Domain and DNS Configuration - Complete Guide
Published: September 25, 2024 | Reading time: 18 minutes
DNS Overview
Domain Name System (DNS) translates domain names to IP addresses:
DNS Components
# DNS Components
- Domain names (example.com)
- IP addresses (192.168.1.1)
- DNS records (A, CNAME, MX, etc.)
- Nameservers
- DNS resolversDomain Registration
Domain Purchase
Domain Registration Process
# Domain Registration Steps
1. Choose domain registrar (GoDaddy, Namecheap, Cloudflare)
2. Search for available domain names
3. Select domain extension (.com, .org, .net, etc.)
4. Provide contact information
5. Choose registration period (1-10 years)
6. Complete payment
7. Verify email confirmation
8. Access domain management panel
# Popular Domain Registrars
- Cloudflare (best pricing)
- Namecheap (good support)
- GoDaddy (largest registrar)
- Google Domains (simple interface)
- AWS Route 53 (integrated with AWS)
# Domain Extensions
- .com (commercial)
- .org (organizations)
- .net (networks)
- .io (tech companies)
- .dev (developers)
- .app (applications)DNS Records
Common DNS Record Types
DNS Record Types
# A Record (IPv4)
# Points domain to IPv4 address
example.com. 300 IN A 192.168.1.100
www.example.com. 300 IN A 192.168.1.100
# AAAA Record (IPv6)
# Points domain to IPv6 address
example.com. 300 IN AAAA 2001:db8::1
# CNAME Record
# Points domain to another domain
blog.example.com. 300 IN CNAME example.com.
api.example.com. 300 IN CNAME example.com.
# MX Record (Mail Exchange)
# Points to mail server
example.com. 300 IN MX 10 mail.example.com.
example.com. 300 IN MX 20 mail2.example.com.
# TXT Record
# Text records for verification
example.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all"
example.com. 300 IN TXT "google-site-verification=abc123"
# NS Record (Name Server)
# Points to nameservers
example.com. 300 IN NS ns1.example.com.
example.com. 300 IN NS ns2.example.com.
# SRV Record (Service)
# Points to service location
_service._tcp.example.com. 300 IN SRV 10 5 80 server.example.com.
# PTR Record (Reverse DNS)
# Points IP to domain
100.1.168.192.in-addr.arpa. 300 IN PTR example.com.DNS Configuration
Basic DNS Setup
DNS Zone Configuration
# DNS Zone File Example
# example.com.zone
$TTL 300
$ORIGIN example.com.
; SOA Record
@ IN SOA ns1.example.com. admin.example.com. (
2024010101 ; Serial number
3600 ; Refresh
1800 ; Retry
604800 ; Expire
300 ; Minimum TTL
)
; NS Records
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
; A Records
@ IN A 192.168.1.100
www IN A 192.168.1.100
api IN A 192.168.1.101
blog IN A 192.168.1.102
; CNAME Records
mail IN CNAME @
ftp IN CNAME @
; MX Records
@ IN MX 10 mail.example.com.
@ IN MX 20 mail2.example.com.
; TXT Records
@ IN TXT "v=spf1 include:_spf.google.com ~all"
@ IN TXT "google-site-verification=abc123def456"
; SRV Records
_sip._tcp IN SRV 10 5 5060 sip.example.com.
_sips._tcp IN SRV 10 5 5061 sip.example.com.Cloudflare DNS
Cloudflare Setup
Cloudflare Configuration
# Cloudflare DNS Setup
1. Sign up for Cloudflare account
2. Add domain to Cloudflare
3. Update nameservers at domain registrar
4. Configure DNS records
5. Enable security features
# Nameserver Update
# At domain registrar, change nameservers to:
ns1.cloudflare.com
ns2.cloudflare.com
# Cloudflare DNS Records
# A Records
Type: A
Name: @
IPv4 address: 192.168.1.100
Proxy status: Proxied
Type: A
Name: www
IPv4 address: 192.168.1.100
Proxy status: Proxied
# CNAME Records
Type: CNAME
Name: api
Target: example.com
Proxy status: Proxied
# MX Records
Type: MX
Name: @
Mail server: mail.example.com
Priority: 10
# TXT Records
Type: TXT
Name: @
Content: v=spf1 include:_spf.google.com ~all
# Cloudflare Features
- DDoS protection
- SSL/TLS encryption
- CDN acceleration
- Page rules
- Security rules
- AnalyticsAWS Route 53
Route 53 Configuration
Route 53 Setup
# AWS CLI Route 53 Commands
# Create hosted zone
aws route53 create-hosted-zone \
--name example.com \
--caller-reference $(date +%s) \
--hosted-zone-config Comment="Example.com hosted zone"
# List hosted zones
aws route53 list-hosted-zones
# Create DNS records
aws route53 change-resource-record-sets \
--hosted-zone-id Z123456789 \
--change-batch file://dns-changes.json
# dns-changes.json
{
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": "192.168.1.100"
}
]
}
},
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [
{
"Value": "example.com"
}
]
}
}
]
}
# Route 53 Features
- Health checks
- Traffic routing policies
- Latency-based routing
- Geolocation routing
- Weighted routing
- Failover routingDNS Security
DNSSEC Configuration
DNSSEC Setup
# DNSSEC Configuration
# Enable DNSSEC at domain registrar
1. Log into domain registrar
2. Navigate to DNS settings
3. Enable DNSSEC
4. Generate DS record
5. Add DS record to parent zone
# DS Record Example
example.com. IN DS 12345 8 2 ABCDEF1234567890ABCDEF1234567890ABCDEF12
# DNSSEC Benefits
- Prevents DNS spoofing
- Ensures data integrity
- Authenticates DNS responses
- Protects against cache poisoning
# DNS Security Best Practices
- Use DNSSEC
- Implement DNS filtering
- Monitor DNS queries
- Use secure DNS resolvers
- Regular security audits
- Backup DNS configurationsEmail Configuration
MX Records Setup
Email DNS Records
# MX Records for Gmail
# Primary MX record
example.com. 300 IN MX 1 aspmx.l.google.com.
# Secondary MX records
example.com. 300 IN MX 5 alt1.aspmx.l.google.com.
example.com. 300 IN MX 5 alt2.aspmx.l.google.com.
example.com. 300 IN MX 10 alt3.aspmx.l.google.com.
example.com. 300 IN MX 10 alt4.aspmx.l.google.com.
# SPF Record
example.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all"
# DKIM Record (Google Workspace)
google._domainkey.example.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
# DMARC Record
_dmarc.example.com. 300 IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; fo=1"
# Email Security Records
# SPF (Sender Policy Framework)
# Prevents email spoofing
v=spf1 include:_spf.google.com include:mailgun.org ~all
# DKIM (DomainKeys Identified Mail)
# Signs outgoing emails
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...
# DMARC (Domain-based Message Authentication)
# Policy for handling failed authentication
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.comSubdomain Configuration
Subdomain Setup
Subdomain DNS Records
# Subdomain Configuration
# API subdomain
api.example.com. 300 IN A 192.168.1.101
api.example.com. 300 IN AAAA 2001:db8::101
# Blog subdomain
blog.example.com. 300 IN CNAME example.com.
# Mail subdomain
mail.example.com. 300 IN A 192.168.1.102
mail.example.com. 300 IN MX 10 mail.example.com.
# CDN subdomain
cdn.example.com. 300 IN CNAME cdn.example.com.cdn.cloudflare.net.
# Development subdomain
dev.example.com. 300 IN A 192.168.1.103
staging.example.com. 300 IN A 192.168.1.104
# Wildcard subdomain
*.example.com. 300 IN A 192.168.1.100
# Subdomain Best Practices
- Use descriptive names
- Separate environments
- Implement proper security
- Monitor subdomain usage
- Regular cleanupDNS Troubleshooting
Common DNS Issues
DNS Troubleshooting Commands
# DNS Lookup Commands
# Basic DNS lookup
nslookup example.com
nslookup example.com 8.8.8.8
# Dig command (more detailed)
dig example.com
dig example.com A
dig example.com MX
dig example.com NS
dig example.com TXT
# Reverse DNS lookup
dig -x 192.168.1.100
nslookup 192.168.1.100
# Check specific record types
dig example.com A
dig example.com AAAA
dig example.com CNAME
dig example.com MX
dig example.com NS
dig example.com TXT
dig example.com SOA
# Trace DNS resolution
dig +trace example.com
nslookup -debug example.com
# Check DNS propagation
# Online tools: whatsmydns.net, dnschecker.org
# Common DNS Issues
1. Incorrect nameservers
2. Missing DNS records
3. Wrong TTL values
4. DNS propagation delays
5. Firewall blocking DNS
6. Incorrect MX records
7. SPF/DKIM/DMARC issues
# DNS Troubleshooting Steps
1. Check nameserver configuration
2. Verify DNS records
3. Test DNS resolution
4. Check TTL values
5. Wait for propagation
6. Test from different locations
7. Check firewall settingsDNS Performance
DNS Optimization
DNS Performance Tips
# DNS Performance Optimization
# TTL Optimization
# Short TTL for dynamic records
api.example.com. 60 IN A 192.168.1.101
# Long TTL for static records
example.com. 3600 IN A 192.168.1.100
# DNS Caching
# Use DNS caching servers
# Cloudflare, Google DNS, OpenDNS
# DNS Load Balancing
# Multiple A records for load balancing
example.com. 300 IN A 192.168.1.100
example.com. 300 IN A 192.168.1.101
example.com. 300 IN A 192.168.1.102
# Geographic DNS
# Route users to nearest server
# Use CDN with geographic routing
# DNS Monitoring
# Monitor DNS resolution times
# Set up DNS health checks
# Track DNS query patterns
# DNS Security
# Use DNSSEC
# Implement DNS filtering
# Monitor for DNS attacks
# Use secure DNS resolversBest Practices
DNS Management
DNS Best Practices
- Use appropriate TTL values
- Implement DNS redundancy
- Monitor DNS performance
- Use DNSSEC for security
- Regular DNS audits
- Backup DNS configurations
- Document DNS changes
Common Mistakes
- Incorrect nameserver settings
- Missing DNS records
- Wrong TTL values
- Poor DNS security
- No DNS monitoring
- Outdated DNS records
- No backup plan
Summary
Domain and DNS configuration involves several key components:
- Domain Registration: Choose registrar, purchase domain
- DNS Records: A, CNAME, MX, TXT, NS records
- DNS Providers: Cloudflare, Route 53, traditional DNS
- Security: DNSSEC, SPF, DKIM, DMARC
- Email: MX records, email security
- Subdomains: API, blog, mail subdomains
- Troubleshooting: DNS lookup, propagation checks
- Performance: TTL optimization, caching
Need More Help?
Struggling with DNS configuration or need help setting up your domain? Our infrastructure experts can help you configure DNS properly.
Get DNS Help