DNS Overview

Most records will be A records. This allows the greatest versatility in pointing your domain names where you want them go. Each record consists of a host name and an IP address.

Host field: The host name for that particular A record. The host name should be what precedes the .domain.com in your FQDN (fully qualified domain name). For instance, on www.domain.com, “www” is the host (without the quotation marks). Whatever is listed here, the lookup will automatically append “.domain.com” to the query. A blank A record ( domain.com rather than host.domain.com) is created by putting a ‘@’ sign in the host name field.

Common “A” records include: www.domain.com, ftp.domain.com, mail.domain.com, webmail.domain.com, mysql.domain.com

Points to field: This is where you list the IP address to which the host name should point.

CNAME section:

CNAME records point to domain names instead of IP addresses. The benefit to using a CNAME record is you can point a host to a particular domain name then only modify the target domain name’s A records to have the change take place on both domains. This is commonly used by those who own several TLD versions (.com, .net, .org, etc.) of the same domain.

For example, you own domain.com and you also own domain.net and you want the records to point to the same IP. You can create CNAME records for the www host of domain.net that point to www.domain.com. Then all you have to do to change the www host of domain.net is modify the A record of www.domain.com to point to its new IP address and www.domain.net is automatically changed:

A common mistake to using this method is that you can accidentally modify the records for several domains when you only intend to change one. I.E. – you have to make a note of which domains point to each other

Host field: The host name for that particular CNAME record. The host name should be what precedes the .domain.com in your FQDN. For instance, on www.domain.com, “www” is the host (without the quotation marks). Whatever is listed here, the lookup will automatically append “.domain.com” to the query. A blank A record ( domain.com rather than host.domain.com) is created by putting a ‘@’ sign in the host name field.

Points to field: The name that the record points to. This must be a domain name, and not an IP address. The domain name must also end with a dot. Otherwise, the domain record will wrap down when queried to the next period in the zone file.

MX section:

The MX section is the area that handles the direction of mail.

Priority field: This allows you to select your preference for an individual MX records. Records are procesed in order starting with the lowest priority and working to higher priorities. What this means is, if you have two mailservers or a mailserver and a mail spooler, set the lower priority to your main mailserver and a higher priorty to your backup mailserver or mail spooler.

Host field: You can specify a mail host name here, but in most cases it is not necessary. What is recommended is to create a blank host (use a ‘@’ for the host name) and point it to your mail server.

Goes to field: The address of the mail server. What is commonly done here is using the mail hostname you created in the A record section to point your mail.

It is highly recommended that you point MX records to a domain name, and that domain name (just like a CNAME record) must end with a dot.

TXT section:

A TXT record generally is a record that you can query which return information about a domain. These can be used for SPF indicators, crafting port an protocol connections, or just returning information about a domain. These are most commonly used with the spf protocol.

Name: The host that the TXT record can be queried by.

Value: What the TXT record will return, placed in quotes.

Closing Open Nameservers – DNS recursion

Open nameservers allow anyone in the world to perform queries on them, which can often lead to DOS attacks and slower performance. Some system administrators prefer to have their nameservers restricted to only trust parties. To do this kind of setup, you will need to configure your named configuration:
On command line:

pico /etc/named.conf

Look for this line at the top:

include “/etc/rndc.key”;

Now add this right below it:

acl “trusted” {
205.134.252.71;66.117.3.128;127.0.0.1;
};

The IPs should be those of the nameservers…you can add other trusted IPs as well.

Now in the options section right below that, add these lines:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

So your options section will look like this:

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};

Restart named

/etc/init.d/named restart

Now you can check a service like DNSreport to make sure the changes took.