Internal RG Wiki

DNS Stuff

How to Add DNS Records

Learn how to add certain DNS records for clients

To add DNS records, you typically need access to your domain's DNS management interface, which is provided by your domain registrar or hosting provider. DNS records can be added through their web interface or through command-line tools if you have direct access to the DNS server.

Using Cloud Services (AWS Route 53, Google Cloud, etc.)	How to Add DNS Records via a DNS Provider's Web Interface
Common Types of DNS Records	DKIM
DKIM Splitting

Here’s a breakdown of how to add different types of DNS records, what they are used for, and how to add them:

Common Types of DNS Records

A Record (Address Record)

- Purpose: Maps a domain to an IPv4 address.
- Format:

Name: example.com

Type: A

Value: 192.0.2.1

TTL: 3600

Example: If you want example.com to point to an IP address (e.g., 192.0.2.1), you'd create an A record.

AAAA Record (IPv6 Address Record)

- Purpose: Maps a domain to an IPv6 address.
- Format:

Name: example.com

Type: AAAA

Value: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

TTL: 3600

Example: If your site is hosted on a server with an IPv6 address.

CNAME Record (Canonical Name Record)

- Purpose: Maps a domain to another domain (aliases).
- Format:

Name: www.example.com

Type: CNAME

Value: example.com

TTL: 3600

Example: You can point www.example.com to example.com without needing to configure an IP address.

MX Record (Mail Exchange Record)

- Purpose: Directs email to the mail servers for the domain.
- Format:

Name: example.com

Type: MX

Value: mail.example.com

Priority: 10

TTL: 3600

Example: Used to point email traffic for example.com to a mail server.

TXT Record (Text Record)

- Purpose: Used for a variety of purposes, including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and verification.
- Format:

Name: example.com

Type: TXT

Value: "v=spf1 ip4:192.0.2.0/24 -all"

TTL: 3600

Example: SPF record to help prevent email spoofing.

SRV Record (Service Locator)

- Purpose: Defines the location of servers for specific services (e.g., SIP, XMPP).
- Format:

Name: _sip._tcp.example.com

Type: SRV

Value: 10 60 5060 sipserver.example.com

TTL: 3600

Example: Used for specifying service endpoints (e.g., for VOIP).

NS Record (Name Server Record)

- Purpose: Specifies authoritative name servers for the domain.
- Format:

Name: example.com

Type: NS

Value: ns1.example.com

TTL: 3600

Example: Points to the authoritative DNS servers for the domain.

PTR Record (Pointer Record)

- Purpose: Maps an IP address to a domain name (reverse DNS).
- Format:

Name: 1.0.0.192.in-addr.arpa

Type: PTR

Value: example.com

TTL: 3600

Example: Used for reverse DNS lookups to map 192.0.0.1 to example.com.

CAA Record (Certification Authority Authorization)

- Purpose: Specifies which certificate authorities are allowed to issue SSL certificates for the domain.
- Format:

Name: example.com

Type: CAA

Value: 0 issue "letsencrypt.org"

TTL: 3600

Example: Restricting SSL issuance to specific CAs.

Steps to Add DNS Records via a DNS Provider's Web Interface

Log into Your DNS Management Console
- Access the DNS management section provided by your domain registrar or web hosting provider. For example, GoDaddy, Namecheap, Cloudflare, or AWS Route 53.
Choose the Domain You Want to Modify
- Select the domain for which you want to add or modify DNS records.
Find the DNS Records Section
- Navigate to the section where you can view and edit DNS records. It's often labeled as "DNS Settings" or "Manage DNS."
Add the Desired Record
- Click on “Add Record” or “Create Record.”
- Select the type of record you want to add (A, CNAME, MX, etc.).
- Fill in the necessary information (e.g., name, value, TTL, etc.).
- Save the record.
- DNS changes might take some time to propagate across the internet (usually up to 48 hours).Propagation Time

Adding DNS Records via Command Line (for self-hosted DNS servers)

If you're managing your own DNS server (using software like BIND, PowerDNS, or CoreDNS), you can add DNS records by editing the zone file directly.

For BIND (example for A, MX, and TXT records):

Open the Zone File
- The zone file typically resides in /etc/bind or /var/named (location depends on your server setup).
- Example: /etc/bind/db.example.com
Add DNS Records
- Example for an A record:
  
  example.com. IN A 192.0.2.1
- Example for an MX record:
  
  example.com. IN MX 10 mail.example.com.
- Example for a TXT record (SPF):
  
  example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 -all"
Reload the DNS Server After editing the zone file, reload the DNS service to apply changes:

sudo systemctl reload bind9

Using Cloud Services (AWS Route 53, Google Cloud, etc.)

If you use cloud services for DNS management, the process is quite similar to using a traditional DNS provider’s console:

Log in to your AWS or Google Cloud Console.
Navigate to the DNS or Route 53 section.
Select your hosted zone or domain.
Add a new record set and fill in the required fields.
Save changes and wait for propagation.

Important Considerations

TTL (Time to Live): It defines how long DNS records are cached. The shorter the TTL, the faster changes will propagate, but it may increase the load on your DNS server.
Record Priority: For records like MX, the priority determines the order in which mail servers are used. Lower values have higher priority.
DNS Propagation: Changes can take up to 48 hours to fully propagate, depending on TTL settings.

DKIM

Adding a DKIM (DomainKeys Identified Mail) record to your DNS helps authenticate emails sent from your domain, reducing the chances of spoofing or being marked as spam. Here's how you can do it:

Step 1: Generate a DKIM Key Pair

If you're using an email provider (e.g., Google Workspace, Microsoft 365, or Zoho Mail), they typically provide the DKIM key.
If you're self-hosting, use a DKIM key generator (e.g., OpenDKIM, PowerShell for Microsoft Exchange).

Step 2: Locate Your DNS Provider

Identify where your domain's DNS records are managed (e.g., Cloudflare, GoDaddy, Namecheap, AWS Route 53).

Step 3: Add the DKIM Record

Log in to your DNS provider.
Find the option to manage DNS settings.
Create a new TXT record with the following details:
- Type: TXT
- Host/Name: selector._domainkey.yourdomain.com
  - Replace selector with the one provided by your email provider (e.g., google for Google Workspace).
- Value: The DKIM public key provided by your email provider.
- TTL: Set to default (e.g., 3600 seconds or 1 hour).

Step 4: Save and Verify

Save the DNS record.
Wait for propagation (can take up to 24 hours).
Use a DKIM checker (e.g., MXToolbox) to verify that the DKIM record is correctly published.

Example DKIM Record

DNS TXT Record

Type: TXT
Host/Name: google._domainkey.example.com
Value:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK3yJp0GfVZzJmQ2H2VtD45e5aWxNXo0Fzp3wN5JG6QczVtKavYQIDAQAB
TTL: 3600 (or default)

Breaking Down the Record

v=DKIM1; → Specifies the DKIM version.
k=rsa; → Indicates the key type (RSA).
p=MIGfMA0G... → The public key (truncated for brevity).

DKIM Splitter

DKIM records can be quite long, and some DNS providers have character limits for TXT records (often around 255 characters per segment). To split a DKIM record into smaller chunks, you can use online tools like:

🔹https://www.mailhardener.com/tools/dns-record-splitter

Manual Splitting Example

If your DKIM record is too long, you can split it manually like this:

Before Splitting:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3yJp0GfVZzJmQ2H2VtD45e5aWxNXo0Fzp3wN5JG6QczVtKavYQIDAQAB

After Splitting (Two Parts):

"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3yJp0GfVZzJmQ2H2VtD4"

"5e5aWxNXo0Fzp3wN5JG6QczVtKavYQIDAQAB"

Please Note

Please make sure both parts of the DKIM record are enclosed in double quotes ("..."). DNS providers that enforce limits will automatically concatenate them when resolving.