Global DNS concept

Prev Next

Available in Classic and VPC

A few important concepts about Global DNS are explained prior to learning the overall scenarios of using Global DNS. The following are the main concepts to be explained:

Note

To aid in understanding of Global DNS concepts, see glossary.

Domain registration mechanism

If you want to use a domain, purchase and register a domain name to use instead of an IP address, and have a name server containing the mapping information of the domain name and the actual IP address. If you use NAVER Cloud Platform's Global DNS, you can build a name server in a cloud environment but you cannot purchase a new domain name. Therefore, you must first register a new domain name in a certified registration agency such as Gavia, iNames, or Dotname Korea, and then build a name server with Global DNS.

DNS record type

DNS record is a series of characters used to configure settings about a domain in DNS.
The following DNS record types are available in Global DNS:

SOA record

  • SOA stands for Start of Authority and shows the important information of a domain zone.
  • In Global DNS, the SOA record is automatically created when adding a domain and cannot be added, edited, or deleted.
  • Record form: {Domain name server} {Serial} {Refresh} {Retry} {Expire} {TTL}
    • Serial: version number of the domain zone
    • Refresh: data renewal interval of the domain zone
    • Retry: retry interval when the data renewal interval of the domain zone fails to be confirmed
    • Expire: expiration interval of the domain zone after repeated failure to retry
    • TTL: application interval of record changes

A record

  • It maps a domain name to an IPv4 address.
  • You can map multiple IP addresses to one domain name, and multiple IPs are answered in round robin order according to the number of requests.
  • The TTL default is 300 seconds (5 minutes), and setting the TTL too high will delay reflections when changing record values.
  • Examples
    • Record name: www.example.com
    • Record value: 10.0.0.1

AAAA record

  • It maps a domain name to an IPv6 address.
  • Just like A record, you can map multiple IP addresses to one domain name, and multiple IPs are answered in round robin order according to the number of requests.
  • The TTL default is 300 seconds (5 minutes), and setting the TTL too high will delay reflections when changing record values.
  • Examples
    • Record name: www.example.com
    • Record value: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

NS record

  • It shows the name server information of a domain.
  • In Global DNS, the NS record is automatically created when adding a domain, and you cannot add, edit, or delete the record values.
    • Record values provided: ns1-1.ns-ncloud.com, ns1-2.ns-ncloud.com
  • The TTL default is 86,400 seconds (1 day) and can be edited.

PTR record

  • PTR stands for Pointer and maps an IP address to a domain, as opposed to an A or an AAAA record.
  • PTR is a record for a reverse domain and is used for purposes such as host/service identification, validation of mail addresses and so on.
  • The domain name and IP address are written in the other direction and separated by a period (.).
  • Examples: how to create a PTR record of www.ncloud.com A 49.236.142.51
    • Create domain 142.236.49.in-addr.arpa > Add record > Enter record name: 51, select PTR type and enter record value: www.ncloud.com

CNAME record

  • CNAME stands for Canonical Name and maps one domain name to a different domain name by defining it as an alias.
  • CNAME records conflict with all other records, so you cannot add other records if you add one to a host.
  • You cannot add CNAME records to the root domain. To use this feature in the root domain, use the alias feature provided by Global DNS.
  • Examples
    • Record name: www.example.com
    • Record value: www1.example.com

MX record

  • Use to set the mail routing domain for a domain zone for the purpose of using mail services.
  • Enter the record value as a fully qualified domain name (FQDN).
  • To enter multiple mail servers, separate them with newlines and add preference values in front of them. Smaller values have higher priority.
  • Examples
    • Record name: @.ncloudtest.com
    • Record value:
      10 mx1.ncloudtest.com
      20 mx2.ncloudtest.com

SPF record

  • SPF stands for Sender Policy Framework, a technology that authenticates email-sending servers.
  • By setting an SPF record, recipients can check the information in an outgoing email against the SPF record to verify whether the email is forged.
  • Any email from servers not registered in the SPF record is processed as spam.
  • Examples
    • Record name: @.example.com
    • Record value: v=spf1 include:_spfblocka.ncloudtest.com include:_spfblockb.ncloudtest.com ~ all

TXT record

  • A TXT record is a text record consisting of arbitrary strings of characters, and you can enter simple text data about your domain.
  • It can be used for a variety of purposes including verifying domain ownership, authorizing senders with SPF, adding digital email signatures (DKIM), and preventing spam from being sent.
  • Examples
    • Record name: @.example.com
    • Record value: "favorite drink=orange juice"
Note

A TXT record supports up to 255 characters; any record longer than this limit is wrapped.

SRV record

  • SRV stands for Service, which stores the location (host name and port number) of a service in DNS.
  • When listing multiple servers, their priority and weight can be indicated.
  • Servers with higher priorities receive more traffic than other servers. When servers have the same priority value, servers with higher weights receive more traffic than other servers.
  • Record form: _ {Service}._ {Protocol}.{Domain} SRV {Priority} {Weight} {Port number} {Target}
  • Examples
    • Record name: _kerberos._tcp.ncloudtest.com
    • Record type: SRV
    • Record value: 10 60 88 kerberos.ncloudtest.com

CAA record

  • It specifies a certificate authority (CA) that can issue a certificate for a domain.
  • A wrong CA may interrupt the issuance of a certificate regarding the domain.
  • Record form: {flags} {tag} "{value}"
    • flags: set a value from 0 to 255
    • tag: set to the value of issue or issuewild
    • value: enter a value according to the specified tag value
  • Examples
    • Record name: ca.example.com
    • Record value: 0 issue "ncloud.com"

DS record

  • A DS record is a DNSSEC key fingerprint used for zones with delegated security when DNSSEC is enabled and is used to verify the reliability of the subdomain.
  • In Global DNS, DS records are created automatically when DNSSEC is enabled.
  • Record form: {Key tag} {Algorithm} {Digest type} {Digest}
    • Key tag: A numeric value used for record identification
    • Algorithm: The encryption algorithm used to create a security key for the DNSKEY record (record with a public signing key in the domain zone). It is paired with a hash function, such as RSA/SHA1.
      • Note that 1 (SHA1) can be a potential threat.
    • Digest type: the algorithm used to create a digest of DNSKEY records
    • Digest: the hashed value of the DNSKEY records uniquely identifying the records
  • Examples
    • Record name: ds.example.com
    • Record value:
      36061 8 2 b7b5c0f2c4917d6eacc9ba4461e6ae693d7a366823530b385168cc842492c271
      36061 8 4 938888f1b4185ed56e65bbc63470d712decc509c1caf1682173134e2d833b8d3676965cc7084d5b1254ca21a62eaf94c