DNS Haiku

By John Lim, CTO

I ripped off the above haiku from reddit.com/r/sysadmin. The reason I love it and all other sysadmins love it is that it’s TRUE.

Specifically, in an Active Directory environment, DNS is a yuuuuge deal but in our regular day to day internet life, DNS is STILL a yuuuuuuuge deal.

What is DNS? DNS stands for Domain Name Services. What is the functionality of DNS? Well, the biggest function of DNS that we take advantage of is translating a Domain Name to an IP address for our applications to function. Basically, when you type google.com into your web browser, DNS tells your web browser the IP address to pull down the website for Google. Is that all that it does? Heck no! But just translating an IP address from a domain name is awesome. Who wants to go around remembering IP addresses of websites that they want to visit?

Email Flow, Yo!

Anyways, I want to dig a bit deeper into the boring side of DNS. Yes, translating IP addresses from names is actually the sexy side. There is a whole boring yet intriguing side of DNS that most people don’t event know about or should even care about actually (Except for IT peeps!).

How does email flow from one server to another? Did you know that DNS is in the front lines of email flow and one of the many ways to prove your authenticity of your emails?

So a Domain Name Server is the clearing house of all of yours and others domain records. There are a bunch of different types of records that a DNS server (yes, it’s kind of redundant but it’s easier to read) holds for any domain names that are registered with a Domain Registrar like GoDaddy or Network Solutions.

These records do different functions. From the above example of IP from name translation, we are using either “A” records or CNAMEs. To determine where to send a particular email, email servers use an MX record. An MX record is what any email server will look up, against a DNS server, to determine the destination server of the email it has to send to. So if I send an email from my domain (@tektegrity.com), my server will do an MX record lookup, find where my @gmail.com MX record is and send it to that location. Pretty sweet right!?!

So how does the destination server know that I am who I am when sending emails so that my emails does not go into a spam filter blackhole? Well, there are three main tricks with DNS that we (IT pros) do here.

One is the SPF record. Sender Policy Framework (SPF) is a TXT record you setup on your nameserver basically saying from which locations emails from me will originate from. SPF is super old school but still utilized. In order for SPF to work the destination server has to be configured to utilize SPF lookups though.

Two, we would leverage DNS’s illegitimate brother called rDNS. rDNS stands for reverse DNS. Some email servers will use rDNS to see if the originating server’s IP address is tied to the domain name. This is even older than SPF and really hit or miss on functionality.

The new hotness with respect to email authenticity and validation is DKIM. DKIM is so so hot, I cannot even explain it. I’ll post a link < here > and leech off someone else work to explain (Thanks, Return Path!).

This article is so boring, I completely went off track and just talked about DNS as it pertains to emails…Guess I’ll have to extend the next article to talk more about DNS and how it pertains to Active Directory environments. Stay tuned!

//John, CTO directs our team of technicians in support cases, new project planning, and research and development. John came to TekTegrity after spending ten years as a leader in Cuesta College’s Information Technology Department where he helped make possible Cuesta’s High Tech building, myCuesta portal, and Gmail integration. If you come by the office and there are dozens of donuts, bagels or fresh egg rolls (from San José) in the break room, John is most likely the food fairy who left them. And if he’s not feeding or directing the tech team you might find John having lunch at the Elks Lodge or spot him cruising the coast with his motorcycle gang.  More on John >>