Managing DNS for web hosting
What is The Domain Name System (DNS)
The DNS is a distributed, hierarchical database, translating IP addresses, such as 192.0.2.30, into human-friendly domain names such as example.com, making it possible to use the Internet without having to remember numbers.
Many people compare the DNS as the phone book of the Internet. However, it’s not a phone book that you have to leaf through; the DNS usually works so fast that you don’t even notice it’s there.
Why should you learn DNS?
Learning DNS basics will enable you to have more freedom to use your domain name to achieve your objectives.
If you want to migrate your website to another web hosting service for whatever reason, understanding DNS will enable you to move your website, email, and other services without interruptions in service.
Even if you hire a technical consultant to help you with your web hosting, understanding DNS will help you to communicate your goals to the consultant and understand your options.
Domain Name Registrar
When you register (i.e., purchase) a domain name you use a Domain Name Registrar, which is an organization that manages the registration of Internet domain names. Most Domain Name Registrars also provide hosting services, but some do not.
Regardless whether your registrar provides hosting services or not, you can choose to host your domain name at any hosting service that you want. The key is to know enough about the DNS to decide what you want to do and make it happen. The first step in the right direction is to learn about where the information about your domain name’s stored and how you can access it.
DNS zone files
DNS zone files are simple text files that describe your domain name, telling the Internet where to find your website, how to route email to you, and so on.
You have access to the zone files on the primary name server where the master copy is stored. You can edit your zone file using your web hosting service’s web hosting control panel.
Your hosting service will provide a primary and at least one secondary name server for your domain name.
A common misconception is that only the primary name server but, in fact, secondary name servers are authoritative too. The secondary name servers keep their copy of your zone file synched with the master copy on the primary name server, providing some redundancy and load balancing.
Here are what a primary and secondary name server would typically look like:
When you change DNS hosting, which you’d typically do when you switch web hosting providers, you’ll transfer the authority for your domain (zone) to the new hosting provider.
The DNS host is where you manage your DNS zone file records. Frequently, people host their website at the same hosting service as their DNS, but that’s not a requirement.
Web Hosting Service
Web hosting services provide the storage and the services needed for you to publish your website to the Web. There are three basic types of web hosting plans:
- Shared Web hosting plans, where your website will be housed on a server shared with other customers of your web hosting service. Shared hosting works well for many small businesses and hobbyists.
- Managed Hosting, or Dedicated server hosting plans is where the web hosting service leases a dedicated server to you, providing you access to all the CPU computing power of the server, access to more bandwidth, and more support. If your website’s traffic is starting to push the limits of your shared hosting, then it’s time to consider managed/dedicated hosting. Read our Dedicated Server Hosting guide to learn more about dedicated server hosting.
- Virtual Private Server (VPS) hosting plans are a hybrid between shared and managed hosting, whereby your website is hosted on its virtual private server with dedicated resources, though it does share hardware and some other resources with other customers. With VPS hosting you often will have close to full control (root access) to your virtual server, so you’re free to customize the configuration to your requirements, and install any software packages that you want. Read our VPS Hosting guide to learn more about VPS hosting.
Most web hosting services offer email hosting that comes with your web hosting package, and many web hosting customers host both their web and email at the same hosting service.
Since email hosting services focus exclusively on email, they sometimes provide better email service and sometimes provide better email deliverability.
Manage your DNS using your web hosting control panel
A web hosting control panel is a web-interface that makes it easy to manage your web hosting account without extensive technical skills. Most web hosting accounts come with a control panel enabling you to manage your website, email, domain names, and DNS.
While the control panel makes it possible to for you to manage your DNS without in-depth technical knowledge, it’s still important to understand how DNS works.
Hosts: On the Internet, hosts refer to host computers named by combining their local names with their parent domain name. In email.example.com, email is the host.
Subdomain: A “subdomain” is a domain that’s part of another domain, so in blog.example.com is part of example.com.
While they are similar concepts, an Internet host refers to a host computer and a subdomain extends the domain name itself.
Hostnames refer to a computer or resource; a subdomain extends the domain. So www.example.com is a host, while www is a subdomain.
The difference between a hostname and a subdomain is that a host defines a computer or resource, while a subdomain extends its parent domain. Subdomains provide a method of extending the domain name itself.
To learn more about web hosting control panels, read our ultimate guide to web panels.
DNS record types
Most web hosting services provide access to these record types though they may call this feature something different. Look for something called the DNS Manager, DNS zone editor, DNS control panel, or something similar.
Your Name Servers’ DNS zone file, which contains the rest of the record types. Your hosting provider’s name is the authoritative source of information about how to reach your website and how email should be routed to reach you at your domain name.
If you decide to change from one hosting provider to another provider, one of the changes you’ll make will be to change the Nameservers to point at the new host.
There are typically two or three name servers listed for any given domain name. Name servers commonly look like this within your hosting service’s control panel.
Time to Live (TTL)
Other name servers cache this information for a defined period often measured in seconds but sometimes measured in hours.
A TTL of 43,200 seconds (12 hours) would tell other name servers that are not authoritative for your zone (domain name) and are currently caching your zone file, only to cache your zone file for 12 hours. Setting a TTL is crucial, otherwise, caching name servers would serve out-of-date information on your domain name if you changed anything.
If you’re making changes to your DNS zone file, you may want to temporarily reduce the TTL for the records you’re changing, speeding up the propagation of these changes across the Internet.
Once the changes have taken effect, it’s a good idea to change the TTL back to the default value your host set. Otherwise, the low TTL will generate a lot of unnecessary DNS lookup traffic as caching name servers clear their caches of your zone file data too frequently, making too many DNS lookups to your authoritative name servers, possibly slowing down the performance of your website and other services.
An (Address) records maps a domain name or subdomain to an IP address. Since every resource on the Internet has an IP address, all DNS zone files will contain A records.
A records are the most commonly used record type as the fundamental task of the Domain Name System is to translate IP addresses into human-readable domain names.
The predominate IP address version you’ll encounter is IPv4, which are 32-bit IP addresses with four octets separated by dots.
Here are some example A records. Note that some DNS hosts use the domain itself to represent the root domain (example.com), while other hosting services use the @ symbol to represent example.com for brevity.
Check your hosting services knowledge base (documentation) and take a look at the formatting your hosting service’s control panel uses.
Here are a couple of examples of the same zone file using different conventions you might encounter them in your hosting service’s web hosting control panel.
Here’s what the same zone file might look like at another hosting service.
AAAA records (pronounced quad-A) point at IPv6 addresses. Since IPv4 is still predominant, it’s unlikely you’ll need to edit this kind of record, though here’s an example to you’ll recognize AAAA records when you see them.
CNAME (Canonical Name) records map an alias hostname to another hostname. Think of the canonical name as the “real name” and the alias as the “nickname.”
And here’s a CNAME pointing to an external website.
Mail Exchanger (MX) records specify the mail servers to which Mail Transfer Agents (MTA’s) should route incoming mail.
Each MX record includes the domain name of the mail server and a preference value, telling Mail Transfer Agents (MTA’s) to try the mail servers starting with the lowest number first.
Pointer (PTR) records, counterparts to A records, map IP address back to domain names. It’s mostly used by servers to verify that a specific IP address is associated with a specific domain name or host. Very few hosting providers provide access to change PTR records, and the syntax is a bit convoluted, so we’ll leave out the examples.
A TXT record (text record) enables domain owners to associate text with their domain name.
As a web hosting service user, you’ll want to know how to use TXT records for email authentication.
As a domain name owner, you’ll want to protect your domain name and your company reputation from “email spoofing” by spammers and phishers. Most scammers mask their own identity by using other people’s domain names to send out millions of spam or phishing emails.
Sender Policy Framework (SPF) records help protect you from email spoofing by enabling you to provide a list of email senders you’ve authorized to send email on your behalf. This list would include your email host, your Email Service Provider (ESP), your transactional email service provider (the service that sends receipts and the like), and any other services you use to send outgoing email.
For example, if you used Google to host your day-to-day email and MailChimp to send your email newsletter, and transactional emails using a dedicated IP address, your SPF record might look something like this:
Note: Many Email Service Providers (ESP’s) use their domain names in the _Mail From”_address that’s in the headers of the email. It’s still a good idea to implement SPF record for the Display From, the email address you send email from.
Domain Keys Identified Mail (DKIM) enables the email receiver to verify the identity of the sender but also that the message hasn’t been altered in transit. DKIM uses a public key published as a TXT record in the domain name’s zone file, and a private key held by the sender. The sender adds a digital signature to the headers of each email vouching for the identity of the sender and that the email hasn’t been modified since it was sent.
Check the documentation of your email host and other email sending services for instructions for generating the public key, frequently done through your email service’s interface, copying the public key into your DNS as a TXT record.
Here’s an example of DKIM using TXT records:
Some Email Service Providers (ESPs) ask you to use a CNAME to point at their DKIM.
Check the email services knowledge base for exact instructions on exactly how to implement DKIM for the email service in question.
Domain-based Message Authentication (DMARC) builds on SPF and DKIM by publishing policies telling email receivers how to handle authentication failures, providing reporting to domain owners, so they know how their domain name’s being used.
DMARC is considerably more complex than SPF and DKIM to implement, so it’s probably best to seek the help of an expert if you decide to implement DMARC.
Many email deliverability experts think that DMARC is the future of email deliverability and that we’re moving toward a day when it’ll be hard to deliver email without DMARC implemented successfully.
Here’s an example of a DMARC policy that calls for email that fails email authentication to be rejected, and sends aggregate reports on authentication failures to email@example.com.
Web-based DNS tools
- Mxtoolbox is a popular network diagnostic and lookup tool. With Mxtoolbox, you can do everything from diagnosing DNS problems to checking to see if IP addresses and domain names are on any blacklists.
- SPF Survey is a useful tool for validating your SPF record. It returns a pass or fails with valuable details in case there’s a problem.
- DKIM Inspector enables you to inspect and validate your DKIM records.
- DMARC Inspector enables you to inspect the DMARC record for your domain name.
- Whois Lookup queries the whois database that contains the hosting information on registered domain names and will tell you if the domain you’re interested in is available.
Learning the basics of DNS will enable you to make better use of your web and email hosting, giving you the power to make changes, and even change hosting services.
Whether you’re just starting out hosting your first domain name or are already using web hosting services, there may come a time when you want to migrate your website to a new hosting service.
Knowing that you’ll need to change the nameservers to the new host after you’ve gotten your website up and running at the new hosting service, will enable you to make this transition. You’ll still want to read the documentation provided for making the transition, but having some DNS knowledge will make it much easier to grasp.
If you decide to host your email at a different service than your website, knowing that it’s the MX records that control routing of email, will help you discern what information you need from your new host to seamlessly make the transition to the new host.
Many services use DNS as a way of verifying ownership of domain names. They ask that you create a TXT record or a CNAME record to prove that you are either the owner of the domain or someone authorized to administer the DNS. Knowing what CNAME and TXT records are and how to edit them will enable you to verify domain name ownership efficiently.
The typical Internet user makes hundreds of DNS queries every day without having to memorize a single number. DNS is the unsung hero of the Internet, running quietly behind the scenes.