How to prevent DNS downtime?

Everybody wants to avoid DNS downtime! Unfortunately, it affects your reputation, annoys your loyal and potential clients, and costs you money.

DNS downtime is the time your domain name won’t be resolved to its corresponding IP address. During that time, clients won’t be able to use your service or load your domain. An error will be pointed out every time they request it.

The Domain Name System (DNS) is the keystone for the Internet to work. No matter its dimension and importance, it also suffers from vulnerabilities, hacking attempts, software and hardware issues, networks’ problems, database corruption, etc. And if it stops, your domain also will.

How can you prevent DNS downtime?

To know that prevention is possible, it’s always good news, especially when your investment is at risk!

  • Set up a higher TTL (time-to-live) on your DNS records. Recursive servers’ job involves looking for updates on authoritative name servers. If you configure a high TTL value, recursive servers will look for updates less often. But with a low TTL value, they will look for updates more frequently. A low TTL is really convenient when you modify or edit DNS records because it accelerates the propagation process. If you don’t need constant changes, keep a higher TTL to avoid downtime. If your authoritative name server fails, a high TTL increases the chances for a copy of your DNS records to remain longer in the cache of a recursive. Thus your domain will still be loaded for clients, and you get more time for fixing the problem.
  • Use Secondary DNS servers. Increase redundancy while adding Secondary servers to your DNS network. More copies of your DNS records will be stored through this action, and you will manage your traffic more efficiently. No matter if your Primary DNS server gets suddenly in trouble, the Secondary ones will answer your clients’ requests.
  • Monitor the DNS server exhaustively. Every uncommon traffic pattern can mean something important. Get a proficient monitoring tool. Some can show you almost in real-time the information, by region, country, continent, etc., for you to diagnose the problem, its origin, and react.
  • Enable DNS Failover. This is an ideal teammate for monitoring, and due to its flexibility, it can be configured with the most convenient parameters for your business. Data obtained from monitoring can be connected to the DNS Failover. If a DNS nameserver fails, DNS Failover will automatically redirect the traffic from the server facing the issue to a healthy one. DNS resolution will continue working, despite your server’s problems.
  • Use DNS load balancing. This is a useful mechanism for distributing traffic across servers. For working, it considers factors such as the number of active connections, connection time, etc. By having two or more servers, DNS load balancing will manage traffic, for servers to have kind of the same amount of work, not to be sluggish or very stressed. It’s an efficient way to manage traffic spikes that can be normal or a symptom of malicious activity in progress. It directly boosts performance, prevents security issues and downtime. If a server fails or gets compromised, another will answer your clients’ requests. 
  • Strength your defenses against DDoS attacks. These threats involve enormous amounts of traffic overwhelming your system. Anti-DDoS technology protects your servers to resist such traffic.

Conclusion

You can prevent DNS downtime! There are easy or more complex alternatives. Your business’ needs will define the right one or the appropriate combination of them. Decide it today, and keep your business always up!

Recursive DNS server: What does it mean?

The Recursive DNS server is one of the main elements in the Domain Name System (DNS). Let’s explain a little bit more about it.

Recursive DNS server explained.

The Recursive DNS server is responsible for searching for required information. The goal is to respond to the queries which are sent by users. Recursion in computing is associating with a method to resolve an issue. It involves a solution or a program that will continue to repeat itself till it reaches its goal. 

Picture it like that. It is operating between the authoritative servers and the end-users. 

Every time someone makes a request for a domain name, this DNS server searches for its IP address. When the it receives the accurate IP address, it returns it to the device or browser that initiated the request. The device takes the data, and it connects to the specific IP address. And the domain finally can load.

Performing the lookup

There are two different ways for the recursive DNS server to perform its lookup.

The first one is definitely easier and faster. It is to receive the information from the cache. These type of servers store their cache for a determined period of time. The administrators make the decision of how long the server should hold the data. Through the time-to-live (TTL) value, they are able to set more or less time. And that decision is usually based on their strategy.

So, when the recursive DNS server obtains a query, it can check first its cache memory. If the IP address for the particular domain name, which is requested, is still stored. The TTL of the cache should not be expired yet, and the data to be available. In this case, the response is faster because the recursive DNS server doesn’t need to search in other servers.

The second way of performing a lookup takes a little longer time. It happens when the cache TTL is expired. The IP address is not held there anymore, and the recursive DNS server takes the long path. It has to search for an authoritative server, which is capable of giving the required information.

So, the main purpose of this DNS server is just to look for information, and it saves it for some time. 

Recursive DNS server in DNS cache poisoning attacks

When a recursive DNS server searches for an IP address from another DNS server, the attacker stops the request. Instead of the real information, the attacker will give a fake answer. This answer usually is an IP address for a malicious website. And like that, the DNS cache poisoning attack is successful.

The problem is not only that the recursive server gave the user this fake IP address. Moreover, the server will store the answer on its cache. This fact leads to a huge problem. Every user who wants to access the same domain will receive the fake IP address, and it will connect with the malicious site. Imagine a case when that domain is very popular. Such an attack is going to affect a lot of visitors. 

Round – Robin DNS meaning

After its launching in the 90s, load balancing becomes a game-changer in traffic distribution across networks. Round-Robin as a load balancer is significant in maintaining the flow of data moving efficiently and easily among servers and endpoints. It is also one of the most common and affordable techniques. Let’s explain a little bit more about it.

How does load balancing work?

Load balancing is a method for distributing traffic across networks. It is managing the different servers such networks include. Mainly the traffic in large networks has to be led to increasing the efficient general performance. Otherwise, you risk having weak sports in some points.

Few servers can get flooded with high traffic, and others at the same time could barely operate. This causes an incredible mess. Security threats like DDoS attacks will become less detectable and a lot more harmful.

Whit the load balancing method, you can administrate the traffic and optimize the network’s performance. The process is strongly recommended. A few more of its benefits are also faster loading time and a backup in case of an interruption.

Round – Robin DNS definition

Round-Robin DNS is a DNS load balancing technique that administrates the traffic. It depends on when a user request arrives and the number of servers you have. The concept is simple: you have various A or AAAA records that have different IP addresses. With every one of these IP addresses corresponds to a different web server. They have a duplicate of your site. When a user desires to reach your site, its browser tries to resolve your domain name. Your authoritative name server, which is responsible for the A or AAAA records, will give the next in rotation turn A or AAAA records from those you own. It is possible to have records for every one of your web servers. The visitors will be automatically redirected, when they are trying to access your site. This happens in order of the moment when they reached your DNS name server.

Let’s explain it a little bit more. 

Think a situation where you have 5 users and 3 servers:

User 1 attaches to server 1, user 2 to server 2, user 3 to server 3.

When user 4 wants to connect with the website, the circle will start again. User 4 will connect to server 1, user 5 to server 2, etc. 

DNS Round-Robin will reduce and administrate better the traffic to your site. As a result of Round-Robin, your customers will have a better user experience every time they visit your site. Also, a less saturated network and overall better performance.

The mechanism can be modified. If your web servers are not exactly the same. Let’s assume server 1 is a lot better than the other 2. It is a good idea to use it two times more. Like so, you get the best productivity. Here you could think for the Weighted Round Robin. 

Variants to the Round‑Robin algorithm

  • Weighted Round-Robin – The site administrator chooses criteria and assigns to each server the weight. The most regularly used criterion is the server’s traffic‑handling capability. The higher the weight, the more significant the proportion of user requests the server receives. 
  • Dynamic Round-Robin – A weight is allocated to every one of the servers dynamically. It is based on real‑time data about any of the servers’ load at the moment and unused potential.

What is a DNS PTR record?

DNS PTR record is one of the essential DNS records. It is one of the few that deserve proper attention. So let’s explain a little bit more and get to know why it is so important.

DNS PTR record – meaning 

The DNS PTR record has a specific purpose. It is to point the IP address to the domain name. Therefore, it can operate successfully both with IPv4 and IPv6 addresses. Furthermore, this type of DNS record makes it possible for you to achieve Reverse DNS.

Receiving mail servers want to verify the source of an email. For this matter, they will do a DNS Reverse lookup, and they will investigate for PTR records. DNS PTR record makes it possible to guarantee that the IP address truly belongs to the domain name.

Why is it important to use a DNS PTR record?

DNS PTR records are responsible for providing trust and validating the IP addresses, as a fundamental part of the Reverse DNS. Therefore, if you want your outgoing mail servers to function correctly, you should add PTR records. That is because of the verification methods that, in most cases, require them. Through that specific procedure, if there is something wrong, the email will go to SPAM. Such examples are if the searcher does not find a DNS PTR record or the PTR does not match an A/AAAA record properly. Therefore, you will need to add DNS PTR records in a Reverse DNS zone if you need to send emails. Moreover, these emails actually reach their addresses. 

Structure

The PTR record is actually a simple DNS record. Here are the fields that you will notice:

  • TYPE: PTR
  • Host: Here is the IP address. (IPv4 and IPv6)
  • Points to: The domain name. 
  • TTL: It is not required the TTL value of a PTR record to be low.

How to create your PTR record?

Creating your PTR record is a simple and easy task. So, let’s explain it in a few steps.

First: Create a Master Reverse Zone

This is the zone of your domain where PTR records are able to exist. It is important to mention that it can not be created in a standard Master zone.

When you create the Master Reverse Zone, the IP address should be in reverse order. So, for example, if the IP address is 1.2.3.4, you simply need to add it as 4.3.2.1. Apply this same rule no matter if it is IPv4 or IPv6. 

Second: Create the PTR record.

The second thing you have to do is to add a DNS PTR record. You will have to create the PTR record in reverse too. Check if there is a matching A or AAAA record for every one of your PTR records.

Last step: You will have to add NS records at the IP provider, which are leading to your nameservers. This is the last thing required to complete your Reverse DNS zone.

How to check it?

To check your DNS PTR records, you will have to complete a reverse DNS lookup.

On Windows

Inside the Command Prompt, use the nslookup command. 

Write:

nslookup 1.2.3.4

On Linux and macOS

Inside the Terminal, use the dig command. 

Write:

dig –x 1.2.3.4

*Just change 1.2.3.4 with the IP address that you require to view.

If your query notices a PTR record, the result will be the domain name.

So now you know a little bit more about the PTR record, how to make it, and how to check it.

What is the DMARC record?

DMARC record is a must for every domain owner. If you have a website, you would want to ensure that your customers will only receive emails that you have sent yourself. The communication between you and your visitors will remain clear.

The DMARC record explained.

The acronym of DMARC record stands for Domain-based Message Authentication Reporting and Conformance. It is a technical standard that helps protect email senders and receivers from spam, phishing, and spoofing. It uses both SPF and DKIM to secure email exchanges. When you set up your DMARC record correctly for your domain, it will decrease email phishing because of the reporting of SPF. Also, it will reduce spoofing thanks to the encryption of DKIM. 

Your email sent success rate will improve, and less emails that you have sent will end in the spam folder.

When you use a DMARC record, it will provide one more security level above the DKIM and SPF. It adds an important function, reporting.

When setting it up stronger, and if even SPF and DKIM pass, the DMARC will still detect it and block it. You also can make it lighter and define the use to only DKIM or only SPF. 

Why is it a good idea to have DMARC record?

DMARC is the latest trend of email authentication techniques. It confirms that the sender’s email messages are guarded by both SPF and DKIM records. So, the DMARC authentication is always a good idea.

  1. They are not able to use your domain name for phishing attacks. DMARC record is capable of reporting to the servers which are receiving that the domain name is associated with those specific servers. Any differences should be directly discarded. It is possible to work with letting only the good emails or suspending all bad emails, or both.
  2. You send emails uninterrupted. The emails will be encrypted. And the recipient will be capable of decrypting them with the public key. Having a DMARC record will ensure that the domain could be trusted.

How does it work?

DMARC uses policies that the administrator sets. It is about determining the email authentication practices. And also, how the receiving email server should behave if an email violates a policy.

When the receiving email server accepts a new email, it performs a DNS lookup to examine the DMARC record. It starts watching for:

  • Is the message’s DKIM signature valid?
  • Is the IP address of the sender one of the approved the sending domain’s SPF records?
  • Does the header in the message presents decent “domain alignment”?

The server DMARC method accepts, denies, or flags the email with all of the above deliberations. 

And in the end, the server will send a message to the sender with a report.

What are the benefits of DMARC?

Implementing a DMARC record guards your brand by preventing uncertified individuals from sending mail from your domain. In some scenarios, even only adding a DMARC record can benefit in boosting reputation. DMARC helps to build a standard policy for administering messages that fail to authenticate. It allows the email ecosystem as unity becomes safer and more reliable.

TTL (Time To Live) explained

We live in an environment where time is probably one of the most critical factors in our everyday life. Computing and networking are not any different. Many of the processes frequently must happen in a specific period of time. Here comes TTL in hand. In some cases, the task should be finished in milliseconds. Can you imagine that? Let’s make things a little bit more precise and explain what TTL actually is?

What is TTL?

TTL is the short acronym for time-to-live. It refers to the value that points to the exact period of time or number of hops that the data packet is configured to be alive on a network. In some cases, also in the cache memory. When that time expires, or it hops the number of times, routers will discard it. There exist many different varieties of data chunks. Every and each of them operates with their particular TTL. That means the time such data will be held in a device to function or finish a certain task.

How does it work?

If the massive amount of packets is not controlled, they will travel around routers permanently. The way to avoid this is with a limit of time or expiration on every data packet. This allows understanding how long they have been around and track their route on the Internet.

Packets travel through network points with the purpose of reaching their final destination. There is a spot inside the data packets’ design where the TTL value is placed.

Routers receive the TTL value inside the packet. It will pass to the next network point if there is spare time or hops. But if the value of TTL shows that there is no more remaining hops/time, routers won’t pass it anymore.

Instead, routers will send an ICMP (Internet Control Message Protocol) message. This type of message is used to report IP errors or diagnoses and directs to the IP address source, which issued the packet.

It will take a specific time for every ICMP message to arrive at the source. During that time, it is likely to track the hops it made while alive on the network.

TTL and DNS 

TTL in DNS finds its place for the time that the DNS resolvers have to keep the DNS records in their cache. Every DNS record has its assigned TTL value. When it is of the record is longer, there is less chance that the value will change. Therefore other records with a lot and often changes will be with a shorter value.

And because DNS requests are also packets of data, they have their TTL value inside. It would be a very interesting case if they didn’t have such limitations. DNS queries would constantly go from server to server and never finding a destination. TTL value acts as a stop mechanism of a DNS request and prevents endless search for an answer and pointless stress on the Domain Name System. The value begins with a larger number and gets decreased until it comes to zero by the routers.

What is DNS spoofing?

When we are talking about DNS spoofing, the threat is real. As an online business owner or administrator it is essential to know what risk is hidden behind these words. Understanding it will help for sure with protecting your clients, yourself, and your business. Let’s talk a little more about what it is and how to defend yourself.

What is DNS spoofing?

Another way that you can see DNS (Domain Name System) spoofing to be called is DNS cache poisoning. This is a hacking attack. It happens when into the DNS cache of a resolver server enters malicious DNS data or files, such as forget records or forget entry. They begin to answer the requests from users. Unfortunately, the end-user receives answers with a forged record, like a fake IP address. The intention is apparently to direct the traffic to an address where attackers will try to get the victims’ sensitive data, like credit card information.

The devices of the users work normally because they are tricked through the forged data. Customers think that they are going to the legit website they requested. Instead, they are directed to an unsafe destination, which is in the control of the attackers. The websites’ appearance could look very alike compared to the real one, and the user may not spot the difference. But that is just a forged copy.

DNS spoofing tactics

Attackers can use various tactics, which are for their illegal purposes.

As we mentioned, the goal is to direct traffic to forged websites.

  • DNS cache poisoned through spam. Corrupted code can be found added in ads, images, or URLs in spam e-mails. Once users click the URL, their devices get poisoned. The code, afterward, guides them to forged websites. 
  • Hijack of a DNS server. The hacker accesses the server, exploiting weak spots, remodeling its configuration, including a fake entry, etc. What is the result? When every IP request is attempting to enter a particular website (the one spoofed), it will arrive at the forged website. 
  • Man-in-the-middle technique (DNS responses’ spoofing). With this technique, the intention is to poison both, server and the user’s device at once. Here the criminal is exactly between your browser and the DNS server. The communication gets poisoned through software that injects the code.

How to protect yourself?

  • Use encryption. Encryption is a great way to keep DNS data (queries and responses) safe. For the criminals who want to spoof, forging a copy of the security certificate of the legit website won’t be possible.
  • Work on detection. There are available software tools for scanning the data received as a last step.
  • Domain name system security extensions (DNSSEC). It checks the authenticity of data through DNS records. This way, DNSSEC secures DNS lookup’s authenticity.

Users also have to consider some preventive practices and not make the attackers’ job that easy. After all, they are the main target of such type criminal activity.

  • Prefer a virtual private network (VPN) for connecting. Connecting to a public network hides a pretty significant risk. VPN will supply users with an encrypted tunnel to securely reach servers and interact with the domains they visit.
  • Don’t click strange links. Before clicking any sent link, make a quick check of its URL. This is recommended, especially when such mischievous links are added in spam messages, text, or social media messages, from unknown senders. Not clicking can save users’ sensitive data.
  • Delete DNS cache. DNS data of often visited websites will be kept saved for some time. The server may not be poisoned anymore, but the user’s device may be. Users can prevent being directed by their browsers to forged websites by periodically cleaning the DNS cache.

What is the SOA record?

There are numerous types of DNS records, and for importance to understand DNS, we have to know how they work and their purpose. The SOA record is one of them, and it is one of the most common records. Let’s explain what it is and why it is essential to have it.

What is the SOA record?

The SOA record is a fundamental DNS record. It indicates the start of authority. It will point to the nameserver that will contain the original zone file. This server will have all the important information about the zone, and it will be the authoritative DNS server. The SOA record is the first that a zone file contains and establishes the general properties of the zone.

Typically, DNS servers operate together in a cluster. All of them are required to synchronize their zone file. To achieve that purpose, they need to perform a zone transfer. The SOA record is like a control record. It has a serial number and shows which is the newest update. Secondary servers, also called slave servers, see that the serial number changes. Then, they update and get the latest data from the authoritative server. 

Zone transfer

The Domain name typically has more than one DNS server. One is the primary DNS server, and the others are secondary DNS servers.

The primary has the original zone file, and you can make all the changes you want inside it. The information from it is going to be propagated to the rest. This is possible through a zone transfer. The zone transfer simply is a process of updating the zone file in the secondary DNS servers. It could be through IXFR zone transfer (partial transfer of changes only) or AXFR zone transfer (complete transfer of all DNS records).

Why do you need an SOA record?

The SOA record is required when you want to indicate the authoritative name server and to achieve a successful zone transfer. It is important for every zone to have an SOA record. Also, you must know that each zone should contain only one SOA record. In case that the zone does not have an SOA record or if you insert there are more than one, your zone will not work. So, be careful and don’t make such a mistake. 

Structure

The SOA record contains inside the following elements:

  • Name – The name of the zone that the DNS admin has put.
  • Type – The type of the DNS record, which in this case will be SOA.
  • Primary name server – The hostname of the authoritative DNS server for that zone.
  • Admin’s email – It shows the email of the DNS administrator for that zone.
  • Serial number – The serial number of the zone that was mentioned before. The secondary DNS servers check this number and determine whether to update their DNS records or not.
  • Refresh rate – This number will show in seconds how frequently the secondary DNS server needs to re-visit the authoritative DNS server and check for changes.
  • Retry rate – If the zone transfer between the secondary DNS servers and the primary fails, this is the time the secondary servers will remain trying to update. If the time expires, the secondary servers’ data will be outdated, and they will stop answering queries. 
  • Default TTL – The number is a time period showing how long the DNS records are valid. After the time runs out, the secondary DNS servers must discard them and perform a new zone transfer again.