DNS record types

[[400276]]

This article is reprinted from the WeChat public account "Xiaocai Learns Programming", written by fasionchan. Please contact Xiaocai Learns Programming public account for reprinting this article.

After the previous study, we have initially grasped the basic principles of the domain name system.

We know that a domain name can be associated with a specified IP address, thus acting as an alias for the IP address. When we access network services through domain names, the domain name system will help us resolve the domain name into the corresponding IP address.

So, can domain names only be associated with IP addresses? Actually, not really. In addition to IP addresses, domain names can also be associated with other types of information.

In fact, a domain name and the information associated with it constitute a DNS record. A DNS record can be understood as a key-value pair:

• key: domain name;
• value: the value associated with the domain name;

In addition to IP addresses, DNS record values ​​can also be IPv6 addresses, aliases, text, etc. Based on this, DNS records can be divided into several different types, including:

• A, host IP address;
• AAAA , host IPv6 address;
• ALIAS , automatically resolved alias ( alias );
• CNAME, the canonical name of the alias;
• MX, mail exchange server (Mail eXchange);
• NS, domain name server (name server);
• TXT, description text;

The record type is the type of the problem record and resource record in the DNS message.

A Record

A record, which represents the IP address of a host, is the most common type of DNS record.

 root@netbox [ ~ ] ➜ dig test.fasionchan.com 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> test.fasionchan.com
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49579
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
 
 ;; QUESTION SECTION :
 ;test.fasionchan.com. IN A 
 
 ;; ANSWER SECTION :
 test.fasionchan.com. 752 IN A 10.0.0.1 
 
 ;; Query time : 71 msec
 ;; SERVER: 192.168.65.1#53(192.168.65.1)
 ;; WHEN : Mon Apr 26 17:22:16 CST 2021
 ;; MSG SIZE rcvd: 53

AAAA Record

AAAA record, which indicates the IPv6 address of a host, is similar to A record. The length of an IP address is 4 bytes, while the length of an IPv6 address is 16 bytes, which is the origin of the AAAA record. With the deployment of IPv6, AAAA records are becoming more commonly used.

The dig command queries A records by default. If you want to query AAAA records, you must specify it through command line parameters:

 root@netbox [ ~ ] ➜ dig t-aaaa.fasionchan.com AAAA 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> t-aaaa.fasionchan.com AAAA
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5088
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
 
 ;; QUESTION SECTION :
 ;t-aaaa.fasionchan.com. IN AAAA 
 
 ;; ANSWER SECTION :
 t-aaaa.fasionchan.com. 752 IN AAAA ::1 
 
 ;; Query time : 50 msec
 ;; SERVER: 192.168.65.1#53(192.168.65.1)
 ;; WHEN : Mon Apr 26 17:37:10 CST 2021
 ;; MSG SIZE rcvd: 67

CNAME Record

CNAME record, which indicates the canonical name of an alias.

A domain name can be aliased. For example, webserver.fasionchan.com can be aliased, such as network.fasionchan.com. In this way, we call the former the authoritative name of the latter, and the CNAME record stores the authoritative name.

When querying the alias network.fasionchan.com, if the DNS server returns a CNAME record, we need to further query the authoritative name to get the final result. Of course, most DNS cache servers will automatically do this for us.

So, why does a domain name need an alias? What are the typical application scenarios of CNAME records?

Suppose I have a web server with multiple sites deployed on it:

• My network column: network.fasionchan.com;
• My Linux column: linux.fasionchan.com;
• My Python column: python.fasionchan.com;

I can apply for a domain name webserver.fasionchan.com, point it to the web server through the A record; then configure CNAME records for several column domain names, pointing to webserver.fasionchan.com:

This has an advantage: if I adjust the web server and migrate it to another host, I only need to change the domain name webserver.fasionchan.com, and the other column domain names do not need to be adjusted.

My personal website fasionchan.com is deployed on Alibaba Cloud CDN, and the domain name is also pointed to an Alibaba Cloud domain name through a CNAME record. Otherwise, as long as Alibaba Cloud CDN is adjusted, I have to change the domain name! This will definitely be a nightmare!

MX Records

MX record, which stands for mail exchange service, that is, mail server. MX is the abbreviation of Mail eXchange.

Email can be said to be the earliest and most widely used application on the Internet. When we send an email, the client needs to find the address of the email server according to its email account and communicate with it through the SMTP protocol.

Each email vendor has its own domain name. By querying the MX record of the domain name, you can find the address of the email server. Take QQ mailbox as an example, its domain name is qq.com. We execute the dig command to query the MX record of qq.com:

 root@netbox [ ~ ] ➜ dig qq.com MX 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> qq.com MX
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49462
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4 
 
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4000
 ;; QUESTION SECTION :
 ;qq.com. IN MX 
 
 ;; ANSWER SECTION :
 qq.com. 1435 IN MX 20 mx2.qq.com.
 qq.com. 1435 IN MX 10 mx3.qq.com.
 qq.com. 1435 IN MX 30 mx1.qq.com. 
 
 ;; ADDITIONAL SECTION :
 mx3.qq.com. 463 IN A 113.96.208.206
 mx3.qq.com. 3 IN AAAA 240e:ff:f101:10::127
 mx1.qq.com. 2409 IN A 14.215.140.20 
 
 ;; Query time : 18 msec
 ;; SERVER: 10.2.66.66#53(10.2.66.66)
 ;; WHEN : Wed Apr 28 18:40:03 CST 2021
 ;; MSG SIZE rcvd: 155

It can be seen that QQ Mail has a total of 3 mail exchange services, namely:

• mx1.qq.com.
• mx2.qq.com.
• mx3.qq.com.

We can select one, for example, mx3.qq.com. Its IP address is 14.215.140.20. Connect to it through SMTP protocol, and after the authentication is completed, you can send and receive emails normally.

After reading this, you may have a question: Can't A record also be used to find the mail server based on the domain name?

Indeed, the A record is theoretically capable of doing this. However, in the early days of the Internet, email was a heavyweight application. It is not surprising that the pioneers of the Internet designed the MX record specifically for it.

In fact, Tencent has more than just QQ Mail, there is also Tencent.com. Since the mail service has its own MX record, Tencent.com can use the A record. In this way, both can use the same domain name qq.com:

When the browser accesses Tencent.com, it can query the A record of qq.com and get the server address. We can execute the dig command to simulate it:

 root@netbox [ ~ ] ➜ dig qq.com A 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> qq.com A
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46166
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 
 
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4000
 ;; QUESTION SECTION :
 ; qq.com.IN A 
 
 ;; ANSWER SECTION :
 qq.com. 193 IN A 203.205.254.157
 qq.com. 193 IN A 61.129.7.47
 qq.com. 193 IN A 183.3.226.35
 qq.com. 193 IN A 123.151.137.18 
 
 ;; Query time : 11 msec
 ;; SERVER: 10.2.66.66#53(10.2.66.66)
 ;; WHEN : Wed Apr 28 18:41:16 CST 2021
 ;; MSG SIZE rcvd: 99

NS Record

NS record stores the authoritative DNS server responsible for domain resolution, and the record value is the domain name of the DNS server.

Take my domain name fasionchan.com as an example. It is resolved on Tencent Cloud dnspod. After I register the domain name, I need to configure the NS record to point to the dnspod server. This NS record will eventually be synchronized to the .com top-level domain name server.

As a result, when the client initiates iterative resolution, the com domain name server knows that it should look for dnspod to query the domain name.

If I want to transfer my domain name to Alibaba Cloud for resolution, I only need to find my domain name registrar and modify the NS record to point to Alibaba Cloud's DNS server. Once everything is ready, I can manage my domain name on Alibaba Cloud.

I can also give the subdomain lumy.fasionchan.com to my friend Lumy, as long as I add the NS record for lumy.fasionchan.com on dnspod, pointing to the DNS server of Lumy's choice. After that, Lumy can manage the domain on his own DNS service.

When a client iteratively queries the subdomain lumy.fasionchan.com, dnspod will tell the client to query Lumy's DNS server based on the NS record (assuming that Lumy manages the subdomain on Alibaba Cloud):

It can be seen that NS records play a very important role in DNS iterative query. The upper-level DNS server finds the lower-level DNS server through the NS record until the domain name query is completed.

In theory, the root domain also needs NS records to point to the 13 root domain name servers in the world. Where are the NS records of the root domain maintained? Since the root server rarely changes, it can be specified through configuration. The client can query the root domain NS record, and the DNS cache server will answer according to its own configuration:

 root@netbox [ ~ ] ➜ dig . NS 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> . NS
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10652
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 4 
 
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4000
 ;; QUESTION SECTION :
 ;. IN NS 
 
 ;; ANSWER SECTION :
 . 1767 IN NS h.root-servers.net.
 . 1767 IN NS l.root-servers.net.
 . 1767 IN NS k.root-servers.net.
 . 1767 IN NS f.root-servers.net.
 . 1767 IN NS b.root-servers.net.
 . 1767 IN NS d.root-servers.net.
 . 1767 IN NS m.root-servers.net.
 . 1767 IN NS i.root-servers.net.
 . 1767 IN NS c.root-servers.net.
 . 1767 IN NS g.root-servers.net.
 . 1767 IN NS e.root-servers.net.
 . 1767 IN NS j.root-servers.net.
 . 1767 IN NS a.root-servers.net. 
 
 ;; ADDITIONAL SECTION :
 h.root-servers.net. 2926 IN A 198.97.190.53
 c.root-servers.net. 37 IN A 192.33.4.12
 a.root-servers.net. 2217 IN A 198.41.0.4 
 
 ;; Query time : 17 msec
 ;; SERVER: 10.2.66.66#53(10.2.66.66)
 ;; WHEN : Thu Apr 29 19:45:54 CST 2021
 ;; MSG SIZE rcvd: 300

TXT Record

TXT records are used to store some text information, which can be used as configuration, but is not very common. Let's take an example:

 root@netbox [ ~ ] ➜ dig t-txt.fasionchan.com TXT 
 
 ; <<>> DiG 9.16.1-Ubuntu <<>> t-txt.fasionchan.com TXT
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23557
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 
 
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4000
 ;; QUESTION SECTION :
 ;t-txt.fasionchan.com. IN TXT 
 
 ;; ANSWER SECTION :
 t-txt.fasionchan.com. 600 IN TXT "hello world"   
 
 ;; Query time : 55 msec
 ;; SERVER: 10.2.66.66#53(10.2.66.66)
 ;; WHEN : Wed Apr 28 18:04:24 CST 2021
 ;; MSG SIZE rcvd: 73

Many cloud platforms use TXT records to verify domain ownership: first let the domain owner configure a special TXT record, and then query the record to see if the result matches.