What are DNS records and DNS server?
We open websites by their name or domain name. For example vk.ru , yandex.ru , gosuslugi.ru and so on. But servers on the Internet have their own digital address, we call IP. Each domain can be located on different servers. Accordingly, one site may have several different IP addresses. Since your Internet browser understands which server you need to access to open the site vk.com ? This is what the Domain Name Server or DNS service is for.
When you open any link in the browser, the following sequence of actions occurs:
- A browser, such as firefox, yandex browser or chrome, makes a request to the DNS server.
- The DNS server returns 1 or more IP addresses for a given domain. For example for gosuslugi.ru 213.59.253.7, 213.59.254.7 will be returned.
- The browser makes a request to the server at one of the received addresses.
- The browser receives the requested page in response.
When sending a letter, the same process occurs, only instead of the site address, the mail program requests the address of the mail server from the DNS server.
A more interesting process occurs when a letter is received. To receive emails, you need as many as 3 DNS records! Here’s how it happens:
- The mail server receives an email.
- An SPF record is requested, which indicates which servers can send emails on behalf of the sender.
- If the email came from an unauthorized source, then the DMARK record is requested. It contains the email address of the domain administrator to which you want to send notifications about an unsanctioned sender.
- If the email came from an authorized server, the DKIM record is requested. It is a crypto key for decrypting the signature of an email. If verification is successful, the email is sent to the recipient. If not, then either the email ends up in the spam folder, or it is deleted altogether.
As you can see, each DNS record is designed to perform its own function. Next, we will talk in detail about each of them.
Types of DNS records
There are dozens of types of such records in total, but you will need only 7 of them. Their key task is to open access to your server and ensure that emails are delivered. There are also DNS records to improve security, build network infrastructure and specific technologies.
A and AAAAA
This type of record is intended for matching the text name of the site and the IP address of the server. Moreover, it may also be the address of the mail server. For example mail.yandex.ru — Yandex mail server.
There are IPv4 and IPv6 addresses. They look like 127.43.23.123 and 3f5e:1900:fe21:4545:645f:120d:e34a:4097. A and AAAAA records are responsible for them, respectively.
A site can have several IP addresses, each of which belongs to a separate server. Servers can be located in the same city, but in different data centers. Thus, if an accident occurs in one data center, you can redirect all users to the backup data center simply by configuring the DNS service. For international sites, the DNS service is configured in such a way as to give out the IP of the server that is located closest to the user. Thus, youtube users in Russia receive the address of the Russian server.
NS record
This type of record is needed to specify your name servers. They contain all the logic of the DNS service. That is, it is in them that you will create, edit and delete DNS records.
As a rule, when registering a domain name, you are given free NS servers. Thanks to this, you can add, edit and delete all DNS records directly from the web interface of your domain name registrar.
MX record
The MX record specifies the domain of the mail server. Most often this is your main domain with the prefix mail or mx. For example mx.yandex.ru. When you send an email, your email client requests this entry. Step by step it happens like this:
- You send the pi to the address. support@yandex.ru
- The mail client requests an MX record mx.yandex.ru.
- Then requests A or AAAA records for the mx domain.yandex.ru gets IPv4 77.88.21.249 or IPv6 2a02:6b8::311 server address.
- The mail client connects via IP and sends an email using the SMTP protocol.
SPF record
This type of record contains a list of trusted servers that are allowed to send emails from domain names. Simply put, servers that are allowed to specify an email with your website address as the sender, for example admin@vash-sait.ru . These records have a specific format that resembles a code or cipher. Here are some examples of such records:
| Record | Description |
|---|---|
| v=spf1 a ~all | Sending emails is allowed only from servers for which A and AAAA records are specified. |
| v=spf1 mx ~all | Only the mail server specified in the MX record is allowed to send emails. |
| v=spf1 a mx ~all | Sending from both sources is allowed. |
| v=spf1 a mx -all | The same as the previous entry, only incoming emails from unauthorized sources will be rejected, instead of getting into spam. |
Despite the fact that SPF recording has rich fine-tuning capabilities, for 99% of sites it will be enough to use one of the above examples.
DMARK entry
This entry contains the email address of the site administrator. They send messages about attempts by intruders to send emails on your behalf. You can also configure that email delivery reports are sent to you. Large mail services like mail.ru , yandex.ru , google.com They will send you an XML file every day with a report on delivered emails or on the presence of problems during delivery. This DNS record is mandatory. Without it, email services and email clients will, at best, place your emails in spam.
DKIM entry
When you send a letter, your server signs the letter with a special cryptographic key. The receiving server needs to decrypt this signature. The key to decrypt it is contained in the DKIM record. The use of a cryptographic signature is mandatory, otherwise the letters will end up in spam or not at all. To generate DKIM, study the documentation of your email server. You can check the correctness of the settings through online services https://mxtoolbox.com/deliverability and [https://www.mail-tester.com /](https://www.mail-tester.com /).
PTR, rDNS or reverse DNS record
This entry helps to match the IP address and domain of the site. It is similar to the A and AAAA entries, only it acts the other way around. This entry is highly desirable, as it increases confidence in the sender of the letters. You can configure it in the hosting panel of your VPS server.
Other record types
At the moment there are 48 types of DNS records. Each of them is described by a separate standard the size of a small book. But you will have enough information from this article and 7 entries. How DNS records affect mail and mail deliverability
Without SPF, DMARK, or DKIM records, emails will end up in spam. If you use your own mail server, and not a common one like yandex, mail, google, etc., then you need to configure DKIM encryption yourself and check whether emails are signed correctly in special services. We also recommend setting up an rDNS record to increase trust.
Where to add, edit, delete
For any record you need to specify 4 fields:
- Type — letter type. For example, MX, DMARC, AAAA.
- Host — the subdomain or main domain to which the entry will relate. You can use the special character *, which means any sequence of characters. For example, for the host *.example.com match the domain www.example.com , dev.example.com , cabinet. example.com etc.
- TTL is the DNS record update time in seconds. It doesn’t affect much, since most often DNS servers update records according to their personal settings. But it is better to specify 3600.
- The value is directly the value of the record.
DNS records are specified on NS servers. As a rule, for convenience, they are provided by the domain registrar.
Here are examples of setting up DNS servers of popular domain registrars:
After updating or adding an entry, you need to wait 4 hours for the changes to apply.
Services for online verification of settings
There are 2 ways to check the correct configuration of the above DNS records:
- Check whether your site opens in the browser. So you will check A record.
- To check the AAAA record for an IPv6 address, use the service https://dnschecker.org/ipv6-compatibility-checker.php.
- To check MX, SPF, DKIM, DMARK, use the services https://mxtoolbox.com/deliverability and [https://www.mail-tester.com /](https://www.mail-tester.com /).
- To check PTR, rDNS or reverse DNS records, use the service https://dnschecker.org/reverse-dns.php .