What DNS servers store

Started by addisoncave, Oct 28, 2022, 09:16 AM

Previous topic - Next topic

addisoncaveTopic starter

Due to the huge number of questions that both beginners and experienced users ask us, I want to explain some principles, aspects and features of this branch of the IT sphere. I'm not sure that the number of questions from our users will decrease, but it's worth trying.
Even if you do not use hosting, I assume that this information can be informative.

You need to make a remark at the very beginning: I have never personally seen the internals of root DNS servers (level zero), as well as DNS servers responsible for certain domain zones (first level): I haven't grown to such heights yet. I can only imagine how they are arranged approximately, so I will not load you with false information. I have two DNS servers under my control that store information about domains hosted on our technical site. That is, based on the previous post, I will write about DNS servers of the second level.

For a general understanding, let's go from the very beginning of the chain.
What do DNS servers store in themselves? Longpost, IT, DNS, Hosting

You have created a website and set out to place this website on the Web. A relatively simple option was chosen: hosting the site for a subscription fee from a specialized company (hosting provider, hosting company). You have chosen a free domain name that you like yaldex.com, registered it at the best price that our. Then we found a hosting company with interesting price offers for hosting sites. We bought hosting services from them, placed the site according to their instructions on their server. And the site when typing the domain yaldex.com the browser's address bar does not open. What went wrong?

When did you buy the domain yaldex.com , the registrar company that sold this domain to you sent the DNS server of the zone .com (to level 1) information about the new domain. They also sent this server information about DNS servers (layer 2 servers) to be referenced when requesting the IP address of the website of this domain.
Since you have not yet decided on a hosting company when buying a domain, you have not specified any DNS servers for the domain. In this case, the registrar either assigns its own DNS servers (second level) to the domain, or does not assign any.

In order for your website to open from the hosting whose services you purchased, you need to register the DNS server (second level) of this hosting company in the settings of the purchased domain. This is done either manually by you, or through the technical support of the registrar company where you purchased the domain yaldex.com . The hosting provider must provide you with a list of the DNS servers themselves upon request.

Making changes to the DNS list at the registrar looks something like this:
What do DNS servers store in themselves? Longpost, IT, DNS, Hosting

After all the necessary actions are done and the site is working, you can figure out what is still stored in the DNS servers (second level) of the hosting provider.

The DNS server from the inside is a database that stores records about the domains served.
Each record consists of at least three fields: record content, record type, record value. For example:
yaldex.com — A —

If with content (yaldex.com ) and with the value ( everything is clear, then what is the type of record, which in our case appears as the letter "A"?

At the moment, there are about four dozen types of records in DNS. Some of them are used very often, some are quite rare. The most commonly used record types:

1. A — address. That is, directly the IP address of the domain.

2. AAAA address in IPv6 format.

3. MX — mail exchanger. Indicates the address of the mail server for the domain.

4. NS — name server. Stores information about the DNS server of the domain.

5. SOA — start of autority. A record pointing to a server with reference information for this domain.

6. TXT — text string. Any record with any data. No longer than 255 bytes.

7. CNAME — canonical name. The name for the alias of the record to which requests will be redirected.

8. SRV is a pointer to servers with any services.

Using the domain example yaldex.com let's see what records are stored by the DNS servers (second level) of the hosting provider of the site of this domain:
What do DNS servers store in themselves? Longpost, IT, DNS, Hosting

The first is a TXT record:

yaldex.com. TXT "v=spf1 include:_spf.google.com ~all"

It means that for the domain yaldex.com in the DNS server of the hosting provider, a certain TXT record is stored, with some nonsense in the content. Looking ahead a little, I will say that this entry helps mail from the domain yaldex.com go through google servers and be successfully delivered to the recipients' mailboxes. I will make a separate post about the work of mail in general and SPF records, there is quite a lot of information on this topic.

Then we see the SOA record:

yaldex.com. SOA ns1.fornex.com. hostmaster.fornex.com. (

2469468516 ; serial

46800 ; refresh (13 hours)

1800 ; retry (30 minutes)

3600000 ; expire (5 weeks 6 days 16 hours)

21600 ; minimum (6 hours)


Let's analyze the record.

yaldex.com — record name

SOA — record type

ns1.fornex.com — the primary DNS server that stores the most complete information about the subject of the record (about yaldex.com , therefore)

The email address of the person responsible for the contents of the record; the dog symbol is replaced by a dot here due to the format of the records inside dns.

Serial number - the version number of the zone record. A positive number that should change with each change in the content of the record. It is necessary so that secondary servers can understand by changing the serial number that DNS records for the domain have been changed.

Refresh is a time parameter (a digit in seconds) that tells secondary DNS servers how often they need to contact the primary DNS server to find out if the record's serial number has changed.

Retry (retry) is again a time parameter in seconds that indicates the waiting time for the secondary DNS before trying again to get information about the serial number change if no response was received to the previous request for some reason.

Expiration time — in seconds shows the time during which the secondary server can use the record data that it received earlier without updating.

The minimum negative response caching time (minimum) is a time parameter in seconds indicating how long responses claiming that there is no corresponding IP for this domain should be cached.

Next we observe four NS records:

yaldex.com. NS ns1.fornex.com.

yaldex.com. NS ns2.fornex.com.

yaldex.com. NS ns3.fornex.com.

yaldex.com. NS ns4.fornex.com.

Which report that domain information can also be found on these DNS servers. The number and content of these records should correspond to the information about the number of DNS servers and their number, which is stored in the DNS server of the first level (in our case, the DNS server of the RU domain.)
 Longpost, IT, DNS, Hosting

After NS records come MX records. Also in the amount of several pieces:

yaldex.com. MX 10 ASPMX5.GOOGLEMAIL.com.

yaldex.com. MX 1 ASPMX.L.GOOGLE.com.

yaldex.com. MX 5 ALT1.ASPMX.L.GOOGLE.com.

yaldex.com. MX 5 ALT2.ASPMX.L.GOOGLE.com.

yaldex.com. MX 10 ASPMX2.GOOGLEMAIL.com.

yaldex.com. MX 10 ASPMX3.GOOGLEMAIL.com.

yaldex.com. MX 10 ASPMX4.GOOGLEMAIL.com.

Let's look at these records using the example of one. First, as we are already used to, comes the domain name of the record: yaldex.com . Then the MX record type, which tells us that this record tells the name of the domain mail server.
It is followed by a number, in our case from 1, 5 or 10. This is the priority of the MX record. That is, a record with priority 1 will be triggered first. With priority 10 — last.

Why are there several of them? The reason is unchanged: duplication to increase fault tolerance. The google mail service that it uses yaldex.com , is huge, and some of its servers may periodically go for prevention, in this case, the record with the next priority starts working, and mail begins to be processed by another mail server.

And the last entry on our list
yaldex.com. A

We have already dealt with it at the very beginning: domain yaldex.com It has the IP address of the site It is at this address that the browser needs to apply for the content of the site yaldex.com .

From the hosting provider's side , all this goodness looks something like this:
What do DNS servers store in themselves? Longpost, IT, DNS, Hosting
I thank everyone who managed to read this to the end. If you have any questions, ask in the comments, I will try to answer.


Is it possible as an algorithm?
I want to buy the cheapest virtual machine for experiments on DO, raise my page with preference, poetesses and cats on it.
Well, learn how to set up mail on a domain, VPN, deploy ownclowd, and you never know what else you want.
What is needed first? register a domain and then buy a VPS, or vice versa, first buy a VPS and then register a domain name? Or does it make no difference?


Here, I just have a question. I raise the dns server at home, if port 53 is open to the outside (the address is allocated), then thousands of requests to the server to me begin to fall, the volume of which in a couple of minutes runs around 10 megabytes.
What's it? Why? What for?

an experimental question: somehow I wanted to mess up my personal DNS server. There is a debian 8. Just for the sake of experiment. Will I get a profit (in theory) if the ping is 100 to the provider, and 1 ms to my personal home dns mirror?

PS. To the provider, of course, ping 2ms, but I'm just wondering. When I was interested in this topic, either there were hooks in my hands, or something else. I forgot about it, and here are your posts.
Also, by the way, it would be fun to attach a caching proxy to this case. For those who have a slow or limited Internet connection.


there is an ip address with a domain that is both a node and a host at the same time - what can a stame be used for?
Or again, there is a domain name to which an ip address is attached, which is an incoming one for a virtual network with virtual hosts that share a common ip address, but each has its own domain name - can a cname be used for them somehow?
Can cname be used for an "implicit" redirect, an analogue of http 301, or how can this entity tied on top of the domain be useful?
"cname records are very useful" - why? if they don't exist, what will happen?

P.S.: no negativity, I'm trying to figure out, for someone all this knowledge is a basic theory, and someone is swimming in all this and does not understand why we need to do alias on a domain that seems to be also alias.