Back

DNS overview

Domain name system

DNS (Domain Naming System) is a distributed system that resolves a host domain to an IP address. In other words, it's a database matching domain names against IP addresses. Under the hood, it has a large number of servers interacting by a specific protocol.

In practice, when opening the "example.com" page in your browser, a set of actions happen behind the scenes:

  • Your browser appeals to a DNS server to get an IP address of "example.com"
  • A DNS server provides your browser with an IP address: X.X.X.X (where X is a number)
  • Your browser makes an HTTP request to X.X.X.X
  • A server X.X.X.X sends an HTTP response to your browser

With a DNS hosting service, you can delegate management of domain resource records to the authoritative servers.com name servers.

DNS records

The key entity to operate with the entire DNS system is a DNS record. A DNS record is domain related mapping information stored on DNS servers.

  • A record - an address record that links a domain name and IPv4 address
  • AAAA record - an address record that links a domain name and IPv6 address
  • ALIAS record - unlike an A record, an ALIAS record points a domain to a hostname but not an IP address
  • CAA record - a record that specifies which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for your domain
  • CNAME record - canonical name record server for redirection to another domain name
  • MX record - this record points to mail exchange servers for the domain
  • NS record - a name server record that defines DNS servers for the domain
  • PTR record - a reverse DNS record links an IP address to a canonical name. It's used in mailing to reduce spam
  • SOA record - a Start of Authority record points to administrative data about your domain zone
  • SRV record - a server selection record is intended to point servers for such services as Jabber or Active Directory
  • TXT record - a record used to associate free text with the domain

CAA record

A CAA (Certification Authority Authorization) record is a DNS record that allows a domain owner to specify which certificate authority (CA) is authorized to issue SSL/TLS certificates for their domain.

This record enhances domain security by preventing unauthorized certificate issuance, reducing the risk of fraud and phishing attacks.

A CAA record consists of three key parameters:

  • Flag – an integer that defines how the CAA record should be processed. Currently, only two flag values are supported: 0 and 128:
    • 0 (non-critical): allows the certificate to be issued without strict enforcement of the record
    • 128 (critical): rejects the certificate request if the DNS server or certificate authority (CA) does not recognize or support the CAA record
  • Tag – a string that specifies how the CA should handle certificate issuance requests:
    • issue – allows a specified CA to issue standard certificates
    • issuewild – allows the issuance of wildcard certificates (e.g. "example.com")
    • iodef – specifies a contact email for receiving violation notifications related to CAA policies
  • Value – a string containing at most one CA identifier that is permitted to issue certificates for the domain

Price

The servers.com DNS service and its features are completely free.

Suggested Articles