DNS records and DNS management – an overview
Arthur C. Clarke’s third law of prediction states that “Any sufficiently advanced technology is indistinguishable from magic” – a fair description of the elation you feel when after hours of stumbling around in the dark you finally fluke the right DNS configuration change and BAM! – your blog, website, mail server or load balancer suddenly springs into life. Well, that’s true for me anyway!
DNS (or the Domain Name System) can be a complicated beastie if you’re not working with it day in and day out; it is however an essential building block that makes the Internet possible and if you have ever tried to get a website online you’ll have had to muck about with DNS records at some point in your life (and probably will again!).
The role of DNS is to translate (or resolve) people-friendly “hostnames” such as anchor.com.au into computer-friendly IP addresses such as 188.8.131.52 (the existing IPv4 system) or 2001:0cb8:85a3:0000:0000:8a2e:0370:7334 (Wow eh? The new IPv6 system).
We often get questions about DNS here at Anchor so I thought I’d put together a little primer that should be useful for people who have to delve into the deep, dark world of DNS from time-to-time.
Once you’ve registered a domain name (such as mynewbusiness.com.au) the company through whom you’ve registered it will usually host your domain name on a couple of DNS servers and provide a website login where you can carry out basic DNS management – such as updating your “A” (web address) and “MX” (mail exchange) records to ensure that people who visit your website and send you email are all routed to the correct servers.
Anchor’s control panel provides simple DNS management if you’ve registered your domain name through us.
If you have more sophisticated requirements (such as DNS-based Malware & Botnet protection, DNS failover & load balancing, geographic load balancing, backup MX, dynamic DNS, monitoring & email alerts, API access, etc) then you should look at moving to a specialised DNS service such as one of these:
These DNS services offer some very useful features. Most interesting is DNS load-balancing and failover.
A DNS failover service will monitor your primary website and should it go down automatically update its DNS records to send traffic to an IP address associated with your second web server – perhaps located in a different data centre or Cloud Availability Zone. Alternatively, traffic can be load-balanced across multiple IP addresses (web servers), automatically removing any web server IPs from DNS that are down or un-responsive. A short TTL (time to live) on the DNS records will ensure traffic is diverted in less than 1 minute.
It is a very simple matter to configure DNS failover between two or more virtual servers (ideally located in different data centres). With very little time outlay and at very little cost you can dramatically improved the uptime of your website or application.
Using DNS to run multiple websites on a single IP address
One of the more common DNS configuration challenges relates to virtual hosting. Virtual hosting allows you to use multiple domain names each pointing to unique web sites that are hosted on a single server – all using a single IP address. Given the shortage of IPv4 addresses these days, using name-based virtual hosts is a very cost effective way to host multiple web sites on a single server!
It is pretty simple to set up from your DNS control panel; you’d just keep adding zones and re-entering the same IP address. But to make this work on your virtual server, your web server itself needs to be configured to use the ‘host’ header to route visitors to the different domains to different web instances. Anchor do this sort of thing as standard under our Anchor Complete support pack. If you’d like to have a crack yourself, here are some guides that may help!
Name-based virtual host support:
If you are using Apache – click here (http://httpd.apache.org/docs/current/vhosts/name-based.html)
If you are using Microsoft IIS – click here (http://technet.microsoft.com/en-us/library/cc753195%28v=ws.10%29.aspx)
What if your sites are secured with SSL?
You can use a single SSL certificate to host multiple websites on a single Public IP address too – this time using SSL Host Headers:
Microsoft IIS 7 – click here (http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html)
Apache / IIS 6 – click here (http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html)
And if you want to host multiple sites using different SSL certificates on the same IP address?
A modification to the SSL protocol called Server Name Indication (http://en.wikipedia.org/wiki/Server_Name_Indication) allows the domain name to be passed as part of the TLS negotiation allowing the server to use the correct certificate even if there are many different sites using different certificates on the same public IP address and port. If you’re feeling adventurous you can try using different certificates on the same IP address with Apache using one of these tutorials:
Tutorial 1 (http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch)
Tutorial 2 (http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/)
Summary of DNS records:
- “A” record. An address record ties a domain name to an IP address. If there is a server on the Internet configured to handle web traffic for this domain, you can enter the name of the domain and the IP address of the server and almost immediately, anyone surfing to that domain will connect to the correct server.
- “AAAA” record. Whereas an “A” record is used for IPv4 addresses, an “AAAA” record ties a domain name to an IPv6 address in the same manner.
- “CNAME” Canonical Name records create an alias from one domain name to another. For example, you can specify that someone who visited apple.mygreatnewbusiness.com.au would be directed to www.apple.com
- “MX” Mail Exchange records are used to specify the address of an email server to be used for your domain name.
- “NS” Name Server records identify an authoritative DNS server for a specific zone.
- “SRV” Service Locator records are general records that can be used in a generic fashion rather than creating protocol-specific records such as MX.
- A WebForward creates a hidden “A” record pointing to a web server run by your DNS host. When the web server gets a request for your site, it forwards the visitor to a URL that you’ve specified.
- Cloaking is a special kind of WebForward. It operates exactly the same way but adds a special feature – an invisible frame is used to hide the destination URL and your domain name stays in the location bar of the web browser, thus “cloaking” the destination URL.
- A MailForward creates a hidden “MX” record pointing to a mail server run by your DNS host. When the mail server gets an email on your behalf, it forwards it to an address that you’ve specified.
I hope this helps! For further reading on DNS there is a good write up here – http://www.howstuffworks.com/dns.htm