DNS is the most important component of the Internet. It is basically responsible for translating hostnames to their respective IP addresses, the process of which is quite simple to understand. DNS directs users to your website based on the address information retrieved through the DNS resolution process.
There are several ways to configure DNS servers and changes to existing configuration takes time to propagate globally. Complexity comes into picture while trying to know how changes are propagated in DNS. DNS management requires securing the servers and optimizing performance to ensure 100% site availability and a positive user experience.
Issues impacting DNS performance can quickly create network bottlenecks and slow down the website. The issue can escalate leaving your website inaccessible to users.
How does DNS Resolution work?
The DNS resolution process involves querying DNS servers to find the IP of the domain. The image below illustrates the process, for a detail explanation of the process check you can read our blog on how a domain name is translated to an IP address.
Zones and Zone Files
Now that we have understood the resolution process, let’s move on to DNS zones and zone files. DNS is broken into many different zones, which in turn helps differentiate between distinctly managed areas in the DNS namespace. The use of zones and zone files allows DNS to be a distributed and flexible system. Zones provide an easy and simple method of grouping domain data across multiple domains together for storage.
Every name server, starting from the root to the authoritative name servers, has its own zone that it is responsible for. A domain administrator would be responsible for creating zones and handling delegations/zone transfers.
To understand the concept of zones in a better way, let’s consider you are the organizer of a football tournament, consisting of five teams. Each team would have a manager, who is responsible for the selection of players, training them etc. Now, if you want to contact a particular player on a team, you just have to get in touch with the team’s manager, to retrieve the information easily.
All the information for a zone is stored in a DNS zone file. A zone file is a plain text file stored in a DNS server. It contains a representation of the zone and the records for all domains within the zone. Zone files start with a Start of Authority (SOA) record, with important information including contact information for the zone administrator.
Any change made to the DNS configuration, for instance, the addition of a nameserver; will be reflected in its Zone file.
Also, the updates made to the DNS zone of a domain will take time to be propagated across the Internet. The speed of this update is decided by the SOA resource record.
Below is an example for the format of an SOA record:
- Name: The name of the zone (example.com)
- Class: Zone class (IN for Internet)
- SOA: Resource Record Type
- MNAME: Fully qualified domain name of Primary DNS server (ns.example.com.) that is authoritative for all information within the domain.
- RNAME: e-mail address of the responsible party for the domain.
- Serial Number: This is a 32-bit unsigned integer that represents any change made to the zone file. Every time there is an update, the value is incremented. For simplicity, the serial number value would be in the following format: YYYYMMDDn, where YYYY is the year, MM is the month, DD is the day, and nn is the revision number (in case the zone file is changed more than once in a single day). This way, one would know when was the last change made to the zone file.
- Refresh: The number of seconds before the zone should be refreshed
- Retry: The number of seconds before a failed refresh should be retried
- Expiry: The upper limit in seconds, before a zone is considered no longer authoritative
- NXDomain TTL: The negative result TTL (Example: how long a resolver should consider a negative result for a subdomain to be valid before retrying)
As the SOA determines DNS propagation, checking the Zone file and verifying the SOA should be the first step when troubleshooting DNS related issues.
One of our customers, reached out to us a while ago, complaining that users in China were unable to access their website.
When investigating this case, we observed that when doing a DNS Experience test for the domain, an SOA record was returned, instead of an A record. Even while querying the Authoritative Name Servers, we did not see the “Answer” section. This hinted at an issue with the site’s zone file. Furthermore, the Serial Number mentioned within the SOA record was in an invalid format.
Once we confirmed there was an issue with the zone file, the customer reached out to their DNS provider and got the zone file configured properly which fixed the issue.
DNS performance can be impacted by external factors such as DDoS or other attacks as well as issues with the DNS configuration itself. In this blog, we discussed how an unverified entry in the Zone file can render the website inaccessible.
It is important to ensure zone files are configured correctly and updates to the records are verified. Errors in the zone file will hinder the DNS resolution process which in turn becomes a major bottleneck delaying the page load.