Domain and DNS record types

In this article we'll explain domain and DNS record types, providing you with essential knowledge to navigate the online world with confidence. From understanding the fundamentals of domains and the role of the Domain Name System (DNS) to exploring different DNS record types like A, TXT, MX, and others. We'll also shed light on domain transfer and expiration processes, ensuring you're well-equipped to manage your online presence effectively. So, let's dive in together!

When you browse the internet, you often come across websites with unique names like www.example.com or blog.example.org. These names are known as domains, and they serve as an address for websites on the internet. Domains can have different extensions (endings), known as top-level domains (TLDs), such as .com, .org, .net, and many more. TLDs help categorize websites based on their purpose or origin.

A sub-domain is a prefix added to a main domain, creating a hierarchical structure. Examples include "subdomain.example.com". Sub-domains help organize websites or services under a main domain, allowing for separate sections with unique content and functionality. They provide flexibility and improve organization within a domain. Sub-domains operate independently but share the domain's reputation and resources. They enable efficient management and a clear hierarchy within the domain name.

Subdomains are used quite widely. For example, in WordPress, you can use them to split the multilingual content of your website, like fr.mywebsite.com and it.mywebsite.com, where the subdomains mean the language (or the region) of your website. Furthermore, with subdomains you can use the Multisite feature of WordPress to have several different websites under one 'roof'.

DNS stands for Domain Name System, and it is like a phone book for the internet. Just as a phone book translates phone numbers into names, DNS translates domain names into IP addresses. An IP address is a series of numbers that uniquely identifies each device connected to the internet. DNS ensures that when you type a domain name in your browser, it can find the correct IP address to establish a connection with the website you want to visit.

A DNS registrar is a company or organization that manages the registration of domain names. They act as an intermediary between you and the organization responsible for maintaining TLDs. When you want to register a domain, you need to go through a registrar. They help you check if the desired domain is available, register it in your name, and handle the administrative tasks associated with it.

When you're choosing a domain for your needs, you need to check its availability. For this goal, you can use any free whois service, that will show the state of the domain. E.g. you can use whois.com for this goal.

DNS hosting refers to the service that stores and manages your DNS records. Soon we'll learn more about these records, but overall, DNS records contain essential information about your domain, such as which IP addresses correspond to it, where to forward emails, and more. DNS hosting providers ensure that your DNS records are available to other DNS servers worldwide, allowing visitors to access your website using your domain name.

The key difference between a domain registrar and hosting lies in their roles. A domain registrar helps you secure and manage your domain name registration, while a DNS hosting provider takes care of your DNS records, directing visitors to the appropriate services associated with your domain. You can choose different companies for domain registration and DNS hosting, or some providers offer both services combined.

The most popular and affordable DNS provider nowadays is CloudFlare. It provides a DNS management panel for free to everybody. In addition, it offers a free CDN for your static assets, which is very important for website speed optimization.

DNS records contain specific instructions and information related to your domain. They tell DNS servers how to handle various aspects of your domain, such as website hosting, email delivery, and more. When you make changes to your DNS records, it may take some time, usually up to 72 hours, for these changes to propagate throughout the internet.

An A record (Address Record) connects your domain name to an IP address, allowing visitors to reach your website. For example, an A record might associate the "docs" subdomain with the IP address "192.0.2.1". This means that when someone types "docs.example.com" in their browser, they will be directed to the server with the IP address "192.0.2.1".

A TXT record (Text Record) allows you to add additional text information to your domain's DNS. It is often used for verification purposes or to provide important instructions to other services. For instance, you can use a TXT record to verify domain ownership for email services like Google Workspace or to configure email authentication mechanisms.

An MX record (Mail Exchanger Record) specifies which email server is responsible for receiving emails sent to your domain. When someone sends an email to your domain, the MX record helps route the message to the correct server. For example, an MX record might point to "mail.example.com" as the mail server for the domain "example.com."

A CNAME record (Canonical Name Record) allows you to create an alias for your domain or subdomain. It points a domain or subdomain to another domain name. It is useful when you want to associate multiple domain names with the same website. For example, a CNAME record could point "shop.example.com" to "www.example.com," so both addresses display the same content.

Pro tip: The '@' symbol in DNS records holds special significance. It represents the root domain or the main domain itself. When used in DNS records, it refers to the domain name without any subdomain prefix. For example, if your domain is example.com and you want to set an A record for the main domain, you would use '@' to indicate it.

Actually, there is no 'email' DNS record type itself. It's used to call 'email' some type of TXT record, that serves the email needs.

The first part of all 'email' TXT records contains the 'v' argument, which defines the type of the record, e.g. 'v=DMARC1;' or 'v=spf1;'.

An SPF record (Sender Policy Framework) specifies which servers are authorized to send emails on behalf of your domain. It helps prevent email spoofing and protects your domain reputation. An example SPF record might include a list of approved mail servers that can send emails for your domain, such as "v=spf1 ip4:192.0.2.0/24 include:mail.example.com -all"

Let's break down the SPF record "v=spf1 ip4:192.0.2.0/24 include:mail.example.com -all" to understand its components:

1. "v=spf1"
   This indicates that the record adheres to SPF version 1.
2. "ip4:192.0.2.0/24"
   This component specifies that the IP address range from 192.0.2.0 to 192.0.2.255 is authorized to send emails on behalf of the domain. It allows these specific IP addresses to pass the SPF check.
3. "include:mail.example.com"
   This part instructs SPF to include the SPF record from "mail.example.com" when evaluating the sender's email. It allows the authorized IP addresses listed in the included SPF record to send emails on behalf of the domain.
4. "-all"
   This is the SPF policy mechanism, which indicates that all other IP addresses not explicitly listed in the SPF record should fail the SPF check. It means that if an email is received from an unauthorized IP address, it should be treated as suspicious or potentially fraudulent.

A DKIM record (DomainKeys Identified Mail) adds a digital signature to outgoing emails from your domain. This signature helps email receivers verify that the email hasn't been modified during transit and that it genuinely originated from your domain. Implementing DKIM requires generating a public-private key pair and adding the public key as a DKIM record in your DNS.

Let's take a look at an example of a DKIM record and break it down into its components:

Example DKIM record: "v=DKIM1; t=s; p=MIG..."

Let's explain its parts:

1. "v=DKIM1"
   This signifies that the record adheres to the DKIM version 1 specification.
2. "t=s"
   The 't' argument in DNS TXT records allows you to specify policies. With 't=y', it indicates DomainKeys (DK) policies for email authentication. With 't=s', it indicates Sender ID policies.
3. "p=MIG..."
   This is the public key used for email verification. It is a long string of characters representing the cryptographic key.

DKIM policy: you may wonder about the difference between 'y' (DomainKeys) and 's' (Sender ID) options. We recommend not digging deeper into this topic, and always using the 's' option, which perfectly fits most cases.

A DMARC record (Domain-based Message Authentication, Reporting, and Conformance) enhances email authentication by specifying how email receivers should handle emails that fail SPF or DKIM checks. It allows you to define policies for dealing with suspicious emails, such as rejecting them or putting them in quarantine. A DMARC record includes information like the policy to apply, a contact email for reports, and alignment requirements.

Let's break down the DMARC record "v=DMARC1; p=reject" into its components:

1. "v=DMARC1"
   This indicates that the record adheres to DMARC version 1, the current version of the DMARC specification.
2. "p=reject"
   This component specifies the policy action to be taken if an email fails the DMARC authentication. In this case, "reject" indicates that any email that fails DMARC checks should be rejected by the receiving mail server. The email will not be delivered to the recipient's inbox. There is another option, 'none', which leads to ignoring the rule in case of fault. But we don't recommend using that option.

Email reports:

To specify the email address where DMARC reports should be sent, you can include the "rua" (aggregate reports) or "ruf" (forensic reports) tag in the DMARC record. Here's an example of how to specify the email address for DMARC reports: rua=mailto:[email protected]

In the above example, "rua" indicates the aggregate reports, and "mailto:[email protected]" specifies the email address where these reports should be sent. You can replace "[email protected]" with the desired email address to receive the DMARC aggregate reports.

It’s useful to know about this option but it isn’t worth using it in a real world scenario, as it will fill your mailbox with useless notification emails

A PTR record (Pointer Record) is used in reverse DNS lookups to associate an IP address with a domain name. It enables email servers to verify the identity of the sender's domain. While it is not directly related to email delivery, having a correctly configured PTR record can improve email deliverability and reduce the likelihood of being flagged as spam.

Unlike other records, you setup the PTR record on your hosting side. And some hostings call this record in other ways, e.g. Hetzner calls it rDNS, which means reverseDNS.

You can amend DNS records in the panel of your DNS registrar or DNS hosting vendor. Overall, the process is quite simple. Below we added a video, that shows the MX record change in CloudFlare, but actually, the process is the same for all the record types.

To check the current values of DNS records for any domain you can use special services, e.g. mxtoolbox. These services of course won't let you amend the record values, as you must do this in your DNS control panel. But the services are very useful to see which current value is already applied.

Because as you should remember, DNS changes may take up to 72h to propagate throughout the internet. So these tools allow us to see which are already applied, and which have not yet.

PTR lookup

SPF lookup

DKIM lookup

DMARC lookup

If you decide to move your domain from one registrar to another, you can initiate a domain transfer. The process typically involves obtaining an authorization code (usually called Auth/EPP code) from your current registrar, unlocking your domain, and initiating the transfer with the new registrar. Transfers can take several days to complete, and it's essential to ensure your domain is not locked or nearing expiration during the process.

As you should remember, domain registrar and DNS hosting can be split between 2 different services. It means that you can keep your current domain registrar, but move only DNS hosting to another one. E.g. CloudFlare requires moving DNS hosting to their side, to implement the free CDN for your files.

Unlike the domain transfer, the DNS hosting transfer doesn't require getting an authorization code and needs only changing of Name Server settings of your current registrar. Which is usually available through the web interface of your DNS registrar.

You purchase a domain for a fixed period of time, usually 1 year. If you prolong it, then the domain stays yours for another year. But what happens if you've forgotten to prolong?

When a domain reaches its expiration date, several stages come into play. Initially, it enters a Renew Grace Period, during which you can still renew the domain without additional fees. If you fail to renew during this grace period, the domain enters a Redemption Period, during which a higher fee is required to restore it. After the redemption period, the domain may become available for others to register.

Tip: It's very important to keep your domain subscription current. All registrars have automatic email reminders about the expiration date getting closer. But if you've missed the expiry date, then don't worry, you still have up to one month to get the domain back. Just reach out to your registrar support.

Understanding domain and DNS record types is crucial for managing your online presence effectively. Domains serve as the address for your website, while DNS records guide internet traffic to the correct destinations. Different DNS record types, such as A, TXT, MX, CNAME, SPF, DKIM, DMARC, and PTR, provide specific instructions for web hosting, email delivery, and authentication. By grasping the fundamentals of domain management and DNS records, you can navigate the online world with confidence and ensure a smooth experience for your visitors and email recipients.