In the last post, we learned how to manage incoming traffic to your server using a reverse proxy. But how does that traffic reach your server in the first place?
I made some opaque references to DNS records, but otherwise skipped over the concept.
We’re going to get into it now.
We have to nerd out a bit first, though.
What is TCP/IP?
The most common transport protocol on the Internet is TCP (Transmission Control Protocol), delivered over a network protocol called IP (Internet Protocol). You’ve likely seen the pair referred to as TCP/IP, or “TCP over IP”.
TCP has no inate concept of the transport layer, it is only an established method to establish communication between two entities. Think of TCP like a radio operator. He will use agreed-upon phrases like “roger” “10-4” and “over and out” to interact with the voice at the other end. However, the radio operator could just as well use the same protocol if he were talking directly to a person next to him. IP, on the other hand, is like the radio. It establishes the method for transporting information between the two participants.
A transport protocol can work over multiple network protocols, and a network protocol can carry multiple transport protocols.
IP is the “phone system” of the Internet, to make a crude analogy. In the first version of IP, an address consisted of a 32-bit “dotted quad”, or a series of four integers between 0-255 separated by periods. e.g.
192.168.1.1. This is now known as IPv4 (named so because of the dotted quad).
Since the rise of the Internet and the subsequent exhaustion of the IPv4 address space, a newer version was proposed (IPv6) which represents a 128-bit address consisting of six hexadecimal numbers.
I won’t get too much more into it, but remember that an IP address is a unique identifier of a device communicating over the Internet.
What is DNS?
DNS is an acronym for Domain Name System. It’s commonly referred to as the phone book of the Internet. If you’re old like me, you may have used an actual phone book.
If not, consider that the purpose of a phone book was to match a business name (Joe’s Pizza) with a phone number (555-420-6969). It’s difficult for humans to remember phone numbers, but rather simple to remember names. A phone book was simply a list of name & phone number pairs, divided into sections based on business type (for commercial) or by last name (for residential).
DNS functions in the same way at a high level. We are used to interacting with the Internet using domain names like google.com, twitter.com, and apple.com.
However, the IP protocol is very specialized. It is designed to route traffic from one IP address to another IP address, period. It has no concept of a domain name, so asking it to contact google.com will not work.
Enter DNS. The system is designed to maintain a series of specialized records that translate a domain name to an IP address. Instead of memorizing IP addresses for your favorite websites, a user’s device simply contacts a DNS server every time a new domain name is requested, translates it to an IP, and then sends the TCP traffic over IP to that discovered address.
If you understand that, you know enough to work with DNS without becoming a network engineer.
How are Domain Names Created?
Domain names were originally divided into six top-level domains (
.gov). These top-level domains were (and are) managed by different groups. These groups allow registrars to sell access to distinct domains under that top-level umbrella. In 1998, an American corporation known as ICANN (the Internet Corporation for Assigned Names and Numbers) was formed to oversee the recording of all DNS entries and IP address ranges.
That’s not super relevant to us, but it’s fun to know the history of the Internet.
From an end-user perspective, a domain name is purchased from a registrar and then sent for recording with ICANN. The user does not manage any of that, only the DNS records associated with that particular domain name.
Now when I use the term “purchased”, I do so with my fingers crossed. It’s more like a lease than a purchase, because a consumer can never completely own a domain name. Once you have leased it, you are free to transfer, renew and update as many times as you wish, but you can never stop paying rent on it. It’s a nice rent-seeking industry for the registrars.
Which Registrar Should I Use?
I prefer to use Porkbun for my domains. Porkbun has no affiliate or reseller programs, so I make no money off the recommendation. The advantages of Porkbun as as follows:
- Cheap registration and renewal fees
- Automatic WHOIS protection (obscures my ownership record for the domain name, instead of listing my name and address)
- Free email forwarding for up to 5 users per domain name
- Email Hosting
- Web Hosting
- SSL Certificates
I don’t use any of the hosting services, but I do take advantage of the email forwarding for some infrequently-used domains.
If you’re a BowTied animal and haven’t registered your domain name, I suggest you go do it now just for the email forwarding.
Your registrar will typically allow you to set DNS records directly through their service, or to delegate the DNS to a 3rd party. Up to you!
Types of DNS Records
Once you have secured a domain name, you can edit its associated DNS records.
There are four main DNS records that you need to understand:
AAAA- Associates an IPv4 and IPv6 address with the particular domain name
CNAME- References the
AAAArecords of another domain name (useful for subdomains, so you can avoid updating multiple
Arecords with the same value)
MX- Sets the hostname of the server responsible for Mail eXchange. This will redirect all emails that are sent to your domain name.
TXT- Allows you to define a text-based record of any kind, which is useful for SSL certificates and other services which require you to prove ownership of a domain.
There are others, but they are uncommon and you will have specific instructions if you need to set them.
This one was a bit dense without much practical information to share. However, DNS is very important and you’ll need to interact with it in the coming lessons on VPS and email hosting services.
Tip JarIf you're getting value from my writing, please support my efforts with a donation. You can donate directly using my public Ethereum address
bowtieddevil.eth. Or you can use the donation button below, which works through my self-hosted BTCPay Server.