Category: DNS

Basic DNS terms you should know.

If you own or plan to start an online business, congrats! You got an ambitious and exciting mission that only the bravest and smartest can comply with. But, to make it, there’s an inevitable step: you must conquer the DNS world first! 

Start your ninja training now, understanding some of its basic DNS terms.

Domain Name System (DNS).

The first on the list of our DNS terms, of course is the Domain Name System. It is the great solution to make the use of the Internet as easy as it’s now. It’s a very helpful database that translates domain names into their corresponding IP addresses to be found and loaded.

Before finding a host was done through its IP address, a numerical string like 185.160.1.1 (IPv4) or 1580:cb11:2045:1::c530:d6a1 (IPv6). 

Numbers are great and easy for machines to communicate and execute their processes, but this was not too simple for humans. Imagine memorizing the IP address of every website you want to visit! Therefore, this system was created for hosts to have catchy names, easy for humans to remember, like example.com

Domain name.

The second one in our list of DNS terms is the domain name. It is a line of text for mapping an IP address. It’s used for accessing websites by typing easy and memorable names instead of their corresponding numerical addresses, called IP addresses. You type example.com, instead of 1580:cb11:2045:1::c530:d6a1.

IP address.

An IP address is a line of numbers, divided by periods, used to identify websites, computers, and routers. Every IP address is unique, and it’s mathematically created and allocated by IANA, the Internet Assigned Numbers Authority.

IP addresses hold location information vital for finding and identifying machines. Besides, they are needed for devices to communicate and exchange information on a network.

DNS query.

A DNS query, also known as a DNS request, is a petition of DNS information that a user sends to a DNS server via his or her device and browser. The most common DNS query is the one you send every time you want to visit a website. You type a domain name, and a DNS query to get the associated IP address of such domain is sent to a DNS server. Without this information, the website can’t be loaded for the user. 

DNS records. 

The DNS records are simple text files hosted on the authoritative name server and have instructions about the domain like its IP address, the services that a host uses, records for authentication purposes, and more. 

An example of one is the A record that connects the domain name and its IPv4 address. 

Authoritative name server.

An authoritative name server is the type of server that holds all the DNS records of a domain name and other web resources. Once a DNS query has been sent, a process to get the necessary IP address for loading a domain name starts. And an authoritative name server is the last server that participates in such a process. It’s the one that will deliver the A record that contains the IP address.

Recursive server.

A recursive server has a searcher vocation. Every time a DNS query is sent from a user’s device, this server will take it, and it will start a searching process in which it will query different servers until it gets the DNS data needed to answer such query. When it looks for the associated IP address of a domain name, its goal is to reach the authoritative name server, to finally obtain the A record that contains that IP address.

Recursive servers can cache the results of their searches for a period of time defined by the TTL (time-to-live) of every DNS record. If the information queried is not saved in its cache anymore, it has to do the whole searching process again by querying other servers. 

Conclusion.

DNS has its own and very specific rules and processes. However, if you want to survive and successfully complete your mission, this is a good starting point! Success, DNS ninja! 

Leave a Comment

DNS outage: explained.

You have to pay urgently to some providers, and after several tries, your bank website is unreachable. You have been chasing a promotion to renew some equipment. The promotion appears, but when you try to load the website, you receive only error messages. 

As clients, we all have experienced this more than once. We hate the website, and we don’t feel like giving it another chance. It will take a long time to forget the bad experience.

On the other side, as online business owners, we don’t want to suffer this because we understand its cost for our pockets and reputation!

What is a DNS outage?

DNS outage, also known as DNS downtime, is that period of time the DNS is not working.

You know that the resolution process is vital for accessing your domain name. If DNS fails, the process to translate it to its IP address won’t be possible. Therefore, your website could not be located, so its content won’t be reachable.

What can cause a DNS outage?

There are different causes for the DNS to fail.

Human errors. 

Misconfiguration for sure could lead to a DNS outage. And it can happen both to experts and novices. For example, a single mistake while typing the domain name’s IP address, a script error, or something wrong while setting up a firewall can be enough for the DNS to stop working. 

Having only one authoritative name server.

Businesses can definitely work with a single authoritative server. Especially small and medium ones take such decision. But the lack of redundancy can mean DNS outages every time that server requires the normal maintenance, updates, fixes, or suffers a cyber attack. That’s why having a secondary DNS server is widely recommended for answering queries uninterruptedly. 

Technical or climate problems on data centers facilities.

No matter the provider and type of service you pick, your authoritative name server (one or more) will live in a data center. Accidents, technical failures (electricity outages), and extreme weather (floods, fire…) can affect those places.

Again, redundancy is the choice not to suffer a DNS outage. If a tragedy occurs in a data center and kills the authoritative name server you had there, you hopefully have another in a different location. That way, the resolution to queries won’t be interrupted. 

Delays while propagating updates or changes. 

Editions, clearing, or adding to your business DNS records can be frequently required as a part of your normal operation. Unfortunately, such changes take time to be propagated to every machine on a network, especially if it’s a big one. 

In the meantime, for instance, an old IP address can still be saved in recursive servers’ cache. Then, when they take clients’ queries, they can provide this IP address, and it won’t work. Until they get the update, meaning that the operation will get back on track when the propagation process gets completed successfully.

Talking strictly, this is not a DNS outage. It’s not a DNS failure. But it will be perceived that way by the clients that won’t reach your domain name. 

DDoS attacks.

This is an extreme cause of DNS outage but, sadly, a possible one. Those attacks’ objective is to shut down your domain name by overwhelming your DNS servers with huge traffic loads.

DDoS prevention is crucial. An efficient solution for load balancing is a good investment!

Conclusion.

A DNS outage is like a heart attack for your online business. Don’t allow this to stop your operation and damage your image. Instead, be aware of its causes, to prevent them on time! 

Leave a Comment

​What is a DNS zone file?

​Some DNS background.

The DNS is a system of managing domains and IP addresses. It has a specific tree-like structure built with hierarchy. For administrative purposes and to make the whole system more manageable and decentralized, it uses delegated partitions called DNS zone. The DNS zone is a part of the Domain namespace that has its autonomy of management.

​What is a DNS zone file?

Each of the delegated partitions called DNS zones has a DNS zone file where the DNS administrator for each zone can add instruction, settings, authentication mechanisms, and more for the zone. They are in the form of DNS records – simple text instructions that other computers and sometimes people can read and understand.

So, the DNS administrator of a zone controls it by adding and removing DNS records, and all that data is saved in a DNS zone file.

DNS records could be:

  • DNS A record – a domain to its IPv4 address link.
  • DNS AAAA record – a domain to IPv6 address link.
  • DNS SOA record – showing information about the start of authority and zone transfering. It is a must-have on every zone file. It also includes information about the administrator of the zone.
  • DNS MX record – a domain to its incoming mail server link.
  • DNS TXT record – a specific DNS record that could be used for many different verification and authentication mechanisms.
  • DNS SRV record – indicating services that the host uses and their parameters.
  • And more…

​Who can you edit it?

Only the administrator of a particular zone can edit the particular zone file. It does it by adding new DNS records, modifying existing records, or deleting them.

​Where can you find the DNS zone file?

Each DNS zone needs to be hosted on a DNS server. If it is a Primary DNS zone file, it will be hosted on a Primary Authoritative DNS server. In case it is a Secondary DNS zone, it will have a copy of the zone file from the Primary DNS zone, and it will be hosted on a Secondary DNS server.

How can you get information about a DNS zone?

You can perform a DNS query and get different DNS records of a domain name with typical DNS probing tools like Nslookup, Dig command, Host command, and more. You will have access to only publicly available DNS records. There could be other DNS records that are for inside use only.

If you want to get a complete copy of the zone file, you can perform a zone transfer. Usually, the DNS administrators limit who can perform zone transfer, but you can use one of the above mention DNS commands and perform zone transfer if there is no limit set. You can get the whole zone file and later save it in a text document for further use.

​How to copy the DNS zone file of a Primary DNS zone to a Secondary DNS zone?

You can perform a complete zone transfer (AXFR) and get the zone file from the Primary DNS server to the Secondary DNS server.

In case you want to copy only the newest changes from the Primary DNS server to the Secondary DNS server, you need to perform an incomplete zone transfer (IXFR).

​To summarize:

The DNS zone file is a single file that contains all the DNS records for a DNS zone. All the instructions, indications, and settings that the DNS administrator of the zone has added.

Leave a Comment

​DDoS-protected DNS service: Why do you need it?

If you are checking what DDoS-protected DNS service is, you probably already suffered from a DDoS attack. Now, they are more common than ever and damage online businesses. They might stop your server when you needed it the most and cause severe losses. It is clear that you need a way to stay safe and keep your online business running. You need DDoS protected DNS service! 

​What is DDoS protected DNS service?

DDoS protection or DDoS mitigation service refers to an additional DNS service that combines different tools and techniques to check traffic and stop DDoS attacks. The DDoS attacks are strong waves of traffic organized by cybercriminals that try to unstable your servers and make them incapable of responding to normal clients’ requests. 

What one protected DNS service should do is: 

  • Analyze the traffic deeply. Understand the normal patterns of the traffic and use them for comparison. 
  • Separate traffic. Understand what is human traffic and what is machine traffic. 
  • Filter. Filter the incoming traffic based on whitelisting or blacklisting and other parameters. The protection can distinguish and stop bad traffic.  
  • Monitor. Monitor the whole DNS traffic. If the system spots a strange pattern, it could activate different behavior and take actions to stop a potential DDoS attack. So, understanding the traffic is vital. 
  • Distribute the traffic. In some cases, just the load balancing could be enough to distribute the malicious traffic between the DNS server and resist the attack. 
  • Activate Failovers if needed. If one or more servers go down, it could notify you about the event and redirect the traffic to the rest of the DNS servers. Automatically, without the need of a human operator. 

​Why do you need DDoS protected DNS service?

  • Less downtime. If you have DDoS protection, your servers will resist a lot more to DDoS attacks and experience significantly less downtime. Your visitors will still be able to access your application or website. 
  • Good performance, even under attack. The distribution of traffic that a DNS service provider can offer you should be enough to manage the traffic well. So well, in fact, that your application or website will still be available and without a significant penalty in productivity. 
  • It will be more beneficial. Yes, downtime costs and it costs a lot. How much does a minute of it cost for you? What about an hour or a whole day? Compare this number to around 100 dollars per month, and you will see that DDoS-protected DNS service is really worth it. 
  • It is easy to manage. Don’t get me wrong, if you are not familiar with DNS, it might be a bit hard, but if you are, it will be very simple. Set it up once, and the monitors and failover mechanism could run almost 100% by themselves. Only if the attack is really strong, you, your IT team, and the customer service of the DNS provider will need to fight the DDoS attack together. 

​Conclusion

DDoS-protected DNS services are getting so common as the SSL/TLS certificates for the websites. They are not a must, but pretty much everybody who has a large e-commerce site or an important application gets it. Better protect that suffer downtime and wait many long hours until your domain gets accessible again. 

Leave a Comment

Introduction to Anycast DNS

Anycast DNS explained.

Through Anycast DNS, several servers that are located in different geographical points can provide the same IP address. The DNS data for your domain name is duplicated on more than one server. You are able to choose a specific number of servers, depending on your needs. That way, your overall presence is going to be better.

When you are using Anycast, the most nearby server is going to answer the request of the user. In case one of your servers is offline due to maintenance or down for some reason, your website is still going to be reachable. The request will move to the second closest and available DNS server to resolve. As a result, the user’s request is going to be answered faster. Also, the overall experience is going to be improved in terms of loading time, waiting for a response, and so on.

How does it work?

Anycast network routing can route incoming requests over various data centers. The requests arrive in a singular IP address associated with the Anycast network. So, the network spreads the data based on a priority method. Choosing a particular data center will typically be adjusted based on reducing latency and selecting the data center closer to the requester. 

Advantages

  • Better uptime. It is possible for a server to fail, but the chance of a group of servers to fail at the same time is very low. So, your website is going to have better uptime, and your users could access it at any time.
  • Faster response time. The waiting time is way shorter when your servers’ responses are fast. Less potential clients are going to abandon your website.
  • Improved security. You can rely on other servers in case one of them gets compromised.
  • Rank on search engines. User experience includes waiting for a response, loading time, etc. Search engines don’t miss to rank better or worse your site based on these factors.

Anycast vs. Unicast DNS Routing

  • In Unicast DNS routing, the DNS resolver, an element on the DNS server accountable for discovering the authoritative DNS record for the demanded hostname, can get a list of many DNS name servers. It searches on the first one on the list. Then waits till it replies or there is a timeout, and then it is able to try the next on the list. This can cause high latency.
  • In Anycast DNS routing, resolvers are configured with only one anycast address for each group of name servers. That way, the latency is eliminated. The timeout delays with a non-responsive nameserver do not happen. Anycast routing automatically excludes unreachable points of presence (PoP). The DNS resolver is always routed to the closest and well-performing DNS server.

Why use Anycast DNS?

In case you have a website, service, or app, you probably want reliability and speed in each location. Nobody wants angry customers. With Anycast DNS, you achieve excellent performance at various places and handle the traffic effectively. The better network performance leads to more satisfied clients and then probably to more sales.

Leave a Comment

GeoDNS service – Everything you need to know

With GeoDNS service, you can accomplish remarkable results and drop the waiting time for your clients based on their location. No matter where your users are placed in the world, you can make your domain resolution much faster for them.

What does GeoDNS service mean?

GeoDNS service is usually a paid feature that can be found in the portfolio of the bigger DNS providers. Its purpose is to determine where are the users’ IP addresses. Afterward, it points them to the nearest server. Thus, it is often applied as a geographical routing method, which can assist with reducing the stress on an individual server. In addition, it routes the traffic to several servers, and it is a load balancer.

If your business has a worldwide presence and you desire to provide better performance to your clients, you should consider a GeoDNS service. It will ensure an excellent experience for the visitor of your website.

How does it function?

If you want to use the GeoDNS service, you will have to find a DNS provider supporting Geolocation. After you implement it and a user’s query is received, the DNS server will search for its location. That happens through the user’s IP address. DNS reviews it, and it will scan in the database for the location. Then the name server assigns a pre-configured record, which is defined explicitly for the region from where the query comes from.

When once GeoDNS identifies the location of the query, it will respond with a record configured especially for its location .

To send visitors to the best server and closest location, it uses DNS GeoIP searches. So, all servers will hold several IP addresses for the identical domain.

For who is it intended?

All kinds of businesses can benefit from GeoDNS. Small websites that want to grow also probably would like to have it. The biggest need for operating things smoothly would be for large companies.

There is a group of companies that can get the most out of it. For example, international organizations handle significant amounts of traffic or content platforms, which need to deliver to a global audience, and e-commerce, which are always seeking high uptime to secure profits.

Why is it beneficial to use the GeoDNS service?

When you set up a GeoDNS service, a lot of benefits will influence your business.

Moreover: 

  • It is not complicated to configure GeoDNS.
  • Better SEO, faster response and loading time, 100% uptime, and higher speed are key benefits.
  • You have more choices, and it is easier to manage the traffic. By setting some records on the DNS control panel, you can direct traffic to a local country or a different state.
  • With GeoDNS, you can set limits or break them to access the content. So your visitors are going to be capable of reaching your content, no matter their location.
  • Your website is going to be available and not disrupt by any maintenance or daily tasks. Even shutting down a server to update it or change it is not a problem. You have many options to serve all requests and to re-direct the traffic.
  • Congestion on particular network points is going to be finally avoided.

Leave a Comment