Address, or "A" records, map the name of a machine to its numeric IP address. In clearer terms, this record states the hostname and IP address of a certain machine. To "resolve" a hostname means to find its matching IP address. This is the record that A NAME server would send another name server to answer a resolution query. The record below is an example of how an A record should look:
eric.foobarbaz.com. IN A 22.214.171.124
The first column contains the machine's hostname. The second column lists what class the record is. For most basic DNS work, all you will need is the IN designation, which stands for InterNet. The next column denotes the type of record the entry actually is, and the last column is the IP address itself.
It is possible to map more than one IP address to a given hostname. This often happens for people who run a firewall and have two ethernet cards in one machine. All you must do is add a second A record, with every column the same save for the IP address.
It is also possible to map more than one host name to one IP address. This is not recommended, however, since DNS has a special record for allowing machines to have aliases, called a canonical name, or CNAME record.
"CNAME" records simply allow a machine to be known by more than one hostname. There must always be an A record for the machine before aliases can be added. The host name of a machine that is stated in an A record is called the canonical, or official name of the machine. Other records should point to the canonical name. Here is an example of a CNAME:
www.foobarbaz.com. IN CNAME eric.foobarbaz.com.
You can see the similarities to the previous record. Records always read from left to right, with the subject to be queried about on the left and the answer to the query on the right. A machine can have an unlimited number of CNAME aliases. A new record must be entered for each alias.
also see: How to Use an Outside Email Server
"MX" records are far more important than they sound. They allow all mail for a domain to be routed to one host. This is exceedingly useful -- it abates the load on your internal hosts since they do not have to route incoming mail, and it allows your mail to be sent to any address in your domain even if that particular address does not have a computer associated with it. For example, we have a mail server running on the fictitious machine eric.foobarbaz.com. For convenience sake, however, we want our email address to be "firstname.lastname@example.org" rather than "email@example.com". This is accomplished by the record shown below:
foobarbaz.com. IN MX 10 eric.foobarbaz.com.
The column on the far left signifies the address that you want to use as an Internet email address. The next two entries have been explained thoroughly in previous records. The next column, the number "10", is different from the normal DNS record format. It is a signifier of priority. Often larger systems will have backup mail servers, perhaps more than one. Obviously, you will only want the backups receiving mail if something goes wrong with the primary mail server. You can indicate this with your MX records. A lower number in an MX record means a higher priority, and mail will be sent to the server with the lowest number (the lowest possible being 0). If something happens so that this server becomes unreachable, the computer delivering the mail will attempt every other server listed in the DNS tables, in order of priority.
Obviously, you can have as many MX records as you would like. It is also a good idea to include an MX record even if you are having mail sent directly to a machine with an A record. Some sendmail programs only look for MX records.
It is also possible to include wildcards in MX records. If you have a domain where your users each have their own machine running mail clients on them, mail could be sent directly to each machine. Rather than clutter your DNS entry, you can add an MX record like this one:
*.foobarbaz.com. IN MX 10 eric.foobarbaz.com.
This would make any mail set to any individual workstation in the foobarbaz.com domain go through the server eric.foobarbaz.com.
One should use caution with wildcards; specific records will be given precedence over ones containing wildcards.
Although there are different ways to set up PTR records, we will be explaining only the most frequently used method, called "in-addr.arpa".
In-addr.arpa PTR records are the exact inverse of A records. They allow your machine to be recognized by its IP address. Resolving a machine in this fashion is called a "reverse lookup". It is becoming more and more common that a machine will do a reverse lookup on your machine before allowing you to access a service (such as a World Wide Web page). Reverse lookups are a good security measure, verifying that your machine is exactly who it claims to be. In-addr.arpa records look as such:
126.96.36.199.in-addr.arpa. IN PTR eric.foobarbaz.com.
As you can see from the example for the A record in the beginning of this document, the record simply has the IP address in reverse for the host name in the last column.
A note for those who run their own name servers: although Allegiance Internet is capable of pulling zones from your name server, we cannot pull the inverse zones (these in-addr.arpa records) unless you have been assigned a full class C network. If you would like us to put PTR records in our name servers for you, you will have to fill out the online web form on the support.allegianceinternet.com page.
NS records are imperative to functioning DNS entries. They are very simple; they merely state the authoritative name servers for the given domain. There must be at least two NS records in every DNS entry. NS records look like this:
foobarbaz.com. IN NS draven.foobarbaz.com.
There also must be an A record in your DNS for each machine you enter as A NAME server in your domain.
If Allegiance Internet is doing primary and secondary names service, we will set up these records for you automatically, with "nse.algx.net" and "nsf.algx.net" as your two authoritative name servers.
The "SOA" record is the most crucial record in a DNS entry. It conveys more information than all the other records combined. This record is called the start of authority because it denotes the DNS entry as the official source of information for its domain. Here is an example of a SOA record, then each part of it will be explained:
foobarbaz.com. IN SOA draven.foobarbaz.com. hostmaster.foobarbaz.com. (
1996111901 ; Serial 10800 ; Refresh 3600 ; Retry 3600000 ; Expire 86400 ) ; Minimum
The first column contains the domain for which this record begins authority for. The next two entries should look familiar. The "draven.foobarbaz.com" entry is the primary name server for the domain. The last entry on this row is actually an email address, if you substituted a "@" for the first ".". There should always be a viable contact address in the SOA record.
The next entries are a little more unusual then what we have become used to. The serial number is a record of how often this DNS entry has been updated. Every time a change is made to the entry, the serial number must be incremented. Other name servers that pull information for a zone from the primary only pull the zone if the serial number on the primary name server's entry is higher than the serial number on it's entry. In this way the name servers for a domain are able to update themselves. A recommended way of using your serial number is the YYYYMMDDNN format shown above, where the NN is the number of times that day the DNS has been changed.
Also, a note for Allegiance Internet customers who run their own name servers: even if the serial number is incremented, you should still fill out the web form and use the comment box when you make changes asking us to pull the new zones.
All the rest of the numbers in the record are measurements of time, in seconds. The "refresh" number stands for how often secondary name servers should check the primary for a change in the serial number. "Retry" is how long a secondary server should wait before trying to reconnect to primary server if the connection was refused. "Expire" is how long the secondary server should use its current entry if it is unable to perform a refresh, and "minimum" is how long other name servers should cache, or save, this entry.
There can only be one SOA record per domain. Like NS records, Allegiance Internet sets up this record for you if you are not running your own name server.
There are many other types of DNS records, however these are the most relevant ones you will need to understand. Other record types, like Host Information (HINFO) or Text (TXT) are informational for people only, listing facts about the domain and types of computers used that are not vital to the operation of DNS. Now that you have seen the format these records take, you should send your DNS requests to "firstname.lastname@example.org" in the correct format. This will expedite the processing of your requests.
If you wish to find out more about how DNS works, a good reference written in clear terms is the book "DNS and BIND", by O'Reilly & Associates. It is available in most bookstores. To find a comprehensive list of most available DNS resources, look on the Web at http://www.dns.net/dnsrd/
The books listed on that site as reccommended reading are: