DNS records

DNS DNS records

Top 5 DNS record types for starters

In case you are just starting to manage your DNS, these top 5 DNS record types are fundamental to know. So, let’s explain a little bit more about them.

A record

The A record is also commonly called address record, and it is perhaps the most popular of all DNS record types. Its purpose is to link a domain name to its corresponding IP address (IPV4 address). When a user makes a request for a particular domain name, exactly the A record is needed to show the accurate IP address.

Although it is a very simple DNS record, it is a crucial part of the DNS configuration. Your domain name could not be resolved without this type of DNS record (or AAAA record). Moreover, your users are not going to be directed to the correct location.

SOA record

SOA record is another critical DNS record that symbolizes the start of authority. It holds administrative information about the zone. It is the first DNS record that a DNS zone file includes, plus it establishes the general properties of that zone. It also holds data concerning the zone transfers, such as the refresh rate, the retry rate, and the administrator’s email.

The SOA record serves as a control record with a serial number and shows if there is a new update. Once the Secondary DNS servers detect a change in the number, they are going to update and receive the latest data.

NS record

The NS record is another very basic DNS record. NS stands for the nameserver, and it is similar to an ID card for the nameserver. The NS record describes which name server is accountable for the particular DNS zone. If such a record is not available, the zone won’t be able to work.

MX record

Another piece of the essential DNS record types, the MX record, which comes from Mail Exchanger record. Its purpose is to point the email server accountable for receiving emails for a specific domain name. It contains the domain name pointing to the hostname of the incoming mail server. Note that it has to point to a hostname and not to an IP address.

By establishing multiple MX records with different priorities, you could set a backup in case some failures occur. It is vital for you in order to receive emails properly.

CNAME record

The CNAME record shows an actual, canonical domain name for the domain or subdomain. It is commonly used when we are talking about subdomains. By implementing this DNS record type, you are going to be able to manage and administrate your Domain Name System as easily as possible.

The way to achieve that is by simply adding a CNAME record for each of your subdomains and pointing it to the domain name. As a result, each time you complete any changes or adjustments to your domain, they will occur to your subdomains too. That is going to save you a lot of time!

DNS DNS records

How To Use SPF To Protect Your Domain reputation.

The reputation of your business (domain) is an essential asset you must protect at all costs. It means a lot for your clients: trustability and reliability. These are strong triggers for them to pick you or to choose your competitors.

Crime techniques used on the Internet to cheat users get multiplied, and we must be very aware. In some cases, they use your positive domain reputation to defraud your own clients. 

​What is SPF?

The sender policy framework or SPF is a system for validating the legitimacy of an e-mail server. It’s a helpful and efficient system to avoid spoofing and to enhance e-mail servers’ reliability.

Having SPF, you can authorize the only e-mail servers that can send messages on behalf of your domain. 

​What is an SPF record?

To enable SPF, you have to add an SPF record for your domain name. An SPF record is a DNS record from the TXT DNS type. It holds the necessary information that allows verifying which e-mail servers are truly authorized to send messages from the name of your domain name.

Once the SPF record provides that information, the e-mail server can be verified, validated, or not.

Using the SPF record, specifically its qualifiers and mechanisms, you or your administrator can establish rules, as strict as you decide, to verify. 

DNS SPF mechanisms:

  • “include” allows adding more domains (like example.com to example.net) for sending e-mails from the mail servers of the domain where the SPF record is hosted.
  • “all”, all mechanisms after it are to be ignored.
  • “a”, if you pick A, it means the A or AAAA records have to match with the return path for e-mails to be allowed.
  • “ptr”, picking this means the PTR query has to be performed and to match the return path. Only if there’s a match, there’s allowance.
  • “mx”, picking this means an MX query has to be performed and to match the return path. Only if there’s a match, there’s allowance.
  • “exists”, used for complex queries.
  • “ip4”, checks A records exclusively to verify whether addresses correspond to the domain or not.
  • “ip6”, checks AAAA records exclusively to verify whether addresses correspond to the domain or not.

DNS SPF qualifiers:

  • “+” means PASS. Therefore, messages from the domain should be accepted. 
  • “-” means FAIL. Messages from the domain must be rejected.
  • “~” means SOFT TAIL. Messages from the domain should get a failed tag, but they can be allowed.
  • “?” means NEUTRAL. No policies are involved.

​How to use it to protect your domain reputation?

By enabling SPF, you will stop bad actors from sending e-mails from your domain. 

Your clients won’t receive malicious messages from your domain name, and you will avoid complaints and anger from them.

To prevent dangerous phishing is not minor. To be pointed as malicious, risky, or to be accused of stealing sensitive clients’ data can totally sink your domain’s reputation. 

Ensure that your legit messages successfully reach your clients and providers. 

You can plan the best promotions or punctually order new supplies. But if your messages can’t reach your clients or providers, results won’t be positive. This can happen because your e-mails go directly to the SPAM folder. If there’s no way to verify that your messages are legit, they can be discarded for security. 

Conclusion.

SPF is a great alley to protect your domain reputation. Avoid the risk of losing trustability, clients, or getting banned. Enable SPF!