Saved transcript

DNS Beyond Basics: 6 Records That Fix 91% Of Dns Issues in Production!

Channel: IT k Funde

Video title: DNS Beyond Basics: 6 Records That Fix 91% Of Dns Issues in Production!
Channel: IT k Funde
Lines: 395
Tool page: Open live transcript tool

0:00

Only one thing which is the most

0:02

important thing when it comes to running

0:03

anything over the internet is the DNS.

0:05

And I'm sure that if you are anywhere

0:08

related to IT or tech then you already

0:10

know what is DNS at a junior level or at

0:12

a basic level. But what separates a

0:15

junior level information versus a senior

0:17

like how interviews go through when you

0:19

are a senior when people expect you to

0:21

understand the design part of it or

0:23

architecture part of DNS then you are

0:25

not talking simply about resolution. So

0:28

basically whenever anyone ask you okay

0:30

what is a domain name server you simply

0:32

have the definition marked up that it is

0:34

useful for name resolution. So what is

0:36

name resolution? Name resolution is

0:38

simply you getting a name of a website

0:40

and then you're typing it. For example

0:41

www.google.com

0:44

because it is more human readable. You

0:46

do it and then it routes you to 8.8.8.8

0:49

which is the IP address of this name to

0:51

IP resolution is done by your DNS. If

0:53

you take a analogy for it then you know

0:56

if someone has to send anything on your

0:57

house address then they will you know

0:59

simply write house number 1 2 3 lane six

1:02

post code something something and it

1:04

will directly understand that it is

1:06

going for Mr. Kumar that is Kumar's

1:08

house. Okay. So just a gist of what is

1:10

DNS. We have a basic video on DNS where

1:13

we talk about it at length but just to

1:15

understand it. But I think where we move

1:17

from junior to senior is when we move

1:19

from resolutions to records. And today

1:21

we'll talk about six such records. Okay.

1:24

These six records will separate you from

1:26

having a basic information of DNS versus

1:29

someone who has actually worked on DNS

1:31

or who has more experience going for

1:33

some senior level interviews. and also

1:35

almost all the outages which you see if

1:37

DNS has a role to play, you will have a

1:40

look into these six records. It's a

1:41

starting point. It is next level from

1:43

DNS basics and I think this will be

1:45

really helpful for you. So watch till

1:47

the end and I'm pretty sure that you

1:49

will have some useful information at the

1:51

end of this video. By the way, if you're

1:52

new to this channel, hi, I'm Anuli and

1:54

I'm working in IT from last two decades

1:57

and this channel has been running for 6

1:59

years now and the idea is simple. I want

2:01

you guys to come on a journey with me

2:03

and transform your knowledge. It could

2:05

be technical knowledge, it could be

2:06

domain knowledge, it could be business

2:08

knowledge. Whatever it is, the thing is

2:10

the way it is changing right now, you

2:12

need multiple skills. You cannot fixate

2:15

yourself with one particular domain. So

2:16

my thing is whatever I have learned in

2:18

IT I want to pour down that knowledge

2:20

onto you and I want you if you are at 8

2:23

years 10 years 12 years experience I

2:25

want you to take that next step and move

2:27

into a consultant role an architect role

2:29

a senior engineer role that is where I

2:31

am heading and I hope by subscribing to

2:33

this channel you can also join me on

2:35

this journey and make it worth doing

2:37

okay so do consider subscribing and do

2:40

like it if you find any value so let's

2:42

get started so the first and the most

2:44

basic or I would say the most important

2:46

important record in any DNS setting is

2:48

your A record. A record is nothing

2:50

simple. It does what DNS stands for at a

2:53

high level which is it has the name of

2:56

the domain. So we'll take

2:57

www.example.com

2:59

throughout uh this video and we will see

3:01

how different uh records map to this

3:03

particular domain. So www.example.com

3:06

is our domain and the A record simply

3:08

means we'll map the exact IP address,

3:11

the exact IPv4 address which is mapped

3:13

to this particular domain. Okay. And

3:15

what is TTL? TTL is simply time to live.

3:17

So how long this going to stay in this

3:19

table and 3600 means it is for 1 hour.

3:22

So it is 3600 seconds. Simply if you

3:25

face uh any issue while migration of for

3:27

example your database server or your

3:29

application server. It could be that

3:31

your A record is still pointing to the

3:33

old IP address. You have not updated

3:34

your A record or maybe your TTL has not

3:37

yet expired. So it might be a

3:39

possibility that uh for the next 1 hour

3:41

or 2 hour the record is still active

3:43

while users are trying to hit the domain

3:46

and it should route to the new IP

3:48

address it is still pointing to the old

3:49

one. So you have to also think on those

3:52

lines when someone throws a scenario-

3:53

based question to you, you have to think

3:55

about okay which particular record might

3:57

be into play in this particular

3:59

scenario. And a good practice is

4:00

whenever you are doing any such

4:02

migration, you lower this TTL value to

4:04

maybe 60 seconds or maybe few minutes

4:06

rather than hours so that you can do

4:08

your testing. So that is your a record.

4:10

Now I have written this along along with

4:12

that because it is very close brother of

4:15

a record which is a a a record. So this

4:17

is nothing but your IPv6 record. As you

4:20

know we have a video on IPv4 versus

4:22

IPv6. You can watch that. But IPv6

4:24

simply means that now because we have

4:26

limited numbers of IPv4 address, we are

4:29

moving to IPv6 slowly and gradually. And

4:31

that's why your DNS it is an optional

4:33

record guys because it can have some

4:35

downsides as well. Let me explain. So

4:37

everything remains the same. It's just

4:38

that it is a IPv6 address. But the thing

4:41

is now if you are working an environment

4:43

or you are working for a customer who's

4:45

using dual stack IP which is like you're

4:47

using IPv4 but at the same time you're

4:49

using IPv6 and if the priority is IPv6

4:52

then it might be that when you send any

4:55

request to this particular domain it

4:56

first goes to IPv6 and then it

4:58

prioritize IPv4. Okay. But at the same

5:01

time you have to be careful because

5:03

sometimes what happens is that in uh in

5:05

certain environment you don't have this

5:07

record IPv6 but you have a dual IP

5:09

environment a dual stack IP environment

5:11

then what's happening is it is first

5:13

going and searching for IPv6 in your DNS

5:15

it is not finding it and then it is

5:17

falling back to IPv4. So now that could

5:19

add latency or the performance slowness

5:22

into your request. So you have to be

5:23

careful like if you want you can have it

5:25

but if you want you can completely omit

5:27

this and you can simply work with this

5:29

almost everywhere you will rarely find

5:30

this as of now but as we will go along

5:33

this will become more and more prominent

5:34

into your DNS record. So a record and a

5:37

aaa record is IPv4 and IPv6 entry. So

5:40

the third record on our list is CNAME

5:42

record which is also called as canonical

5:44

name. It is nothing but a forwarding

5:46

address. you are forwarding requests

5:48

from one of your domains to another

5:49

domain and generally it is used in cloud

5:52

very heavily because you are using

5:53

content delivery networks you're using

5:55

load balancers and basically it is

5:57

routing it is basically saying I don't

5:59

know where to go but I know that this

6:00

guy might know it's like if you enter a

6:02

very big IT park and you go into a very

6:06

big co-working space and you ask for

6:08

okay where this XYZ startup is at the

6:10

ground floor of the reception and if

6:12

that receptionist say if you want to go

6:14

for a then go to the receptionist at

6:16

level three or floor three. So what they

6:18

are saying they're just routing it to

6:20

the receptionist at level three or floor

6:22

three. So this is what is forwarding

6:24

very much used in DNS setups and uh this

6:27

is what forwarding is all about. So

6:29

sometimes what happens is that if your

6:31

CNAME records are messed up then it

6:34

might happen that you know your load

6:35

balancers your backend load balancers

6:37

have been misconfigured or you get the

6:39

errors like domain not found. you need

6:41

to check if there is any discrepancy

6:43

within your DNS table and DNS records

6:46

and if all the load balancers have been

6:48

correctly mapped. So a very good record,

6:50

a very important record and very good

6:52

thing to know during your interviews.

6:53

The fourth in our uh list is the NS

6:56

record. NS stands for name server. So

6:59

basically as you know in DNS you have

7:02

this wide world of different domains at

7:05

different levels. So you first of all

7:07

have a root domain. Okay. So when we

7:09

type www.google google.com there is

7:11

actually a dot at the end you can check

7:13

it uh we don't put it but it is called

7:15

as your root domain now that root domain

7:18

sends the request to your tld which is

7:20

called as tople domain and then tople

7:22

domain will send it to the actual name

7:24

server or we can also say authorization

7:26

server which holds the IP address of

7:28

that particular domain example.com it

7:31

could be for example AWS route 53 or

7:34

godaddy okay so these records are held

7:36

at these levels and then the TTL is

7:39

quite high because you rare ly changed

7:40

the records the NS records. It's only

7:42

when you are migrating for example your

7:44

domain from GoDaddy to AWS then that is

7:47

the time when you will have to wait for

7:48

certain time to get this updated.

7:50

Generally if you see if you migrate your

7:52

domain from one domain provider to

7:54

another then you have to wait for at

7:56

least 48 hours. So that is what is the

7:58

name server records. It actually tells

8:00

where actually the root domain and the

8:03

top level domain has to go in order to

8:05

find the IP. The next one in our list is

8:07

very different from whatever we have

8:09

discussed because this particular record

8:10

does not route a request to some other

8:13

destination. This record is like a

8:15

constitution. It tells whatever this

8:17

whole DNS zone is all about. It sets

8:19

that and that's why it is called as part

8:21

of authority because it sets out

8:23

whatever information is needed to

8:25

understand what this whole DNS zone is

8:27

all about. So it will have data like

8:28

your name server record what is your

8:30

email admin at the rate example.com the

8:33

serial number manages the version of

8:35

this whole DNS setup and then refresh

8:37

retry these kind of settings are there

8:39

that how frequently you have to refresh

8:41

this whole table so all that is

8:43

commanded by your record it also has

8:45

this feature of negative TTL like for

8:48

example if someone searches for

8:50

nope.example.com example.com. So

8:52

negative TTL means that okay if it is

8:54

not there currently present then for how

8:56

long it won't be present because it

8:57

might happen that you are actually right

8:59

now building no.example.com. So that

9:02

negative TTL would mean that internet

9:04

would treat that this does not exist

9:06

only for next 24 hours but after that it

9:08

has to again come and check because we

9:10

might be building this right now. Okay.

9:12

So that is called as managing the

9:13

negative TTL. So yeah that's uh our

9:15

start of authority record. So the last

9:17

on our list is the tax record and the

9:19

tax record is primarily used for setting

9:22

up the ownership like showing to the

9:24

world that who owns this particular

9:26

domain and that is where you know for

9:28

example if you're migrating you your

9:30

domain and adding Google workspaces then

9:32

you will add a line which I maybe I'll

9:34

mention in the comment or somewhere V

9:36

equals to SPF 1 and then maybe

9:38

mentioning that it is coming from Google

9:40

servers. Okay, I don't have the exact

9:41

syntax right now, but basically what it

9:43

will do is that email coming from Google

9:46

or Gmail is only allowed, not anyone

9:48

else can use it. And then there is a DKM

9:50

record also for avoiding any spams or

9:52

any you know cyber threats. So that is

9:54

also there. It is used for multiple ways

9:56

but yeah text records is pretty much for

9:58

setting up your ownership or authority

10:00

and showing to the world that basically

10:02

who has the ownership of this domain and

10:04

who can send legit emails. So if uh you

10:07

know some emails are getting sent on a

10:09

spam folder that means the text record

10:10

is not set up. You might have seen that

10:12

if you want to set up notion or slack on

10:14

your domain they give you these kind of

10:16

text entries to be added into your DNS

10:18

record so that it could be legitimized

10:20

the use of your uh Gmail and your Gmail

10:24

account can be legitimized via notion or

10:26

slack. So that is what is text record is

10:29

used for. Obviously it is not the only

10:31

use case but yeah this is one of the use

10:33

cases for it. So friends, a perfect way

10:34

to summarize this uh video is to

10:37

understand what kind of issues you might

10:39

face related to DNS records. And if you

10:42

are put into a situation where you have

10:43

to troubleshoot a issue or answer a

10:45

scenario based question, then you can

10:46

apply this logic. Now, not every issue

10:48

is a DNS issue. But if you are put into

10:50

that situation, this could be your first

10:52

troubleshooting step. And by the way,

10:53

there are other records as well. For

10:55

example, Aliyah's name which can be used

10:57

at a root domain. So root domain can be

10:59

example.com as well. Example.com is your

11:01

root domain. You can also write www. But

11:04

because you can't have root domain as a

11:06

CNAME then you have to use it in here.

11:08

So these kind of questions might come.

11:10

The interviewer might ask you can you

11:12

use root domain as a CNAME record then

11:14

you should say no we we can't use it we

11:17

have to use a subdomain here. Okay which

11:19

is different from the root domain.

11:20

Similarly if there is any website which

11:22

is not to be found or it is completely

11:24

connection failed then pretty much it

11:26

could be an A record issue. Your IP

11:28

address is in problem. If there is

11:30

latency involved then it could be that

11:32

your IPv6 is not configured or maybe

11:34

your system expects you to send IPv6

11:37

address first but because it is not

11:38

there it is taking time to fall back to

11:40

IPv4. CNAME and NS records are uh

11:43

generally when you get issues like

11:45

domain not found. It could be that your

11:47

load balancer uh has changed or your NS

11:50

record has changed you have migrated

11:51

from one domain to another domain. So

11:53

you have to focus on these kind of

11:54

records then. And for SOA and text it is

11:57

mostly like it is working for me but it

11:59

is not for working for you not text but

12:01

SOA and TTL. Okay. These kind of records

12:04

come into play when it is not working

12:06

for me but it is working for you. It is

12:08

working for some people. It is not

12:09

working for some people. Then it could

12:11

be a possibility that your SOA and your

12:14

TTL records are not rightly populating

12:17

the latest records. That is something

12:19

which you have to look. For example the

12:20

refresh. If refresh is 1 hour or 1 day

12:23

then it might be the problem or also

12:25

time to live we have already discussed

12:27

about it. If it is too high then again

12:28

it might be that it is not reflecting

12:30

the changes quickly. And for the last

12:33

one a good example could be if the

12:35

emails are landing on the in the

12:36

spamming folder spam folder then pretty

12:39

much we have not configured the text

12:41

records and mentioning the correct

12:43

Google servers or Gmail servers which

12:45

will be legitimizing these emails coming

12:48

from our domain. Okay. So these are few

12:50

scenarios. Obviously DNS in itself is a

12:53

big field. People spend their whole life

12:55

doing DNS and I am nobody to uh claim

12:58

any expertise in it. But I felt that

13:00

this could be a good continuation to our

13:01

previous DNS video. There is so much

13:03

depth into it that uh I might have made

13:06

if I made any mistakes then do correct

13:08

me in the comment section. I have tried

13:09

to simplify it as much as possible for

13:11

you. But the idea is we have to now move

13:13

from you know a beginner or a mid-level

13:16

engineer to a senior architect or a

13:18

senior consultant and these kind of

13:20

discussions will help you look like an

13:22

experienced professional and feel like

13:24

an experienced professional because

13:26

you're not talking basics you are going

13:27

into the depth of things and this will

13:29

be the theme of this channel going

13:31

forward. So I hope this was a useful

13:33

video guys. Do hit a like, share,

13:35

comment. It helps the channel to grow.

13:37

And yeah, let me know what you would

13:38

want to learn next. And until next time,

13:41

keep learning, keep sharing, and keep

13:43

exploring. Bye for now.