Chapter 3: DNS and Domains

Master Of Your Domain
In this excerpt from Ciaran’s upcoming White Paper ‘The Mail Must Get Through’ on email deliverability, we examine one of the core underlying features of the internet, DNS and Domains.

We established in the last chapter (sic) that any Internet connected computer can communicate with any other Internet connected computer by using its own and the destination IP address to determine if the two computers are on the same or different networks. And the same method is used by every computer involved in getting the data packets making up, e.g., an email or webpage, from sender to destination. We were left, however, with the unanswered question as to how computers discover one another’s IP addresses?

To answer this question

Have you ever wondered why such a magnificent word is used to label a website or as part of an email address? IT people are notorious for their attachment to fantasy games and (graphic) novels and maybe they just couldn’t resist the idea of being able to talk about ‘my domain’. Or there could be a bit more to it. We’re all familiar with ‘domain names’ and use them all the time to navigate the Internet. But what is a ‘domain’? Or in other words, what is the thing that a domain name is the name of? A domain is the collection of technical resources used by an organisation. Macnamara’s domain, macnamara.co.uk, includes a web server, an email system, a messaging system, a voice system, a file system, a user authentication system and various other systems related to our business activities. The domain called macnamara.co.uk represents our collection of business resources. Some of these resources are available to people outside our company and others are private but they are all grouped together in the macnamara.co.uk domain. The same is true for all organisations, e.g., gov.uk, microsoft.com and google.com with each of these representing a huge array of systems and services.

MXToolBox is just one of the many DNS tools you can use to look up DNS Records for a domain
MXToolBox is just one of the many DNS tools you can use to look up DNS Records for a domain

The organisation, through its technical team, takes full responsibility for the availability of these resources, who can and can’t access them and how well they represent the organisation internally and externally. A ‘domain’ in the sense of a span of authority and control now begins to make sense. Just think, they might have been called realms, what would that have done for system administrators’ egos? An important point to grasp here is the idea of authority. As well as being a label for a collection of resources made available by an organisation, a domain is an authoritative online representation of the organisation. In some ways the domain name is analogous to the old company rubber stamp that used to be kept in a safe in the bosses office and used to authenticate documents produced by the company. A domain, as we will see, can speak for or authoritatively represent, the organisation that owns it. Bearing this in mind, it is astonishing that (especially smaller) organisations are often casual about maintaining their domain names. It is not unusual to find the username and password used to register and maintain a domain name has been lost or handed over to, e.g., their web development agency.

So, how can a domain speak authoritatively for the organisation that owns it? To find our way between and within domains we use something called the Domain Name System or DNS. This is a system of signposts that allows us and our applications to find the resources we need within a domain. We have a great explanation of DNS here: What is a Domain? But, for our purposes, we just need to know that for each domain that wants to make some of its resources, such as a website, publicly available a file, known as a zone file, is published on one or more DNS servers containing a list of resource names together with their corresponding server locations (ultimately IP addresses). These record pairs are much like like the name/number pairs in a telephone directory.

DNS records are often held on multiple DNS Servers for redundancy
DNS records are often held on multiple DNS Servers for redundancy

When we want to access a resource, we send a query to the DNS server giving the domain name and the name of the resource we want to use, and the DNS server looks up the resource location in the zone file for that domain and answers the query with the required location. Zone files may be stored on several servers to make it easier to find them, but one server has responsibility for maintaining the definitive copy of the file and this server is said to be authoritative for the domain. This is the sense in which the domain name system can be said to speak authoritatively on behalf of a domain or, more accurately, on behalf of the owner of a domain.

Now things get more interesting. If DNS can be used to provide answers as to the location of publicly available resources to anyone who asks, could it perhaps be used to provide answers to other questions that might be useful to systems interacting with the domain? If the relevant information can be stored in the DNS name/information pair format there is no reason why not. To do this, zone files can contain a special type of record pair called a Text or TXT record. A TXT record, like all other DNS records consists of a name and a value. If the name is queried the value will be returned. Another useful type of record is a Canonical Name or CNAME record. A CNAME record points to the name of another resource, which may be in the same zone file or in another domain. In this sense, canonical means real and refers to the real name of a resource. Presumably this type of record could have been called a Real Name or RNAME (though this is already taken as the administrator in the SOA record), but remember we are dealing here with the people who came up with the word domain to describe a set of resources. The ability of DNS servers to authoritatively answer queries other than just the location of resources by using TXT and CNAME records can be used to reduce the risk of our legitimate emails becoming collateral damage in the war against spam and scams. Just one more technical diversion, into how email gets from sender to recipient, is needed before we see how this works.

No one is in charge of the internet but we are all masters of our own domain

Like this article?

Share on Twitter
Share on LinkedIn
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Making Sense Of Information Security

Making Sense of Information Security – Online Course

In this series of 5 short tutorials, ‘Making Sense Of Information Security’, Ciaran delivers a step by step guide on getting to grips with this at times tricky concept. Aimed at office managers, we cover areas such as how to get senior management buy-in, how to undertake a risk assessment, how to approach treatment of those risks, your responsibilities to data subjects under the GDPR, and more.

Read More »
copilot-logo

Enhance Productivity with Microsoft 365 Copilot

AI tools are transforming how people approach their work, but online ‘free’ tools such as ChatGPT are not secure for businesses to use, and you should never enter any confidential or personal information into free online AI Services. This information can be used to train the AI and make it available to other users, and may constitute a data breach.

Read More »
3D rendering. Abstract background concept of cyber security and attack, system crash.

The 7 Most Common Attack Vectors in 2024

With the rapid onset of new technological capabilities, cyberattacks are a very real threat to any modern business. After all, as more businesses implement new technologies into their business, cyber attackers gain more new targets to try their hand at.

Read More »
Scroll to Top