Lookups

DNS Lookup is the process of resolving domain names to IP addresses and vice versa.

Forward Lookups

This is the most common lookup where the user provides a Fully Qualified Domain Name (FQDN) to a DNS server, which responds with the corresponding IP address.

Using the nslookup or dig command to query the domain name for its IP.

nslookup navidnaf.com
dig navidnaf.com

Reverse Lookups

In this case, the user provides an IP address, and the DNS server responds with the associated domain name.

Performing a reverse DNS query using nslookup with the IP address to retrieve the domain.

nslookup 127.0.0.1
dig -x 127.0.0.1

Authority

Authoritative DNS Server

This server has the original, up-to-date DNS records for a specific domain (zone). It is the official source of truth and can provide accurate, verified responses for queries about the domain. The data comes from the primary authoritative server, which holds the zone files.

Non-Authoritative DNS Server

This server does not have the original DNS records. Instead, it may provide responses based on cached information from previous queries. It can respond quickly but may not always have the latest data if the records have changed.

Core Component of Authority

The core component for DNS authority is the zone file stored on the authoritative DNS server. This file contains the DNS records (like A, MX, CNAME, NS, etc.) for a specific domain or zone.

The Start of Authority (SOA) record is a key part of this, defining the authoritative server and holding critical details such as the domain’s primary DNS server, contact email, and timing information for updates and transfers. This ensures the authoritative DNS server has the definitive and most up-to-date information for its domain.

Example:

example.com.    IN    SOA    ns1.example.com. admin.example.com. (
                    2024091201  ; Serial (YYYYMMDDNN format)
                    3600        ; Refresh (1 hour)
                    1800        ; Retry (30 minutes)
                    1209600     ; Expire (14 days)
                    86400       ; Minimum TTL (1 day)
                )

• example.com.: The domain name.

• SOA: Start of Authority record.

• ns1.example.com.: Primary authoritative DNS server for example.com.

• admin.example.com.: Email of the domain administrator (replace the first dot with @, so it's admin@example.com).

• Serial: A version number for the zone file, often formatted as YYYYMMDDNN to indicate changes.

• Refresh: How often secondary DNS servers should check for updates (here, 1 hour).

• Retry: The interval for retrying a failed zone transfer (here, 30 minutes).

• Expire: How long secondary servers will continue to use the zone data if updates fail (here, 14 days).

• Minimum TTL: Default time to cache DNS records (here, 1 day).

TTL (Time to Live)

TTL (Time to Live) in DNS specifies how long a DNS record should be cached by non-authoritative servers (like ISPs). It is configured on the authoritative server. If the TTL is too long, changes made to the DNS (such as updating IP addresses) may not propagate quickly, leading to outdated information being used until the TTL expires.