don’t directly associate a DNS zone with a specific domain. A Domain Name System zone may contain single or multiple host names for the same domain; the important thing is that it is used for controlling a fraction of the namespace. DNS zones can be on the same servers too.

We also recommend that you read “What is Authoritative DNS server?“

Different types of DNS zones

There are different types of DNS zones, but in this article, we will set our eyes on just two:

• Primary (Master) DNS zone – holder of the original zone file (all the DNS records for the zone). You can manage a host through this zone.
• Secondary (Slave) DNS zone – holds a copy of the Domain Name System file. You can use them for better performance, for hiding your Primary, for backup and redundancy.
• Reverse DNS zone (rDNS) – Responsible for mapping IP addresses back to their associated domain names. This is the opposite of what a typical (forward lookup) DNS query does.

Primary DNS zone

Primary (Master) zones contain a read/write copy of the zone data. There could be only one Master zone on one DNS server at a time. All the DNS records added manually or automatically, are written in this Primary zone of the DNS server.
The data is stored in a standard text file – .txt. The advantage is that it is easy to back it up and to recover in case of problems.
Something essential is that to be able to make changes to the Domain Name System zone, the Primary zone must be available. If the server with your Primary DNS is down, you won’t be able to make any changes.
If you want to have redundancy, you must have the zone data accessible on multiple servers.

If you want to learn how to create a Primary zone in ClouDNS, check the following step-by-step tutorial:

• Click on the sign-in button and enter your email address and your password. Once you have logged in, you will see your Dashboard. From the list, you will notice that you do not have any registered DNS zones. 
• Click on the “Add new” button. In the pop-up window, click on “Master zone”. You can create your Domain Name System zone with the NS records you want. However, we recommend you to use the suggested ones.

If you want to check your domain’s NS records, we recommend you take a look at the second command from our article: 10 Most used Dig commands

• In the text field, enter your domain name without HTTP, HTTPS, or WWW. Example: yourdomain.com. Once you do it, click on the “CREATE” button.

You have successfully created your Primary (Master) zone. From the top menu, you will be able to manage your Master DNS zone with all of the available options. Here you will see all the DNS records you can create and use for your needs. From the list, you can see your hostname, the type of the record, where they are pointed to, and what the TTL is.

You can also check our wiki page about Master DNS zone.

Premium Primary DNS hosting - Try for free

Secondary DNS zone

The Secondary DNS zone is a read-only copy of the zone data. Most of the times Secondary (Slave)  zones are copies of Master zones. They can also be copies of other Slave zones or Active Directory Zones.
If you try to change a DNS record on a Secondary zone, it can redirect you to another zone with read/write access. By itself, it can’t change it.
One of the primary purposes of a Slave zone is to serve as a backup. When the Primary zone is down, it can still answer requests for the zone from its copy.

Check the following step-by-step tutorial to learn how to create a Secondary (Slave) Zone in ClouDNS.

1. Click on the sign-in button and enter your email address and your password.
2. Once you have logged in, you will see your Dashboard. From the list, you will notice that you do not have any registered DNS. 
3. Click on the “Add new” button and then click on “Slave/Backup zone” 
4. In the first field, enter your domain name without HTTP, HTTPS, or WWW. Example: yourdomain.com. In the second field, on the right, add the IP address of your Master Server. Once you do it, click on the “Add Slave” button.

You have successfully created your Secondary (Slave) zone. From the top menu, you will see the available options for your Slave Zone. Here is also the IP address of your Primary Server. 

If you want to use Secondary DNS zones, you can also review our Secondary DNS page, and decide which of our premium plans is right for you.

Now you know what a DNS zone is and the difference between these two types – Primary DNS zone and Secondary DNS zone. For any additional questions about your DNS infrastructure, you can contact our customer support.

Reverse DNS zone

A reverse DNS (rDNS) zone is a DNS zone established for the purpose of resolving IP addresses into domain names. While a standard (forward) DNS query resolves a domain name into an IP address, an rDNS or reverse DNS query does the opposite, mapping an IP address back to its associated domain name.

The Reverse DNS zone encompasses two types: Master and Slave. The Slave Reverse DNS zone acts as a safeguard, maintaining a read-only copy of the reverse DNS records while remaining in sync with the Master zone to distribute load efficiently. In contrast, the Master Reverse DNS zone is the authoritative source that houses the original mappings of IP addresses to domain names. All modifications and updates to these records are made in the Master zone. For guidance on setting up Master Reverse DNS zones, refer to the following instructions.

The utility of rDNS zones can be seen in several areas:

• Network troubleshooting: rDNS is useful for diagnosing network routing problems and pinning down the source of network attacks. By using reverse DNS lookup, network administrators can identify the hostnames associated with IP addresses appearing in log files.
• Email Verification: The SMTP protocol used for email has a step where the recipient’s mail server checks the sender’s IP address in a reverse DNS lookup. This can be used as a simple way to verify the legitimacy of the email sender and helps in spam prevention.
• For Certain Internet Services: Some Internet services, such as FTP servers, often use reverse DNS lookups as part of their control strategies.

Suggested article: FTP vs HTTP: Understanding the Key Differences

In DNS, each octet (unit) of the IP address is reversed and placed in the in-addr.arpa (for IPv4) or ip6.arpa (for IPv6) domain. For example, the IP address 192.0.2.0 is represented in a reverse DNS zone as 0.2.0.192.in-addr.arpa. The PTR (pointer) record is then used to map this to a domain.

DNS Zone VS. Domain

In the domain namespace, the biggest difference between the domains and zones is that domains provide logical structure, and the zones provide an administrative structure. 

A domain is a subtree of the domain namespace. It shares its name with that of the top-most node, like yoursite.eu (eu domain). It could be divided into various zones that can be controlled separately.

A zone is a partition of the domain namespace that requires a Primary nameserver and can be managed separately. A zone can coincide with the domain and covers all of its subdomains, or it could be just a partition of the domain. You could have separate zones for mail.yoursite.com and ftp.yoursite.com for your domain yoursite.com.

DNS Zone Delegation

DNS zone delegation is the process of assigning authority over a specific portion of a domain’s namespace to a different DNS server. This is typically done by the owner of the primary domain when they want to delegate control over a subdomain to another party or server. The delegation is accomplished by adding NS (Name Server) records to the parent zone, pointing to the DNS servers that will manage the delegated subzone. This allows the parent zone to direct queries for the subdomain to the appropriate authoritative DNS servers, ensuring efficient and accurate resolution of DNS queries within the delegated zone.

For example, a large organization might manage a primary domain like example.com and have various subdomains such as hr.example.com, blog.example.com, and dev.example.com. By delegating these subdomains to different DNS servers, the organization can optimize its DNS management, ensuring faster query resolution and greater overall stability. 

Conclusion

In conclusion, DNS zones are the building blocks of the Domain Name System, enabling efficient management of DNS records and administrative responsibilities. They play a vital role in ensuring the reliability and accessibility of online services by facilitating proper domain-to-IP address mappings.

Premium Secondary DNS hosting - Try for free

The post What is a DNS zone? Primary and Secondary DNS zone and how to create it appeared first on ClouDNS Blog.

DNS Failover

When you have a DNS, your clients can reach your site through from different locations by connecting to the closest Point of presence (PoP). This point can be down for some reason – maintenance, overload, hardware problems, etc. The client who try to connect to this PoP when it is down, can’t access your site.

Your IT staff can change the A or AAAA record to another IP manually, but first, they need to get notified that the PoP is down and later to take actions.

Having a DNS Failover activated will save a lot of troubles. It is a feature, available on all our DNS plans except the free one. ClouDNS DNS Failover provides you the security that your website will be up during network outage by redirecting the traffic to one of the 5 backup IPs that you can define in the settings. Even in a situation where more than 1 PoP is down, your website will stay live. The DNS Failover provides different monitoring options using DNS, UDP, TCP, HTTP(S), and ICMP Ping requests. The DNS Failover monitoring happens every minute, far more often than most of our competitors.

Suggested page: What is HTTP/HTTPS monitoring?

You can set up when exactly, the system must take action. Automate the process and don’t worry anymore about the downtime.

If you want to see the full list of actions and the setting you can put for it, you can check DNS Failover and Monitoring Documentation.

Conclusion:

The failover will keep your website up. It will guarantee that all your clients, no matter where they are, will be able to visit your site even if a few of your PoP are down. This means no problems for you, more potential sales and better customer satisfaction level. If you have a paid DNS plan form ClouDNS, you can set it up from your control panel. If you don’t have, check out our DNS Failover.
We hope this article was useful to you and you never ever have network problems!

The post DNS Failover, the backup that keeps your site online appeared first on ClouDNS Blog.