Internet.am logo
Open menu image
Internet.am logo

22.04.2024

Resource record

Resource Record Picture

Information about your domain is stored in a resource record (RR), and information about this record is available to other DNS servers. The resource record contains many records that reflect various stages of Internet development. The most commonly used records are A, CNAME, MX, TXT (includes SPF, DKIM, DMARC), without which normal functioning of the domain is impossible.

Record A - IP address in IPv4 format

Record name - Internet.am
Record type - A
Meaning - 167.86.91.28

AAAA record - IP address in IPv6 format

Record name - Internet.am
Record type - АAAA
Meaning - 2a01:bbc0:154:48:28:0:0:60

The CNAME record - canonical name, links the subdomains of your domain to the name of your site.

Record name - https://internet.am/ , mail.internet.am
Record type - CNAME, CNAME
Meaning - internet.am, webmail.host.abcdomian.com

Everything is clear in the first line; typing https://internet.am/ , will take you to internet.am. In the second line, the opposite is true - all resource records of webmail.host.abcdomian.com will be distributed to mail.internet.am The record for CNAME ( https://internet.am/) cannot be present in the A or AAAA record, otherwise a conflict will occur.

MX record - mail exchange, indicates the name of the mail server through which email will be received and received using your domain

Record name - Internet.am, Internet.am
Record type - MX, MXp=reject;rua=mailto:abuse@internet.am;
Priority - 10, 20
Meaning - ns45.host.am, ns46.host.am

The lower the value of the “priority” field, the higher the priority of the mail server through which mail is exchanged. If the priority is equal, the mail server is selected randomly. It is not necessary to fill out two fields, but in case ns45.host.am is disabled, mail will be sent through ns46.host.am.

PTR record - DNS pointer record

28.91.86.167.in-addr.arpa name=internet.am

Here the IP address is written backwards, from left to right

Used to protect against spam. Some email anti-spam filters use reverse DNS to check the domain names of email addresses and determine whether the associated IP addresses are likely to be used by legitimate email servers.

Troubleshoot email delivery issues. Because anti-spam filters perform these checks, email delivery problems may occur due to an incorrectly configured or missing PTR record. If a domain does not have a PTR record, or if the PTR record contains the wrong domain, email services may block all emails from that domain.

Journaling. Syslogs typically record only IP addresses; a reverse DNS lookup can convert these into log domain names that are more human readable.

The NS record specifies the authoritative server for a given host. In addition to the responsible name server, there are secondary name servers and caching name servers.
Recording format
internet.am IN NS ns3.host.am
internet.am IN NS ns45.host.am
• Internet.am is the domain name.
• IN - denotes the recording class; when there were many different networks, it was necessary to indicate that this was the Internet network.
• NS - indicates the type of record (NS record).
• ns3.host.am and ns45.host.am are the names of the DNS servers that are responsible for the internet.am zone.
This entry indicates that for the example.com domain, the DNS servers that manage responsible information for this domain are located at ns3.host.am and ns45.host.am.

SOA record – start of authority

Domain TTL Type MNAME Hostname (RNAME) SN Refresh Expire

Retry Minimum TTL

internet.am 21600 SOA ns45.host.am hosting.internet.am 2024012800 3600 1800 1209600 86400
Response from server 8.8.8.8

TTL – the number of seconds during which information will be cached by other DNS servers;

MNAME - points to DNS servers that are responsible for storing the remaining resource records of the domain;

Hostname (RNAME) - contact address of the person who is responsible for administering the zone file;

Serial number — serial number of the zone file. It increases each time changes are made to the zone file. Increasing the serial number indicates to secondary servers that they need to update the information;

Refresh - the number of seconds after which the secondary DNS server requests data from the primary DNS server to find out if the Serial number has changed. If it has changed, the data on the secondary server is updated;

Retry - the number of seconds after which the server will try to update the data again if the first one was unsuccessful;

Expire - The amount of time (in seconds) that the secondary DNS server can use previously acquired zone data before it expires. If the data is not updated after this time, the zone on the secondary DNS server will no longer serve requests for that zone;

Minimum TTL - how long other servers can store zone data in cache.

TXT record - text string

Any information related to the domain is written here in txt format: domain rights, description of mail security measures, information about the SSL certificate, SFP record, DKIM, DMARC (see below) There are no restrictions on the size of the record, it is important not to provide conflicting information.

The SPF Sender Policy Framework record contains a list of servers that can send mail on behalf of this domain. This list allows the receiving server to verify the sender. If the SFP domain resource record has this sender, then everything is OK. If the letter is received from another server, it is either not accepted or is marked as suspicious and sent to the spam box.

Record name - Internet.am
Record type - TXT
Meaning - v=spf1 include: ns45.host.am ip4: 213.136.92.223 A mx ~all

V=sfp1 – no other versions yet

Include: shows the domain and address from which mail can be sent

A – allow receiving mail from servers marked in the domain A record field

~all – apply a light mail acceptance policy; servers that are not registered in the sender’s SFP are delivered, but are marked as spam. You can tighten the policy by putting - instead of ~, in which case the sender's mail will not be accepted if this sender is not specified in the sender's resource record.

The DKIM record – Domain Keys Identified Mail – is the next level of data protection when transferring information between mail servers. The asymmetric encryption method is used here. For it to work, you need to generate two keys - private and public, the latter must be placed in a TXT record. The relationship between the keys is as follows: information encrypted using your private key can only be decrypted using your public key. Note that it is almost impossible to find out your private key using a public key with modern computing systems if the key length is 2048 bits or higher. When your server sends a letter, it sends an encrypted string in the letter header records (DKIM signature). The receiving server contacts your server, reads the public key, decrypts the service record, and makes sure that the letter came from your server. If you don't have DKIM installed, many servers will refuse to receive email from your server. Recording format:

Record name - selector._domainkey.internet.am
TTL type - TXT 3600 v=DKIM1;
Record value - p= asdqwerQWER123SDFdddg…

There is only one version of DKIM, TTL is the time in seconds during which the entry remains valid during a mail reception session, p is your public key.

Record name - v=DMARC1;
Type Record - TXT p=reject;
value - rua=mailto:abuse@internet.am;
ruf=mailto:forensic@internet.am;
fo=s

V - version 1

P - action, if there is a complete match, accept the letter in the “inbox” folder, if “quarantine” - place it in the “spam” folder, if “reject” - the letter is not accepted.

rua – indicates the address to which the receiving server should send statistics about suspicious letters from your domain that have not passed DKIM and SPF checks

ruf – indicates the address to which specific letters are sent that have not passed DKIM and SPF verification with information about the header, subject, attachment. Used with extreme caution due to possible privacy issues.

fo – indicates in which cases statistics about detected inconsistencies are sent, arguments:

0 - DKIM SPF checks failed - default value

1 – report is sent if one of the DKIM or SPF checks fails

d – report is sent if DKIM verification fails

s – report is sent when SPF check fails

There are optional attributes p and sp that define the policy for sending letters through subdomains of a given domain.

Please note that it is not necessary to analyze the reports obtained from the results of DMARC checks on your own; there are services on the Internet that can carry out the analysis and provide you with the processed results.

© 2024 Internet.am. All rights reserved.