Enter a URL
Introduction to DNS
The Domain Name System (DNS) serves as the internet's phonebook, translating human-readable domain names (like www.example.com) into machine-readable IP addresses. DNS records contain critical configuration details that control how domains and services operate.
| Record Type | Purpose | Example |
|---|---|---|
| A Record | IPv4 address mapping | example.com → 192.0.2.1 |
| AAAA Record | IPv6 address mapping | example.com → 2606:2800::1 |
| MX Record | Mail server designation | example.com MX 10 mail.server.com |
| CNAME | Domain alias creation | www.example.com → example.com |
| TXT | Verification/SPF data | "v=spf1 include:_spf.google.com ~all" |
| NS | Nameserver specification | example.com NS ns1.provider.com |
| PTR | Reverse DNS lookup | 1.0.0.10.in-addr.arpa → example.com |
| SOA | Zone authority information | Contains admin email, serial number, refresh timers |
Recommended Tools:
| dig | dig example.com ANY |
Linux/macOS |
| nslookup | nslookup -type=MX example.com |
Windows/Linux/macOS |
| host | host -t TXT example.com |
Linux/macOS |
# Basic lookup
dig example.com
# Specific record query
dig example.com MX +short
# Comprehensive query
host -a example.com
nslookup -type=MX example.com
import dns.resolver
def check_records(domain):
try:
# A Records
answers = dns.resolver.resolve(domain, 'A')
print(f"A Records: {[r.address for r in answers]}")
# MX Records
answers = dns.resolver.resolve(domain, 'MX')
print("MX Records:")
for r in answers: print(f"{r.preference} {r.exchange}")
except Exception as e:
print(f"Error: {e}")
check_records("example.com")
Requires dnspython package: pip install dnspython
GET https://dns.google/resolve?name=example.com&type=MX
GET https://api.cloudflare.com/client/v4/zones/:zone_id/dns_records?type=MX
GET https://api.dnsimple.com/v2/:account_id/zones/:zone_id/records?type=MX
dig +trace example.com # Follow complete resolution path
| Issue | Cause | Solution |
|---|---|---|
| Propagation Delays | High TTL values | Plan changes with reduced TTL |
| Email Delivery Problems |
MX records & reverse DNS |
Verify SPF/DKIM/DMARC |
| Website Not Resolving | A/AAAA records incorrect | Check nameserver delegation |
| SSL Certificate Errors | CAA records missing | Check conflicting TXT records |
Ensure site availability and proper routing
Configure reliable mail delivery systems
Prevent DNS hijacking and spoofing
Integrate APIs and third-party services
## DNS Documentation Template
Domain: example.com
Last Audit: YYYY-MM-DD
| Record Type | Host | Value | Purpose | TTL | Modified Date |
|-------------|------------|---------------------|------------------|--------|---------------|
| A | @ | 192.0.2.1 | Primary website | 3600 | 2023-01-15 |
| MX | @ | 10 mail.server.com | Email service | 86400 | 2023-03-22 |
| TXT | @ | "v=spf1..." | Email validation | 3600 | 2023-02-10 |
Change Log:
- 2023-03-22: Updated MX records for new email provider
- 2023-02-10: Added SPF/DKIM records
Recommended audit frequency:
# Export current DNS config for review
dig example.com ANY +noall +answer > dns_audit_$(date +%F).txt
| TTL (Time to Live) | Propagation | |
|---|---|---|
| Definition | How long resolvers cache records | Time for global DNS updates |
| Control | Set in DNS records | Depends on ISP refresh cycles |
| Typical Duration | 300s to 86400s | 1-48 hours |
# Check DNSSEC validation
dig example.com +dnssec +multi
Look for these indicators:
ad flag in the header (authenticated data)RRSIG records in the answer sectionCommon causes and solutions:
curl https://dns.google/resolve?name=example.comExport all records from current provider
Set TTL to 300s (5 mins) 48 hours before
Import records to new provider
Update nameservers at domain registrar
Monitor for 72 hours using:
dig +trace example.com