DNS – The GPS of the Internet
|Frame of reference||Analogy|
|The Internet||Information Superhighway|
|Your ISP||Vehicle on the road|
|YOU||The driver of the vehicle|
|Email addresses||House or business addresses
End up at buildings
Even though it is more and more common for all of us to use a GPS in our car or even hiking, we often forget that when we send an email, DNS is the GPS system that determines where the email goes to be delivered; and, that when we browse a web site (directly or via a search engine), DNS is the GPS system that tells your ISP where to find the physical server(s) involved in serving the site.
Why does this matter?
Well, if you’ve ever used a GPS device that took you to the wrong destination or otherwise could not find the destination from your location, then you have a frame of reference for what I’m about to write.
DNS, like GPS Systems, can be broken or otherwise faulty. Just like a GPS device, it might work great most of the time, but then sporadic at other times.
Before I write much further, some housekeeping:
DNS stands for Domain Name System; it is a means of translating a domain name like dynamicnet.net into an IP address such as 220.127.116.11; this is also true for email addresses such as knowing that when someone emails firstname.lastname@example.org to send it off to 18.104.22.168 under the user name of solutions.
When a person registers a domain name, part of the domain name registration process is to list one to several DNS servers.
Did you notice the word, “servers” above? DNS is handled by servers; and the DNS hosting provider of those servers might be the company with whom the party registered the domain name, or it could be their web hosting provider, or it could be yet another provider.
While more than one DNS server can be listed, one of the common myths on the Internet is that the first DNS server listed is “the primary,” the second one listed is “the secondary,” and so on giving the extremely false impression that “the primary” DNS sever is always used unless it fails, then the secondary will be used.
Whenever you browse a web site, send an email, behind the scenes there’s a math formula going on as to which of the DNS services listed for a domain name will be used. Then if the one picked (and it might be the secondary or tertiary) fails, after x amount of time, it will try another one (not necessarily in order).
In the end, this means that every DNS server listed should be 100% operational, without any problems, all of the time.
If you have a bad DNS provider, then it doesn’t matter how wonderful your hosting provider is at serving your site or your email provider at sending and receiving email… visitors will not be able to get to the site, email will be delayed or bounce; and if the DNS provider did not secure their servers, then traffic that should be going to your site may be redirected to malicious sites.
Now, how do you know if the DNS servers of a given domain name (the latter part of the @ in an email address) are working and secure?
The following is partial list of sites provide free DNS Reports:
Common errors you may see on a DNS report are as follows:
- The MX (mail exchange) records (which are used to determine where to send incoming email) do not have a reverse DNS entry.
- The DNS server allows for recursive queries which means the DNS server is insecure.
- One or more DNS servers did not respond; this probably means the server or service is down.
- One or more DNS servers have mismatched entries; this means not all DNS severs have the same information for the domain name.
- One or more DNS servers are lame; typically this means the lame servers know nothing of the domain name in question.
- There’s a mismatch between the parent (domain name registrar) and the name servers as far as what name servers are listed for the domain name at the DNS server level.
Let’s go over the impact of the most common DNS errors:
- All MX records (incoming email) and mail server records (outgoing and potentially incoming email) need to have a reverse DNS entry; reverse DNS is where you can see that 22.214.171.124 points back to dynamicnet.net just as dynamicnet.net points to 126.96.36.199. A failure to have a reverse DNS entry for any record dealing with email means email rejection. If you don’t want your email treated like spam 100% of the time, make sure there is a reverse DNS entry set up for all mail DNS records.
- If the DNS servers for a domain name are insecure, then that means traffic can be redirected. If this is your site, that means email that should go to you might be hijacked away to another party; visitors to your web site might unknowingly be hijacked to other destinations.
- If a DNS server is down, and that is the server picked for queries… then you may see email delays, visitors who give up waiting (it does take time for the fail over to another working DNS server to take place), etc.
- Lame servers can be worse than down DNS servers…. answering they don’t know anything about the domain.
- Mismatch between DNS servers can be extremely common as this does happen when a (hopefully authorized) party makes changes to the DNS entries for a domain name; but should not exist past for longer than 60 to 120 minutes. If only one name server has the most up to date information, then when the other name servers are queried, over time you see extremely sporadic results.
If you have a web site that you manage, have you checked the health of the DNS used by your domain name?
Are you having trouble emailing key partners and customers? If yes, have you checked the DNS health of the domain name(s) used by the email address(es)?
There’s a lot more about DNS that what I’ve written above, including, but not limited to discussing local vs. public DNS. The main take away’s I hope you leave with after reading this article is that you know what is DNS on the layperson level; and that you understand that whenever a domain name is involved (email, web site, mobile, etc.), you also realize there is a DNS hosting provider hopefully taking care of the DNS services for the domain name.
Please feel free to comment below if you have questions about DNS or want to share your own experiences in trouble shooting DNS issues.