Domain Name System (DNS)

Domain Name System (DNS)
Domain Name System, commonly known as DNS, is an important mechanism that plays a pivotal role in making the Internet usable, accountable and user – friendly. We could go on for pages and pages explaining how DNS works, the history of DNS and how DNS is maintained and regulated. But this guide will focus on the aspects of DNS that affect you as a web user, network administrator or a webmaster.

Domain Names and IP Addresses
Before we discuss domain names, it’s best to understand what an Internet Protocol (IP) address is. The most commonly used analogy for an IP address is that of a telephone number. Just like every phone has its own unique phone number, every device – including computers, laptops, routers and web servers – has its own unique IP address. IP address is expressed as a set of four numbers separated by dots, e.g. 192.168.1.1 or 209.59.220.168. The IP address helps devices identify and locate one another on the network, such as Internet. For instance, when you navigate to Google from your computer, your web browser is in essence “dialing” one of Google’s IP addresses. In fact, try it right now: type 72.14.204.99 into your browser bar and see where it takes you.

Of course, it’s unpractical that we as users would memorize IP addresses of every website we visit. This is where domain names come into play. A domain name is not a location itself, rather, it points to an IP address or a set of IP addresses for larger websites. That way, when you type in “google.com” into your browser, you are redirected to one of Google’s public IP addresses, also known as IP range. How does your browser know where to redirect you? That’s where DNS comes in.

How does DNS work?
DNS is like a massive phonebook for all IP addresses. When you type in a domain name, your computer will first contact a name server to “look up” the IP address that corresponds to the domain name in a process called “Resolving DNS”.

Unlike a phonebook, however, DNS is not a centralized server that contains all the domains and the IP addresses on the Internet. DNS is built as a distributed database of independent name servers. Each name server is responsible for mapping a certain set of domain names to IP addresses. There’s a complex system of redundancies, overlaps and failovers, but all you need to know is that when you type in a domain from anywhere in the world, it will always point to the same IP address. As a requirement, every website is required to have at least two name servers, in case one is unavailable.

Besides resolving IP addresses used for web browsing, DNS servers may also contain other information, such as MX records, used for email traffic, and others.

Domain Names Registration
An added benefit for using domain names instead of IP addresses is that it allows a webmaster to use a permanent name for their website and at the same time choose where that website will be hosted. A webmaster can switch to a different hosting provider at any time, a process that will most likely result in an IP change but keeping the name of the website (domain name) the same.

Domain names can be purchased from a variety of accredited domain registrars, such as Godaddy, eNom or Moniker. It doesn’t matter which domain name registrar you choose – these registrars act like middlemen that record your registration with the global DNS.

After registering your domain name, you can choose to forward it to a URL or IP address of your choosing. Setting custom name servers is useful if you are on a shared hosting plan where you share an IP address with several other websites. By referring your domain name to your web host’s name server, it can then handle the task of resolving requests to your registered domain to your website’s IP. You can also create custom name servers that will handle DNS on their own.

Whois and DNS Lookup
When you register a domain name, you are required to enter some information about yourself or your company. This usually includes the name of your technical administrator, your mailing address and a telephone number. This information is kept by the domain registrar in its Whois database and is typically available to the public. This keeps webmasters and email users accountable on the Web. By performing a Whois request for any given domain, you can learn which domain registrar maintains the domain name (i.e. GoDaddy, eNom), who the registrant is (i.e. Google or Microsoft or Kraft Foods) and the technical and/or administrative contacts (i.e. the company’s attorney or CTO). Furthermore, you can learn the IP address that the domain name is associated with by performing a DNS lookup. This reveals the IP address, name servers, MX records and other information about the domain.

Whois and DNS Lookup are important tools for helping consumers, regulatory authorities and other web users understand where emails, web content and other IP traffic comes from.

DNS Summary
In summary, this is what you need to know about DNS:
IP addresses are unique numerical identifiers for each device connected to the Internet. For example, 72.14.204.99.
Domain names are easy to remember, human-friendly entries that point to IP addresses. For example, Google.com.
DNS is the system that keeps track of all the domain names and which IP addresses they point to.
Note: Currently, we use a 32-bit IP address space, known as IPv4, such as those used in the examples in this article. But now, we’re running out of unique IPv4 addresses to assign. To solve this problem, the Internet has been transitioning to a 128-bit address space, known as IPv6, which is expressed as eight groups of four hexadecimal digits, e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334. This transition will expand the number of usable IPs from roughly 4.2 billion to 340 undecillion, which translates to more than the number of visible stars per every living person.

How to configure DNS zone for backup mail server

There are many circumstances when missing incoming email messages due to hardware or configuration errors is just not an option. While most relaying SMTP servers are configured to retry email message delivery several times by default, which provides some level of redundancy, there is no guarantee that that server won’t “give up” before your receiving mail server is back online. Thankfully Domain Name System (DNS) was specifically engineered to provide as many levels of redundancy as your needs require.

Configuring backup mail server in the DNS zone
Before I explain how to configure the DNS to resolve to a secondary node, let’s go over the basic concepts of computer support. First, I assume that the server that you’re configuring to run as your backup mail node is running on separate hardware from your primary mail server. Second, your primary mail server and your backup mail server are not configured to function interchangeably, i.e. your backup mail server will only store email messages in case your primary server isn’t able to receive them and will hold on to them indefinitely until it is able to successfully relay them to your primary mail server.

Ok, let’s start by opening your DNS zone file. Locate the primary MX record in your DNS zone that should look something like this:

domain.com. IN MX 10 mail.domain.com

To add a secondary DNS MX record for your backup mail server (backup-mail.domain.com), add the following line:

backup-mail.domain.com. IN MX 20 mail.domain.com

Besides setting the hostname for the mail server, we’ve also changed the priority of your backup mail server. DNS system will always try to deliver your incoming mail to the mail server, which has the priority set to the lowest value, in our case 10 for your primary server.

If the hostname of your backup mail server is not registered within the DNS system, which is almost always the case if you’re hosting your backup mail server on your own hardware, you must also add an A Record to your DNS zone as follows, replacing IP 111.112.113.114 used in the example below with the IP of your backup mail server:

backup-mail.domain.com. IN A 111.112.113.114

Now it’s time to revise the serial number of your DNS zone and to reload your DNS system. You can read about this step in our article on setting up bind DNS server.

The only thing that remains to be done is to configure the backup mail server to relay all incoming emails to your primary mail server. Most mail servers and service providers include this functionality out of the box.

How to set up Bind DNS Server on Windows

Install Bind Software
1. Download the lastest version of bind DNS server at https://www.isc.org/downloads/current
2. Unzip all the files into any folder
3. Run BINDInstall, located in the folder where you extracted the zip files
4. During the install process:
– Enter “c:\bind” (without quotes) as a target directory
– Enter “bind” (without quotes) as a service account name and enter password for the service
– Check “Automatic Startup”
– Check “Keep Config Files”
– Click “Install”

Ok, so at this point you have Bind Software installed, let’s have it configured with these computer services for windows.
Configure Bind DNS Server
1. Create directory “c:\bind\zones”
2. Download named.conf.txt and example.com.txt and save them as follows:
– “c:\bind\etc\named.conf.txt”
a) Rename “named.conf.txt” to “named.conf”
a) Open named.conf in a text editor and replace all instances of “example.com” with your domain name
– “c:\bind\zones\example.com.txt”
a) Open “example.com.txt” in a text editor and replace all instances of “example.com” with your domain name
b) Replace all instances of “IP.ADD.RE.SS” with your actual IP Address and Save file
a) Rename “example.com.txt” to your domain name with an extension “.txt” at the end
3. Open Command Prompt (cmd.exe) and enter the following 3 commands:
cd c:\bind\bin
rndc-confgen -a
4. Open “c:\bind\etc\rndc.key” in a text editor and copy the key “rndc-key” section of the file to clipboard
5. Open “c:\bind\etc\named.conf” in a text editor and paste the key “rndc-key” section between “options” and “zone” sections
To reload changes that you’ve made, open Command Prompt and enter the following 2 commands:
cd c:\bind\bin
rndc reload

Every time you make changes to your configuration or zone files, you have to reload the server by issued the two commands above.

You can ensure that your DNS server is working properly by using our DNS Lookup Tool

If you changed nameserver hostnames that are registered with your registrar, please allow several hours for DNS changes to propagate.

ISC Bind Troubleshooting
1. If your ISC Bind service doesn’t start under Administrative Tools -> Services, try changing the user to “Local System” and try again.

2. If Bind doesn’t start, check the Security Settings of the c:\bind directory to make sure it has the account that Bind runs under listed.

3. If Bind started but the website is not working, your firewall might be blocking it. Start Windows Firewall with advanced security and add Incoming Rule UDP port 53.

How does SMTP Test Tool work?

How does SMTP Test Tool work?
SMTP stands for Simple Mail Transfer Protocol, and it’s the Internet standard for sending and receiving emails. The SMTP test tool lets you check to see if your mail server is accepting or relaying emails properly. This is useful if you are troubleshooting an individual email account, email client or server-side script. Occasionally, the port that your mail server uses – usually port 25 or port 587 – will be blocked by an Internet service provider to reduce outgoing spam. The SMTP test tool sends a set of TCP requests to the mail server to see if it is responsive. This can help you isolate the issue to a server, client, authentication or Internet service provider issue. In a successful SMTP mail transfer, an email message is sent from a device’s email client via an SMTP port. This is sent to a mail server, which then sends the message to the mail transfer agent. The mail transfer agent will then query the domain of the outgoing email address in order to determine the location for the recipient’s mail server (contained in the MX records). Once the host of the recipient’s mail server is ascertained, the mail transfer agent connects to the recipient’s mail server and sends the email.

As you can imagine, there are a number of points along this chain where there can be errors. The SMTP check can help you identify where your send mail request is encountering issues. Depending on the mail server, you’ll receive a series of responses, possibly with comments to help explain them. There are also a number of SMTP codes:
Code: 220 – Message: Service ready
Code: 221 – Message: Service closing transmission channel
Code: 250 – Message: Requested mail action okay, completed
Code: 251 – Message: User not local – forward to [path]
Additionally, there are a few common SMTP error codes as well:
Error: 450 – Mailbox unavailable
Error: 451 – Local error in processing
Error: 451 – Insufficient system storage
Error: 500 – Syntax error (command unrecognized)
Error: 501 – Syntax error (bad parameter or argument)
Error: 521 – Domain does not accept email
Error: 535 – Authentication unsuccessful (bad username or password)
Error: 530 – Access denied
Use these SMTP codes when discussing your problem with your administrator or researching possible solutions.

Additionally SMTP test tool will determine latency of each command and test to make sure that your mail server can’t be hijacked to relay unsolicited email (SPAM).

What is a Domain DNS Blacklist?

What is a Domain DNS Blacklist?
A DNSBL, or a domain name server – based blacklist, DNS block list or domain blacklist is a list of IP addresses referenced by DNS server software to check if an email sender is a known spammer. Most mail servers will check DNSBLs to see if the sender’s domain name is associated with spammers, and occasionally if any of the links contained in the email are spam links. While DNSBLs can be a powerful tool for stemming the flow of spam, there are occasional false positives that result in legitimate email being flagged as spam and rejected by mail servers. The domain blacklist lookup tool lets you input a domain to see if it’s listed on any domain blacklists. This tool checks a number of the most commonly referenced DSBLs to see if the domain has been marked as a source of spam. This checks the host address against domain DNSBLs and also resolves DNS MX and A records and checks them against IP-based DNSBLs.

There are a number of reasons you may be included on a DNBSL, even if you’re not a spammer. For example, if your email account was hacked, or if your computer was exploited by a spammer virus, your IP address could be added to a DNSBL. This can prevent you from using your home computer or a personal web server from sending email.

Also, “spam – support operations” are also included in some DNSBLs. Spam support operations are sites that don’t directly send spam, but may provide services to spammers, such as web hosting. This can be problematic if spammers share the same web server (and thus the same IP address) as legitimate users. It’s possible that IP addresses and domains that are common to the spammer’s web server can also be improperly marked as spam.

If the domain blacklist check determines that you’ve been listed on any of the major DNSBLs, you can usually get yourself removed by contacting the DNSBL operator. Sometimes, this is a simple as filling out a form or sending a request. Other times, you may have to pay a fee, or meet certain criteria to prove that you are not a spammer.

At any rate, it’s helpful to know if you are listed on any blacklists. While not all mail servers filter according to all DNSBLs, it can explain why some of your emails are not reaching recipients.

What are MX Records?

What are MX Records?
Mail exchange (MX) records are resources maintained by a domain name system (DNS) that route email traffic to the correct mail server. Just as DNS helps point browsers to the correct IP address for retrieving web pages, MX records are the part of the DNS that help email messages reach their final destination. Remember from our article on Domain Name Systems that a domain name, such as example.com, is not an address in itself. Instead, a domain name is a reference to the IP address. As you know, email addresses include a username, or mailbox and a domain name separated by an @ sign, e.g. name@example.com. MX record ensures that incoming mail gets routed to the correct mail server that’s associated with the domain name portion of an email address.

When you send an email, your mail transfer agent sends a request to the DNS for the domain to look up the MX records. The MX records will relay the hostnames where mail is being accepted to the mail transfer agent. Once the hostname is determined, your mail transfer agent can make an SMTP connection with the recipient’s mail server in order to send the email.

Oftentimes, there will be multiple MX records for each domain. This is to provide backup mail exchange records in case the primary server gets overloaded or is temporarily down. Also, MX records are where spam filtering software is located. Before resolving the recipient’s domain name for your mail transfer agent, the spam software will analyze your message for signs of malicious content, viruses or evidence of spam. MX records will often reference blacklists, which is list of domains or hosts for known or suspected spammers. Emails from these sources will be rejected on the mail server level.

Occasionally, legitimate email users may be added to one or more blacklists. If this occurs, the IP blacklist lookup tool can be helpful for checking to see which, if any, blacklists your domain is on. If your domain or IP address appears on an DNS blacklist, you can usually contact the party that maintains the blacklist to have it removed.

If you want to check to see which mail server an incoming email is coming from, you can use the MX records lookup tool. Spammers often send spam from fake email addresses. If the MX records lookup tool cannot find any mail servers for an email address, it may mean that the email address is spoofed or invalid. You can also check to see if the mail is coming from a mail server that has been blacklisted by cross-referencing it on the IP blacklist lookup tool.

What is Port Scanning?

What is Port Scanning?
Port scan lets you check to see if ports on a host or at a specific IP address are responding. This is useful for checking the status for remote servers or for your local machine. For security purposes, many servers and devices will block individual ports, ranges of ports or ports designated for certain types of protocols. Blocking ports, however, is a double – edged sword – while you may block users and other agents from unauthorized access to your network or device, you may also be hindering protocols or clients (such as email, HTTP, or FTP) from accessing your machine.
Understanding Network Ports
If an IP address is like a server or computer’s phone number, a port is like an extension that’s dedicated to a certain department. Ideally, each application or protocol uses a designated port. For example, web browsers exchange data via port 80, which is reserved for HTTP connections. Mail servers send mail using the Simple Mail Transfer Protocol (SMTP) port, which is usually 25. By using port 25 as the standard port for receiving mail, servers know to “listen” at that port for any incoming traffic.

If a particular port is blocked or the server is not listening at the port, data and requests to it will go unanswered. This is just like if you dialed an extension that didn’t exist – no one would be there to answer it.
What is Port Scanning used for?
Port scanning helps you identify open ports through which you can communicate with a server or remote computer. This can also help you troubleshoot your own servers or network devices. For example, if your web server isn’t responding on port 80, then clearly there is something wrong with your network configuration – perhaps a firewall is set up incorrectly, or a name server is misconfigured.

Port scanning is also helpful for setting up applications which may not have designated ports, such as peer – to – peer file sharing applications, online games and web services. If a particular application is having trouble reaching the Internet, try running a port scan on your own machine to see which ports are open. Then, change the port for the program to listen on in your application preferences.

You can also use a port scan on a remote web server in order to determine which services are available.

Common port numbers include:
Port 21 (FTP) – File Transfer
Port 23 (Telnet)
Port 25 (SMTP) – Email
Port 80 (HTTP) – Web browsers
Port 110 (POP3) – Email
Port 1433 (MSSQL) SQL Server Database
Port 3306 (MySQL) – Databases
Port 8080 (Webcache) – Firewall Access
Note: Servers can allow or disallow access at ports based on the IP address of the requester. For example, your company may allow you to access your company’s network from your home office, but disallow access if you try to connect from a public wireless network at a cafe or library.

Also note that your ISP may block certain ports. For example, port 25 is often blocked to prevent spammers from sending outgoing emails from a dynamic IP.

What is Reverse DNS Lookup?

What is Reverse DNS Lookup?
A reverse DNS lookup is exactly what it sounds like – rather than entering a domain name to determine the IP address it points to, you can enter an IP address and find out which domain name is the IP associated with. Also called PTR record lookup, reverse DNS is useful for preventing spam and validating relationships between IP assignees and domain registrants. Note: it is possible for multiple domain names to point to the same IP address or host. This is common for websites who buy up multiple top level domain names to avoid confusion (i.e. example.com, example.net, example.org). Shared web hosting services will also have numerous domains pointing to them.

A reverse DNS search can be helpful for a number of purposes. For web analytics and Internet traffic analysis, you can use a reverse DNS search to learn which Internet service provider (ISP) your visitors are using.

Reverse DNS is also helpful for network diagnostics. For example, when you run a traceroute, you’ll see each hop as an IP address, rather than a resolved domain name. Reverse DNS lookup lets you convert these IP addresses into meaningful host names.

Reverse DNS lookup may also be helpful for investigating or preventing spam. For example, a forward confirmed reverse DNS can help you when building a whitelist for email senders by ensuring that the registrar of a domain is the same as the IP assignee. This helps mitigate attacks or spam from hackers using zombie computers or forged domains.

For more information about an IP address assignee, you should also run a Whois IP search.

What is Whois by IP?

What is Whois by IP?
Whois request tells you information about the owner of a web server or device connected to the Internet. Whois searches can be conducted by entering a domain name or an IP address. An IP Whois address queries the Whois database maintained by a Regional Internet Registry (RIR). For example, the American Registry for Internet Numbers (ARIN) manages the distribution of IP addresses in the U.S., Canada and several Caribbean islands. Information that you’ll find with an IP Whois lookup is different from what you’d get from a Whois domain search, because it comes from a different database. Whois domain queries are usually fielded by the domain registrar, whereas IP Whois searches are returned by the registrar that keeps track of IP addresses. For an explanation of the differences between a domain and IP address and how they are registered, read our article on DNS lookup.

Just as domain registrants are required to provide certain contact information, those registering IP addresses must also include identifying information. An IP Whois search lets you access this information.

While the exact amount and type of information you receive from an IP Whois search depends on the RIR that oversees the IP, you’ll typically be able to view:
Contact information
Netrange (a range of IP addresses assigned to the registrant)
Netname (an identifier for the registrant)
Nameservers
Registration dates
Organization names and ID (used for referencing records)
IP Whois can also return domain names that point to any given IP address. This is also called a reverse DNS lookup or reverse IP search. However, note that domain names are never permanently married to an IP address and can be redirected and registered at will by the registrant. Also note that multiple domain name can point to the same IP address.
How to use IP Whois Lookup?
IP Whois search is useful if you are trying to determine the source of web traffic, requests or other activity based on server logs. For example, if you are receiving spam or hacking attempts from a certain IP range, an IP Whois search may be able to help you get to the bottom of the situation. However, note that it is possible to “spoof” your IP address, thereby nullifying the benefits of an IP Whois search. An IP Whois search is a useful tool for analytics, as it lets you know which ISP your visitors are using.

What is an IP DNS Blacklist?

What is an IP DNS Blacklist?
IP blacklists are maintained lists of known or suspected spammers. This IP blacklist tool checks to see if your IP address is included on a public IP blacklist. Occasionally, legitimate websites or mail servers can be erroneously included into IP blacklists. This can cause your emails to be rejected when they are processed by the receiving SMTP server.
How IP Blacklists Work
There are a number of organizations that keep track of IP blacklists. IP addresses of possible spammers are collected either by individual users reporting spam, or by setting up “honeypots.” A honeypot is a monitored mailbox or area of a network that is designed as a trap for detecting spammers. Another popular method for creating IP blacklists is to collect the links that are contained within spam emails (and only spam emails). URI blacklists include the domain names and IP addresses of spam links included in spam emails.

Spam protection software is usually built into most mail servers, which reference any incoming emails against these public DNS blacklists. When a mail transfer agent queries a DNS seeking the hostname for the recipient’s mail server, it will usually check the sender’s domain and IP address against one or more IP blacklists. Depending on the mail server’s settings, the message will be rejected or discarded if the sender’s IP address matches one found on the IP blacklist.
Getting Removed from Blacklists
If your email account is hijacked by a spammer or hacker, or if you unknowingly share a shared web server with a spammer, your IP address may also be flagged as spam. You may also be added to a spam list or spam database if you are reported for abuse for a mistaken or disgruntled email user. For example, Cragislist.org posters are often flagged as spammers by competitors or if a Craigslist user misinterpreted the terms of the posting.

You can often get removed from a blacklist by appealing to the operator of the blacklist. When you use the IP blacklist lookup tool, you’ll be able to see which blacklists your IP address is included in. Take note of these blacklists and get in contact with the organization or individual who is responsible for maintaining the list.