DNS

  • DNS

    Definition and structure of DMARC record.

     As an online business owner, a positive reputation and clients’ trust are significant values that take time and effort to build. Therefore, they must be protected. Because for cybercriminals, those are means to kill two birds with one shot! They approach your clients spoofing your business image to get illegal profits from them. 

    DMARC record definition.

    DMARC or Domain-based Message Authentication, Reporting, and Conformance record is a mechanism to let e-mail senders and recipients identify if an e-mail is truly coming from the sender it claims to be. DMARC also helps to define the actions to take when the e-mail gets authenticated and when it fails the authentication.

    Once you set it up, it tells the recipient server to reject the e-mail, quarantine it, or allow its delivery. Besides, DMARC sends two kinds of reports, RUA (aggregated reports) and RUF (forensic reports), to give you total visibility about e-mailing. 

    RUA reports to you the IP addresses that have tried to pass on a message to a recipient using your domain name. It also includes an e-mail traffic overview. RUF reports are only sent in case of failures. They supply the headers of the original message and the original message.

    DMARC record structure.

    DMARC is a DNS TXT record type, and it has the following structure: a specific domain name, tags, and their corresponding values to tell the recipient’s mail server what to do.

    Example:

    “v=DMARC1; p=quarantine; rua=mailto:dmarc@exampledomain.com”

    Tags are: “v” indicating the DMARC version. The “p” means policy, and “rua”, the e-mail where you want to receive the aggregate reports.

    DMARC record’s available tags and values.

    • Version, “v”. The first and obligatory tag to have. It states the version of the protocol: valid value, DMARC1.
    • Percentage, “pct”. It expresses the percentage of filtering messages. “pct=50” means half of your company’s messages will be filtered by the recipient. Valid values, from 0% to 100%.
    • Subdomain policy, “sp”. It expresses the requested handling policy for subdomains.
    • Report format, “rf”. It declares a forensic reporting format or formats. Valid values, “afrf”, auth-failure report type), “arf”, abuse reporting format.
    • Report interval, “ri”. It’s used in the aggregate reporting interval. It supplies DMARC feedback for the defined criteria. The most used value is a daily report.
    • ADKIM, “adkim”. This is the alignment mode for the DKIM protocol. Valid values, relaxed mode, “r” and strict mode, “s”.
    • ASPF, “aspf”. This is the alignment mode for SPF. Valid values, relaxed mode, “r” and strict mode, “s”.
    • Policy, “p”. It tells the recipient server what to do—reporting, quarantining, or rejecting e-mails that fail the authentication process. Valid values are “none” (no specific action to be executed), “quarantine”, or “reject” the e-mail.
    • Failure reporting options, “fo”. It supplies options to generate report failures. Valid values, “0”, generate a DMARC report if all authentication mechanisms fail to produce an aligned “pass” result. “1”, generate a DMARC report if there’s something different than an aligned “pass” result. “d”, generate a DKIM report if the e-mail’s signature failed the check. “s”, generate an SPF report if the e-mail failed the SPF check.
    • Report e-mail address or addresses, “ruf”. It directs to addresses whose messages have forensic information to be informed: valid value, the e-mail address of the domain’s administrator.
    • Report e-mail address or addresses, “rua”. It’s to report URI or URIs for aggregate data. Valid value, the e-mail address of the domain’s administrator.

    Conclusion.

    The DNS DMARC record is an efficient mechanism for e-mailing to be safer! Enable DMARC record to protect your business and clients right now! 

  • DNS

    What is an SPF record and How Does it Work?

    E-mailing is not new, but it keeps being a widely-used communication form. It’s the official way companies use to approach clients, employees, providers, etc. 

    Cybercriminals know it, so they try all sorts of malicious tricks to get into your communications. Spoofing here and there, they can send e-mails on companies or people’s behalf just to use their reputation and trustability to cheat others. 

    That’s why the SPF (sender policy framework) protocol emerged for making e-mailing a safer game.

    You (administrator) have the way to limit who can send messages from the domain, and the recipient can check such authorization to decide and take proper actions. It sounds already less risky, don’t you think so?

    What is an SPF record?

    An SPF record or sender policy framework record is a DNS TXT record that lists the servers that have the authorization to send e-mails from a specific domain. It uses TXT, meaning administrators can enter text into the DNS through this record. 

    Before the SPF record, the SMTP (simple mail transfer protocol) didn’t authenticate the “from” (address) of e-mails. That facilitated criminals to spoof a trustable sender for cheating a recipient. Faking the address of a bank or a government office spoofers pushed victims to share their sensitive data or to take specific action against their own finances or interests. The SPF record was created to add the possibility of authentication and avoid these risks.

    An SPF record must have in its list the sender’s IP address of a message to deliver it. Otherwise, it will be discarded or marked as spam. 

    Besides the SPF record, you also have DMARC (domain-based message authentication, reporting, and conformance) and DKIM (DomainKeys Identified Mail) records to confirm if the source and e-mail come from is risky or trustable. 

    How does an SPF record work?

    Servers that receive e-mails verify SPF records by requesting the domain’s return-path value located on the e-mail’s headers. The recipient’s server takes the return path to look for a TXT SPF record in the DNS server of the sender. 

    An SPF record correctly configured will show the list of authorized mail servers. If an IP address is not included on the list, it will fail the verification test.

    SPF records work through mechanisms and qualifiers. Mechanisms help to set up who is authorized to send messages on behalf of a domain. While qualifiers are the actions that must be executed when a mechanism is matched. 

    Mechanisms:

    “all”, everything after it must be ignored.

    “mx”, it performs MX lookup to check the addresses. Then compare with the return path. A match will allow it.

    “a”, through it, A and AAAA records are tested and compared with the return address. In case of a match, everything is fine.

    “include”, it starts a recursive host test. With it, other domains can be included for sending e-mails from the outgoing mail servers.

    “exists”, it helps to construct an arbitrary domain name used for a DNS A record query.

    “ptr”, it checks the reverse DNS route if the IP address points to the domain name. If the IP address belongs to the domain, it will be validated.

    “ip4”, it checks if the IPv4 address belongs to the IP network.

    “ip6”, it checks if the IPv6 address belongs to the IP network.

    Qualifiers:

    “+” pass

    “-” fail

    “~” softfail

    “?” neutral

    Conclusion.

    SPF record is a great ally to fight back spoofers, reduce bouncing e-mails, and keep your good reputation safe! Set it up. You won’t regret it!

  • DNS

    ​Verifying your domain with a TXT record

    Before we start the topic of the TXT records, we are just going to scratch the surface of the DNS (Domain Name System). First, we will learn what DNS is, a DNS record, and the TXT record. That way, you can better understand the process of the verification of your domain.

    ​What is DNS?

    DNS is the universal translater that links domain names to their IP addresses. It is used on all websites and many services like, for example, web hosting and emails. You should know that DNS works with DNS records, which are instruction sets, linking various resources (names, IP addresses, services, etc.) together.

    ​What is a DNS record?

    A DNS record is a simple text file that DNS uses to add data. The data can be which domain has which IP address, which domain name has another canonical name, which server is located, and more.

    ​What is a TXT record?

    The TXT record is a type of DNS record that can verify your domain and various authentication processes. The most common ways that you can use TXT are:

    • Sender Policy Framework (SPF). It is a technology that can give you feedback about your emails. Basically, it shows who can send emails on behalf of the domain’s owner.
    • Domain Keys Identified Mail (DKIM). It is a method of encryption for your emails by linking the domain name and the emails. It is another anti-forging technology that improves the security of your emails.
    • Domain-based Message Authentication, Reporting, and Conformance (DMARC). It combines the features of the previous two and provides a more complex reporting mechanism. For example, it can show if the email was sent from the right domain and, if not, what the receiver should do.
    • Verify your cloud account. Google, Microsoft, Amazon, and others will use TXT records with a particular string of information that they will want you to add to your DNS.

    ​Verifying your domain with a TXT record.

    If you are using a service that wants you to verify that you are the real owner of a domain, that is often performed by adding a TXT record to the domain host’s zone. A service like Google Workspace, Microsoft 365, and Google Console must first verify the owner before starting working.

    They will usually provide you a code, a string of random text, that they want you to put where your domain’s DNS records are located.

    If you are the owner of a domain, you would have access to your profile on your domain registrar’s site, where you bought a domain name. There you will need to create a TXT record. Depending on your provider, the type of record could be listed as TXT, DNS TXT, or TXT record.

    So go to the domain settings and search for DNS management (or similar, depending on your provider).

    Add a TXT record where the host will be your domain name, and the TXT value will be the code you previously copied.

    Save the new record.

    Now you need to wait until the propagation ends. Sometimes, changes can take up to 72 hours until your newly created record gets on all the DNS servers of the host.

    Done! You will be able to use the service already.

    ​Conclusion.

    Verifying your domain is a must when you want to use many services. The way to do it is simple, by adding a TXT record to your domain’s DNS zone.

  • DNS

    DNS terms every beginner should know

    Here are some DNS terms that will help you manage your domain name as great as possible. As a beginner, it could be really frustrating to learn the complex structure of the Domain Name System (DNS). Yet, let’s start explaining, and everything will become much more clear, and it will make more sense.

    DNS

    The Domain Name System, or DNS for short, is an essential part of the Internet. It is a global naming database that translates internet domain names to IP (Internet Protocol) addresses. DNS is decentralized and has a multi-level hierarchical structure. Thanks to that system, humans are not required to remember long and difficult numbers (IP addresses) to enter and explore every website. Instead, people are able to type right away the domain name and successfully connect to their desired web page. 

    Domain name

    The domain name is the identifier for a particular website. It is an individual text string used for describing devices or services, such as example.org. Users typically use it and easily remember it rather than its corresponding IP address.

    DNS zone

    The DNS zone is the administrative segment that the DNS namespace applies. Each DNS zone is managed by a separate DNS administrator. That is why the entire system is considered decentralized. In many cases, a domain and the DNS zone could be considered as the same thing, except that this is not actually accurate. A domain is possible to have only one individual DNS zone, but there are other cases that are usually more common. When a domain holds a number of DNS zones, it is pretty understandable that they are not the same thing. 

    Inside the DNS zone can be stored various information, which is concerning the DNS records. Additionally, inside the SOA (Start of Authority) record of the DNS zone is stored contact information about the administrator and zone parameters like Refresh and Retry rate.

    DNS query

    DNS query is one of the DNS terms representing the process of searching the IP address (an A record or an AAAA record) or another DNS record of a domain. Imagine the user who asks for particular information, and it sends exactly a DNS query. Next, the DNS recursive server, after receiving the query, will search for the needed answer. Finally, the recursive server gets back to the user with the wanted data.

    DNS record

    DNS records are text files that hold information concerning the exact Domain Name System. Every domain has a different amount and diverse DNS record types. They indicate separate entities and settings of a domain. For example, one of them could point to the IP address (A or AAAA record), another could show a specific service, such as the email server responsible for receiving emails (MX record), and many more. 

    DNS server 

    There are two fundamental types of DNS servers – authoritative name servers and recursive name servers.

    The authoritative name servers keep the zone file of a precise zone. They are able to answer queries. In this type are all the authoritative name servers of every domain, such as TLD servers (like .org, .com, etc.) and Root server (the highest hierarchy level).

    Recursive name servers assist in searching for the answer to the DNS query by querying separate servers till they get a response. Thus, they are in the middle between the DNS user and the authoritative name servers.