Chapter 3. Domain Name System

Table of Contents

Introduction to DNS Configuration
Purchase Domain Name Through the Registrar
Configure Name Servers at the Registrar
Configure DNS for Rackspace Machine
Name Server Entries
Verify DNS with `ping` & `dig`
DNS Check Point

Introduction to DNS Configuration Top of Page

In this chapter we'll configure our virtual machine to work with DNS (Domain Name System). The essence of DNS is to map a human-readable name to an IP address.[7] In particular, we want a name of our choice to be mapped to the IP address of the machine that we launched previously. DNS can be a complicated arrangement to set up in some cases, but we'll stick with the basics. To understand more about how DNS works, you can reference the tutorial How DNS Works by Tech Republic and/or How DNS Works by HowStuffWorks . The steps we'll follow are listed here for clarity:

  1. Purchase domain name at an accredited registrar.
  2. Configure the name at the registrar to point to the authoritative name servers for that domain name.
  3. Configure the DNS zone via Rackspace to hold Resource Records for our machine.
  4. Create the appropriate enties for our machine.
  5. Verify our configuration.

Purchase Domain Name Through the Registrar Top of Page

Domain names are controlled and sold through an accredited registrar. This makes it possible for the "name -> IP address" configuration to propagate throughout the entire world. There are many registrars available. Listed below are three of the most popular.

There are so many registrars and different interfaces it is beyond the scope of this class to guide you through the purchase of a domain name. If you have trouble, call the registrar on the phone or contact their support desk and have them guide you through the process. Most likely, you'll have to create an account with the registrar to purchase the domain name. No matter where you purchase the name, or what the interface looks like, the mission is the same: the configuration of the name at the registrar needs to point to the rackspace name servers as indicated below. While you're logged in to the name registrar interface, during the purchase process, configure the name that you purchase to point to the Rackspace name servers as shown in the screen shot below.

Configure Name Servers at the Registrar Top of Page

When you purchase the domain name through the registrar, there will be a configuration setting for the name servers that will hold the crucial IP address information for the domain name. Each interface will be different, depending on where the name is purchased. However, it will be somewhat similar to the configuration that is shown below.

Figure 3.1. Name server Configuration

Name server Configuration

This configuration must be in place or the name will not resolve to the correct IP address. The Rackspace DNS servers are shown in the image above. Enter those names into the configuration for your domain name at the registrar where you purchased the domain name. Don't go any further until you have the name server information entered correctly at the name registrar. Rackspace provides a "How-To" article on Getting Started with Rackspace Nameservers .

Configure DNS for Rackspace Machine Top of Page

Once the configuration is in place at the name registrar, we can continue to configure the DNS zone in the Rackspace interface. The steps below, following the next two screen shots, outline the process.

Figure 3.2. Configure Rackspace DNS #1

Configure Rackspace DNS #1

Figure 3.3. Configure Rackspace DNS #2

Configure Rackspace DNS #2

  1. Click on "Networking" then "Cloud DNS".
  2. Click on Create Domain.
  3. Enter your domain name and contact email address; leave TTL at 5 minutes.
  4. Click on create domain

The sequence below shows creating individual records for the domain. There are many record types possible, but we only need a few for this class. We are going to create all the records that we'll need in this chapter, but we won't use some of them until later chapters.

Figure 3.4. Configure Rackspace DNS #3

Configure Rackspace DNS #3

  1. Note there are two NS entries that are automatically populated, leave them alone.
  2. Click on Add Record.
  3. Leave record type to A/AAAA.
  4. Enter 'alpha' into Hostname.
  5. Enter the public IP for your machine. It is listed in the Rackspace server configuration.
  6. Leave TTL at 5 minutes.
  7. Click Add Record.

An A (or AAAA) record points directly from a name to an IP address. Next we'll create a CNAME record, which points from a name to another name. See the screen shot and instructions below.

Figure 3.5. Configure Rackspace DNS #4

Configure Rackspace DNS #4

  1. Again, click on Add Record.
  2. Set type to CNAME.
  3. In hostname, type 'www'.
  4. In Target (Domain), type 'alpha.domain name'.
  5. Leave TTL at 5 minutes.
  6. Click on Add Record.

Name Server Entries Top of Page

With those records created, we'll now create several more. Look at the list below, and create a record for each one listed in the screen shot. Some of these will be explained in later chapters. There's one called a TXT record. The content of that record is 'v=spf1 mx -all'. It will be necessary for email to route, which will be covered later.[8]

Figure 3.6. List of DNS Entries

List of DNS Entries

Your DNS records should look like the screen shot above, except for the IP address - which should be the IP address of your server. Now it's time to configure a reverse DNS entry for your server. Reverse DNS verifies that the IP address is connected to the domain name. Reverse DNS entries are useful for many reasons, one of them being proper mail delivery.

[Important] Create the MX Record for Your Server

You should create an MX record that points directly to your server. You can see that in my record, the MX record points to a different server. That's becase mail for my domain is configured to be handled by a different machine. For this class, you will want your server to handle mail for your domain. Therefore, the MX record should point to alpha.<your-domain.name>.

After you've created all the records as indicated, click out of the DNS interface and go back to the Rackspace interface for the server. We need to create what's called a 'Reverse DNS' record.[9]

Figure 3.7. Configure Reverse DNS

Configure Reverse DNS

  1. In the Rackspace interface, next to "Reverse DNS", click on Add Record.
  2. When the dialog box opens, enter the fully qualified domain name (FQDN) of your machine into the field as shown.
  3. Click on "Save Record".
[Note] Ping Your Machine without the 'www'

It's possible to get your machine to `ping` and resolve itself via DNS by using the domain name only. To do that, create an 'A' record for <domain-name>.com (or whatever your domain is) and enter the IP address of your server. For the "talos-iv.net" address, it would look like this: 'talos-iv.net A 23.253.246.180'. NOTE that this record needs to be an A (or AAAA) type, not a CNAME.

That should complete our DNS configuration. In the next section we'll verify what we've done. For additional info, see the Create DNS Records with the RackSpace Control Panel article.

Verify DNS with `ping` & `dig` Top of Page

Now it's time to verify that DNS is working.

  1. You should be able to successfully ping your new machine by name: `ping -c 4 alpha.<your-domain.name>`.
  2. You should be able to successfully ping your new machine by the www CNAME: `ping -c 4 www.<your-domain.name>`.
  3. If you set up an A record for the unqualified domain name, it should ping as well: `ping -c 4 <your-domain.name>`.
  4. See below for successful details.
    05:48:05
    bob@intrepid ~/git/webserver7/
    --> ping -c 4 alpha.talos-iv.net
    PING alpha.talos-iv.net (23.253.246.180) 56(84) bytes of data.
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=1 ttl=50 time=23.7 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=2 ttl=50 time=22.4 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=3 ttl=50 time=24.5 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=4 ttl=50 time=23.8 ms

    --- alpha.talos-iv.net ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 22.402/23.625/24.511/0.780 ms
    05:48:16
    bob@intrepid ~/git/webserver7/
    --> ping -c 4 www.talos-iv.net
    PING alpha.talos-iv.net (23.253.246.180) 56(84) bytes of data.
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=1 ttl=50 time=20.5 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=2 ttl=50 time=42.9 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=3 ttl=50 time=21.1 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=4 ttl=50 time=25.0 ms

    --- alpha.talos-iv.net ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 20.546/27.424/42.932/9.118 ms
    05:48:30
    bob@intrepid ~/git/webserver7/
    --> ping -c 4 talos-iv.net
    PING talos-iv.net (23.253.246.180) 56(84) bytes of data.
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=1 ttl=50 time=23.1 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=2 ttl=50 time=20.9 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=3 ttl=50 time=19.4 ms
    64 bytes from alpha.talos-iv.net (23.253.246.180): icmp_seq=4 ttl=50 time=23.1 ms

    --- talos-iv.net ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 19.488/21.707/23.199/1.564 ms
    05:48:40
    bob@intrepid ~/git/webserver7/
    --> 
    

Now we'll use another tool called dig to garner DNS information from the name servers.

Figure 3.8. 'dig' DNS Name

Use 'dig' for information about DNS Name

In the image above, the `dig` command was used. As shown, the command was issued against 'alpha.talos-iv.net', and it shows that there is an A record with the name to IP address mapping. This is what we would expect, since we set it up that way. Listed below are several other checks that can be done with dig to troubleshoot DNS. See the notes below the listing for details.

    06:11:05
    bob@intrepid ~/git/webserver7/
    --> dig www.talos-iv.net1

    ;  DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23  www.talos-iv.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER opcode: QUERY, status: NOERROR, id: 20876
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 12

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;www.talos-iv.net.          IN      A

    ;; ANSWER SECTION:
    www.talos-iv.net.   299     IN      CNAME   alpha.talos-iv.net.3
    alpha.talos-iv.net. 299     IN      A       23.253.246.180

    ;; Query time: 72 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 27 06:11:28 CDT 2016
    ;; MSG SIZE  rcvd: 81

    06:11:28
    bob@intrepid ~/git/webserver7/
    --> dig MX talos-iv.net4

    ;  DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23  MX talos-iv.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER opcode: QUERY, status: NOERROR, id: 43219
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 15

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;talos-iv.net.                      IN      MX

    ;; ANSWER SECTION:
    talos-iv.net.               299     IN      MX      10 alpha.blue-meltdown.net.6

    ;; Query time: 71 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 27 06:11:50 CDT 2016
    ;; MSG SIZE  rcvd: 77

    06:11:50
    bob@intrepid ~/git/webserver7/
    --> dig NS talos-iv.net7

    ;  DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23  NS talos-iv.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 51631
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;talos-iv.net.                      IN      NS

    ;; ANSWER SECTION:
    talos-iv.net.               299     IN      NS      dns1.stabletransit.com.8
    talos-iv.net.               299     IN      NS      dns2.stabletransit.com.

    ;; Query time: 39 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 27 06:12:17 CDT 2016
    ;; MSG SIZE  rcvd: 96

    06:12:17
    bob@intrepid ~/git/webserver7/
    --> dig @dns1.stabletransit.com talos-iv.net9

    ;  DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23  @dns1.stabletransit.com talos-iv.net
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER opcode: QUERY, status: NOERROR, id: 19316
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 110
    ;; WARNING: recursion requested but not available

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;talos-iv.net.                      IN      A

    ;; ANSWER SECTION:
    talos-iv.net.               300     IN      A       23.253.246.180

    ;; AUTHORITY SECTION:
    talos-iv.net.               300     IN      NS      dns1.stabletransit.com.11
    talos-iv.net.               300     IN      NS      dns2.stabletransit.com.

    ;; Query time: 22 msec
    ;; SERVER: 69.20.95.4#53(69.20.95.4)
    ;; WHEN: Wed Jul 27 06:12:52 CDT 2016
    ;; MSG SIZE  rcvd: 112

    06:12:52
    bob@intrepid ~/git/webserver7/
    --> 
    

1

With this command the call is for information about the 'www' CNAME record.

2

This line shows that we have 2 answers. However, note that the AUTHORITY SECTION shows 0.

3

We got lots of information. There's the A record as well as the CNAME.

4

This call is for the MX records, which are the Mail eXchangers.

5

Once again, an ANSWER without AUTHORITY. It's valid information.

6

Note that - for this domain - the mail exchangers are NOT on the 'talos-iv.net' server. A different machine is handling mail for this domain.

7

Here the specific information requested is for the NS (Name Server) records. In essence, we're asking "who holds authoritarian records for 'talos-iv.net'?

8

Here's the answer. It's this way because this is how we configured it previously.

9

Now that we know who holds the AUTHORITY information for the domain, we can query the domain's name servers directly by using the '@' symbol.

10

Finally, we got an answer with AUTHORITY. Although not specifically requested, there are two servers listed. One will be the primary name server, and the other a secondary name server.

11

Note in this listing that we got not only what we asked for, which is the listing for the domain, but now there's an AUTHORITY section with more info about the name servers themselves.

DNS Check Point Top of Page

At this point, your Rackspace virtual machine should respond to `ping` commands by IP address and domain name. When this is in place, send me an email with your domain name and I'll verify that it's in place.



[7] Note the direction of the configuration: NAME -> IP Address. This is an important distinction with regards to a Reverse Record, which is IP Address -> Name. Also note that there can be many names pointing to a single IP Address, typically by A (or AAAA) records. However, there can only be one name to which an IP Address points. In other words, only one Reverse Record per IP address.

[8] It may not be apparent at this point, but email and DNS are closely tied together. Especially with the current trend of SPAM, etc. if you don't have the DNS records correct, many mail relays will refuse to transfer mail.

[9] Once again, a Reverse Record is necessary for mail routing. What it does is exactly what it says: it points from the IP address back to the name. This is the 'reverse' of what the A (and AAAA) records do, which is point from the name to the IP address.