Welcome to Shaun Luttin's public notebook. It contains rough, practical notes. The guiding idea is that, despite what marketing tells us, there are no experts at anything. Sharing our half-baked ideas helps everyone. We're all just muddling thru. Find out more about our work at bigfont.ca.

Common DNS Records

Tags: dns, web-development

Wednesday, August 12, 2015 7:30:44 PM

CNAME Record

Canonical Name record

Specify a domain as an alias for an actual Canonical domain name.

If someone requests an alias, the DNS resolver will encounter the related CNAME record, and will then restart its query using the canonical name.

Example:

Key (Alias) Value (Canonical Name)
www.bigfont.ca bigfont1.azurewebsites.net

A Record (or AAAA)

Address record

Specify an IPv4 address for a domain name.

(An AAAA record does the same for IPv6.)

Example:

Key (Domain) Value (IP Address)
bigfont.ca 70.85.232.2

MX Record

Mail Exchanger record

Specify a mail server responsible for accepting email messages on behalf of a domain.

Key Value
bigfont.ca 8be46537a874bf4aadf6ca90d0ef82.pamx1.hotmail.com [10]

SRV Record

Service record

Specify the hostname and port number of servers for certain services.

TXT Record

Text record

Specify arbitrary human/machine-readable records.

The following common ones prevent email forgery.

SPF

Sender Policy Framework

Specify the authorized mail servers for a domain.

Example: “Use SPF version one, include the SPF policies from hotmail.com, and do a soft fail for everything that that policy does not match.”

Key (Domain) Value (SPF Policy)
bigfont.ca v=spf1 include:hotmail.com ~all

 

Example: “Use SPF version one, authorize senders whose IP matches either the A record or the MX record. Do a soft fail for the rest.”

Key (Domain) Value (SPF Policy)
ingridhauss.com v=spf1 a mx ~all

 

Meaning

  • v indicates the version of SPF to use
  • the remaining items specify mechanisms that determine authorized servers.

Common Mechanisms

  • a – match if the domain A record resolves to the sender’s address.
  • all – always match (useful for soft fails)
  • include – include the SPF policy from another domain.
  • mx – match if the domain MX record resolves to the sender’s address.

Common Qualifiers

  • ~ – perform a soft fail instead of a complete fail

DKIM

Domain Keys Identified Email

Specify a public key that must match the digital signature of the outgoing email from a domain.

DMARC

Domain-based Message Authentication, Reporting, and Conformance

Specify that emails from a domain are protected by SPF and/or DKIM. Also specify how to handle fraudulent emails.

FWD Record

This is NOT an actual DNS record. Rather, some domain name registrars use this as a more flexible CNAME record. CNAME records must point to a fully-qualified domain names (FQND) whereas Namespro.ca, for instance,  offers a FWD record that can point to other URIs.