DNS records are data stored on DNS servers that define how to resolve human-readable domain names (such as www.example.com) into machine-readable IP addresses (like 192.0.2.1). This resolution process is a critical part of the normal functioning of the internet, as it allows us to access websites by entering easy-to-remember web addresses, rather than needing to remember complex IP addresses.
Why add DNS Records?
- User-Friendly - People typically find it easier to remember domain names like www.example.com, rather than IP addresses like 192.0.2.1. DNS records allow us to access websites using easy-to-remember domain names, rather than needing to remember complex IP addresses.
- Flexibility - If a website's IP address needs to change (for example, if the website moves to a new server), only the DNS record needs to be updated, not the domain name. This means users can continue to access the website using the same domain name, without needing to know the new IP address.
- Load Balancing and Redundancy - By using multiple A records, DNS can distribute traffic across multiple servers, thereby improving website availability and performance. If one server fails, DNS can automatically redirect users to other functioning servers.
- Security - Certain types of DNS records (such as CAA records and DNSSEC-related records) can enhance the security of a website, preventing cyber attacks and fraud.
What is the access sequence of common DNS records?
The access order of DNS records refers to the sequence in which various DNS record types are looked up during the domain name resolution process. Here are the detailed steps of the DNS record access order:
- User enters domain name: First, the user enters a domain name (e.g., www.example.com) in the browser.
- Query NS records: The DNS resolution process needs to find the authoritative DNS server responsible for managing the target domain. This can be achieved by querying the NS (Name Server) records on the root DNS server, top-level domain server, and authoritative DNS server.
- Query CNAME records: If the target domain is an alias (for example, mapping www.example.com to example.com), the CNAME (Canonical Name) record needs to be queried. After finding the CNAME record, the actual target domain's A or AAAA record needs to be queried.
- Query A or AAAA records: After finding the actual target domain, the A (IPv4 address) record or AAAA (IPv6 address) record needs to be queried. The result of the query is the IP address of the target website.
- Query MX records: If the target is to send an email, the MX (Mail Exchange) record needs to be queried. The MX record specifies the server responsible for handling email. After obtaining the MX record, the A or AAAA record of the mail server also needs to be queried to get its IP address.
- Query TXT records: In some cases, the TXT (Text) records may also need to be queried, such as for domain ownership verification, SPF (Sender Policy Framework) records, etc.
- Query PTR records: When performing a reverse DNS lookup (mapping an IP address back to a domain name), the PTR (Pointer) record needs to be queried.
It is important to note that the access order of DNS records depends on the specific query requirements. Different types of requests may involve different types of DNS records. For example, accessing a website mainly involves A, AAAA, and CNAME records, while sending an email involves MX records.
Other Types of DNS Records
Here are some of the less common DNS record types and their uses:
| Record Type | Description |
|---|---|
| SOA | "Start of Authority" record, contains information about the DNS zone, such as the primary DNS server and the contact information of the administrator. |
| PTR | "Pointer" record, used for reverse DNS lookups, mapping IP addresses back to domain names. |
| HINFO | "Host Information" record, contains information about the host's hardware and operating system. |
| RP | "Responsible Person" record, contains information about the domain administrator. |
| AFSDB | "Andrew File System Database" record, used for the database servers of the Andrew File System (AFS). |
| X25 | X.25 record, used to map domain names to X.25 addresses (an early packet-switching network protocol). |
| ISDN | "Integrated Services Digital Network" record, used to map domain names to ISDN addresses. |
| RT | "Route Through" record, used for routing to another network. |
| NSAP | "Network Service Access Point" record, used to map domain names to NSAP addresses (an address of the OSI network protocol). |
| DNAME | "Delegation Name" record, used to redirect a domain name and all its subdomains to another domain name. |
| LOC | "Location" record, contains information about the geographical location of the host. |
| NAPTR | "Naming Authority Pointer" record, used for dynamic redirection and protocols such as SIP (Session Initiation Protocol). |
| CERT | "Certificate" record, used to store PGP, PKIX, or SPKI certificates. |
| DHCID | "DHCP Identifier" record, used for DHCP servers. |
| SPF | "Sender Policy Framework" record, used to prevent email fraud. |
| SSHFP | "SSH Public Key Fingerprint" record, used for SSH connections. |
| IPSECKEY | "IPsec Key" record, used for IPsec VPN connections. |
| DNSKEY, RRSIG, NSEC, DS | These records are used for DNSSEC, a protocol that enhances DNS security. |
EdgeOne Domain Name Resolution
Although businesses may have the option to manage DNS themselves, choosing a professional DNS service provider like EdgeOne can bring a higher level of reliability, performance, and security, while significantly reducing management pressure. EdgeOne provides a comprehensive domain name resolution service, including modifying DNS servers, bulk importing DNS record configurations, and individually configuring records through page operations. For example, as shown in the figure below, you only need to click the "Add record" button, fill in the record type and configuration content you want to add, and it will take effect immediately after saving. This simple and direct operation method makes DNS management much more relaxed and convenient.
At the same time, EdgeOne also has the capability of DNS Security Extensions(DNSSEC). Enabling DNSSEC can effectively prevent attacks such as DNS spoofing and cache poisoning. It ensures the authenticity and integrity of DNS response messages through digital signatures, protecting users from being redirected to unexpected addresses, thereby enhancing user trust in the Internet and protecting your core business. If you wish to enhance the security of your site's resolution to prevent hijacking and tampering, it is recommended to enable this configuration.
Conclusion
Tencent EdgeOne is a globally distributed Application Delivery Network (ADN), supported by Tencent's extensive infrastructure. It accelerates the delivery of global enterprise applications through intelligent DNS routing, global load balancing, and a user-friendly DNS management interface. If you have any questions or need assistance, our support team is always ready to help. Please feel free to contact us.