What is a DNS PTR record?

DNS PTR record is one of the essential DNS records. It is one of the few that deserve proper attention. So let’s explain a little bit more and get to know why it is so important.

DNS PTR record – meaning 

The DNS PTR record has a specific purpose. It is to point the IP address to the domain name. Therefore, it can operate successfully both with IPv4 and IPv6 addresses. Furthermore, this type of DNS record makes it possible for you to achieve Reverse DNS.

Receiving mail servers want to verify the source of an email. For this matter, they will do a DNS Reverse lookup, and they will investigate for PTR records. DNS PTR record makes it possible to guarantee that the IP address truly belongs to the domain name.

Why is it important to use a DNS PTR record?

DNS PTR records are responsible for providing trust and validating the IP addresses, as a fundamental part of the Reverse DNS. Therefore, if you want your outgoing mail servers to function correctly, you should add PTR records. That is because of the verification methods that, in most cases, require them. Through that specific procedure, if there is something wrong, the email will go to SPAM. Such examples are if the searcher does not find a DNS PTR record or the PTR does not match an A/AAAA record properly. Therefore, you will need to add DNS PTR records in a Reverse DNS zone if you need to send emails. Moreover, these emails actually reach their addresses. 

Structure

The PTR record is actually a simple DNS record. Here are the fields that you will notice:

  • TYPE: PTR
  • Host: Here is the IP address. (IPv4 and IPv6)
  • Points to: The domain name. 
  • TTL: It is not required the TTL value of a PTR record to be low.

How to create your PTR record?

Creating your PTR record is a simple and easy task. So, let’s explain it in a few steps.

First: Create a Master Reverse Zone

This is the zone of your domain where PTR records are able to exist. It is important to mention that it can not be created in a standard Master zone.

When you create the Master Reverse Zone, the IP address should be in reverse order. So, for example, if the IP address is 1.2.3.4, you simply need to add it as 4.3.2.1. Apply this same rule no matter if it is IPv4 or IPv6. 

Second: Create the PTR record.

The second thing you have to do is to add a DNS PTR record. You will have to create the PTR record in reverse too. Check if there is a matching A or AAAA record for every one of your PTR records.

Last step: You will have to add NS records at the IP provider, which are leading to your nameservers. This is the last thing required to complete your Reverse DNS zone.

How to check it?

To check your DNS PTR records, you will have to complete a reverse DNS lookup.

On Windows

Inside the Command Prompt, use the nslookup command. 

Write:

nslookup 1.2.3.4

On Linux and macOS

Inside the Terminal, use the dig command. 

Write:

dig –x 1.2.3.4

*Just change 1.2.3.4 with the IP address that you require to view.

If your query notices a PTR record, the result will be the domain name.

So now you know a little bit more about the PTR record, how to make it, and how to check it.

What is the DMARC record?

DMARC record is a must for every domain owner. If you have a website, you would want to ensure that your customers will only receive emails that you have sent yourself. The communication between you and your visitors will remain clear.

The DMARC record explained.

The acronym of DMARC record stands for Domain-based Message Authentication Reporting and Conformance. It is a technical standard that helps protect email senders and receivers from spam, phishing, and spoofing. It uses both SPF and DKIM to secure email exchanges. When you set up your DMARC record correctly for your domain, it will decrease email phishing because of the reporting of SPF. Also, it will reduce spoofing thanks to the encryption of DKIM. 

Your email sent success rate will improve, and less emails that you have sent will end in the spam folder.

When you use a DMARC record, it will provide one more security level above the DKIM and SPF. It adds an important function, reporting.

When setting it up stronger, and if even SPF and DKIM pass, the DMARC will still detect it and block it. You also can make it lighter and define the use to only DKIM or only SPF. 

Why is it a good idea to have DMARC record?

DMARC is the latest trend of email authentication techniques. It confirms that the sender’s email messages are guarded by both SPF and DKIM records. So, the DMARC authentication is always a good idea.

  1. They are not able to use your domain name for phishing attacks. DMARC record is capable of reporting to the servers which are receiving that the domain name is associated with those specific servers. Any differences should be directly discarded. It is possible to work with letting only the good emails or suspending all bad emails, or both.
  2. You send emails uninterrupted. The emails will be encrypted. And the recipient will be capable of decrypting them with the public key. Having a DMARC record will ensure that the domain could be trusted.

How does it work?

DMARC uses policies that the administrator sets. It is about determining the email authentication practices. And also, how the receiving email server should behave if an email violates a policy.

When the receiving email server accepts a new email, it performs a DNS lookup to examine the DMARC record. It starts watching for:

  • Is the message’s DKIM signature valid?
  • Is the IP address of the sender one of the approved the sending domain’s SPF records?
  • Does the header in the message presents decent “domain alignment”?

The server DMARC method accepts, denies, or flags the email with all of the above deliberations. 

And in the end, the server will send a message to the sender with a report.

What are the benefits of DMARC?

Implementing a DMARC record guards your brand by preventing uncertified individuals from sending mail from your domain. In some scenarios, even only adding a DMARC record can benefit in boosting reputation. DMARC helps to build a standard policy for administering messages that fail to authenticate. It allows the email ecosystem as unity becomes safer and more reliable.

What is the SOA record?

There are numerous types of DNS records, and for importance to understand DNS, we have to know how they work and their purpose. The SOA record is one of them, and it is one of the most common records. Let’s explain what it is and why it is essential to have it.

What is the SOA record?

The SOA record is a fundamental DNS record. It indicates the start of authority. It will point to the nameserver that will contain the original zone file. This server will have all the important information about the zone, and it will be the authoritative DNS server. The SOA record is the first that a zone file contains and establishes the general properties of the zone.

Typically, DNS servers operate together in a cluster. All of them are required to synchronize their zone file. To achieve that purpose, they need to perform a zone transfer. The SOA record is like a control record. It has a serial number and shows which is the newest update. Secondary servers, also called slave servers, see that the serial number changes. Then, they update and get the latest data from the authoritative server. 

Zone transfer

The Domain name typically has more than one DNS server. One is the primary DNS server, and the others are secondary DNS servers.

The primary has the original zone file, and you can make all the changes you want inside it. The information from it is going to be propagated to the rest. This is possible through a zone transfer. The zone transfer simply is a process of updating the zone file in the secondary DNS servers. It could be through IXFR zone transfer (partial transfer of changes only) or AXFR zone transfer (complete transfer of all DNS records).

Why do you need an SOA record?

The SOA record is required when you want to indicate the authoritative name server and to achieve a successful zone transfer. It is important for every zone to have an SOA record. Also, you must know that each zone should contain only one SOA record. In case that the zone does not have an SOA record or if you insert there are more than one, your zone will not work. So, be careful and don’t make such a mistake. 

Structure

The SOA record contains inside the following elements:

  • Name – The name of the zone that the DNS admin has put.
  • Type – The type of the DNS record, which in this case will be SOA.
  • Primary name server – The hostname of the authoritative DNS server for that zone.
  • Admin’s email – It shows the email of the DNS administrator for that zone.
  • Serial number – The serial number of the zone that was mentioned before. The secondary DNS servers check this number and determine whether to update their DNS records or not.
  • Refresh rate – This number will show in seconds how frequently the secondary DNS server needs to re-visit the authoritative DNS server and check for changes.
  • Retry rate – If the zone transfer between the secondary DNS servers and the primary fails, this is the time the secondary servers will remain trying to update. If the time expires, the secondary servers’ data will be outdated, and they will stop answering queries. 
  • Default TTL – The number is a time period showing how long the DNS records are valid. After the time runs out, the secondary DNS servers must discard them and perform a new zone transfer again.