DNS is one of those technologies that seem straightforward from the outside, but causes a lot of confusion when one is trying to configure a domain or two. My aim with this post is to hopefully help reduce the confusion instead of adding to it.

What is a DNS Server?

Domain Name System helps you to use friendly names for network resources instead of IP addresses, which may or may not be constant forever for a specific resource. This information is either known to you locally, or you are sent to another server where it may hold that information, or send you to another server. These servers are called DNS servers.

What does a DNS Server contain?

A DNS Server either returns the IP address(es) of the destination, or an alternative way to get the IP address(es) of the destination. It’s like a registry of where to find the information, akin to an index and references section in a book.

Tell me about the keywords I need to know

• A and AAAA records: These are the real names (code numbers/IP addresses of what you are looking for.)
• CNAME: These are like nicknames, they respond just the same.
• NS: If the server doesn’t know where to look, it tells you where else to look.
• SOA: Start of Authority, where to begin looking

How do I own a domain?

This question can also be phrased as “How do I register a domain?”, but I want it to be more nuanced than that.

You can register a domain: One can purchase a domain (I’ll take blog.svivekkrishna.cc as the example) on any popular DNS registrar. What they do is put this domain name on a global DNS system under a scheme called “NS”.

If you are trying to become a manager of a sub-domain, which is common if you are running a website inside your company. You would be able to use a DNS manager that a cloud provider comes with (Like AWS, GCP etc) to create a zone, which is another way of saying namespace. This is the step that I’ve seen trip up pretty much everyone. Just because you created a zone doesn’t mean you own the domain. You can create IP address and CNAME entries in it, but they aren’t worth anything unless the main domain knows that any look up for this subdomain should be sent to a DNS system operated by this provider. This is where the NS entries come into use. The NS information for this new sub domain must be set up in your main domain manager.

For example, blog.svivekkrishna.cc is hosted on public WordPress servers. When I set up the blog, WordPress gave me the NS information I had to put into svivekkrishna.cc so that when you try to access the blog, it starts looking for where to find the site on the WordPress name servers. The following dig commands should make it clearer.

DNS lookup information for svivekkrishna.cc

> dig svivekkrishna.cc

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> svivekkrishna.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65166
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;svivekkrishna.cc.              IN      A

;; AUTHORITY SECTION:
svivekkrishna.cc.       3600    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1708753429 43200 3600 604800 3601

;; Query time: 191 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Nov 30 10:03:02 IST 2024
;; MSG SIZE  rcvd: 118

In this, svivekkrishna.cc has a SOA which would be the global registrar’s server.

DNS lookup information for blog.svivekkrishna.cc

> dig blog.svivekkrishna.cc ns

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> blog.svivekkrishna.cc ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57636
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;blog.svivekkrishna.cc.         IN      NS

;; ANSWER SECTION:
blog.svivekkrishna.cc.  7163    IN      NS      ns2.wordpress.com.
blog.svivekkrishna.cc.  7163    IN      NS      ns1.wordpress.com.
blog.svivekkrishna.cc.  7163    IN      NS      ns3.wordpress.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Nov 30 10:10:05 IST 2024
;; MSG SIZE  rcvd: 117

If you noticed, I used another flag during this dig query so that I was able to see which name servers were looked at. There are three name servers on WordPress’ end that have entries for my blog, which I had to configure on my DNS provider so that my blog could be mapped correctly to be served from wordpress.com.

Concluding

I noted in the beginning that I wanted to leave you less confused and I’m sure I failed at it. However, I’ll give you one take away that you can leave with.

Authority matters. Even if you have a DNS server, it has to be authorized in the sense that someone should notarize that you are who you say you are. It’s a common theme with most things internet based.