Global DNS concept

Available in Classic and VPC

A few important concepts about Global DNS are explained prior to learning the overall scenarios of using Global DNS. The following are the main concepts to be explained:

• Domain registration mechanism
• DNS record type

Domain registration mechanism

If you want to use a domain, purchase and register a domain name to use instead of an IP address, and have a name server containing the mapping information of the domain name and the actual IP address. If you use NAVER Cloud Platform's Global DNS, you can build a name server in a cloud environment but you cannot purchase a new domain name. Therefore, you must first register a new domain name in a certified registration agency such as Gavia, iNames, or Dotname Korea, and then build a name server with Global DNS.

DNS record type

DNS record is a series of characters used to configure settings about a domain in DNS.
The following DNS record types are available in Global DNS:

SOA record

• SOA stands for Start of Authority and shows the important information of a domain zone.
• In Global DNS, the SOA record is automatically created when adding a domain and cannot be added, edited, or deleted.
• Record form: {Domain name server} {Serial} {Refresh} {Retry} {Expire} {TTL}
  • Serial: version number of the domain zone
  • Refresh: data renewal interval of the domain zone
  • Retry: retry interval when the data renewal interval of the domain zone fails to be confirmed
  • Expire: expiration interval of the domain zone after repeated failure to retry
  • TTL: application interval of record changes

A record

• It maps a domain name to an IPv4 address.
• You can map multiple IP addresses to one domain name, and multiple IPs are answered in round robin order according to the number of requests.
• The TTL default is 300 seconds (5 minutes), and setting the TTL too high will delay reflections when changing record values.
• Examples
  • Record name: www.example.com
  • Record value: 10.0.0.1

AAAA record

• It maps a domain name to an IPv6 address.
• Just like A record, you can map multiple IP addresses to one domain name, and multiple IPs are answered in round robin order according to the number of requests.
• The TTL default is 300 seconds (5 minutes), and setting the TTL too high will delay reflections when changing record values.
• Examples
  • Record name: www.example.com
  • Record value: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

NS record

• It shows the name server information of a domain.
• In Global DNS, the NS record is automatically created when adding a domain, and you cannot add, edit, or delete the record values.
  • Record values provided: ns1-1.ns-ncloud.com, ns1-2.ns-ncloud.com
• The TTL default is 86,400 seconds (1 day) and can be edited.

PTR record

• PTR stands for Pointer and maps an IP address to a domain, as opposed to an A or an AAAA record.
• PTR is a record for a reverse domain and is used for purposes such as host/service identification, validation of mail addresses and so on.
• The domain name and IP address are written in the other direction and separated by a period (.).
• Examples: how to create a PTR record of www.ncloud.com A 49.236.142.51
  • Create domain 142.236.49.in-addr.arpa > Add record > Enter record name: 51, select PTR type and enter record value: www.ncloud.com

CNAME record

• CNAME stands for Canonical Name and maps one domain name to a different domain name by defining it as an alias.
• CNAME records conflict with all other records, so you cannot add other records if you add one to a host.
• You cannot add CNAME records to the root domain. To use this feature in the root domain, use the alias feature provided by Global DNS.
• Examples
  • Record name: www.example.com
  • Record value: www1.example.com

MX record

• Use to set the mail routing domain for a domain zone for the purpose of using mail services.
• Enter the record value as a fully qualified domain name (FQDN).
• To enter multiple mail servers, separate them with newlines and add preference values in front of them. Smaller values have higher priority.
• Examples
  • Record name: @.ncloudtest.com
  • Record value:
    10 mx1.ncloudtest.com
    20 mx2.ncloudtest.com

SPF record

• SPF stands for Sender Policy Framework, a technology that authenticates email-sending servers.
• By setting an SPF record, recipients can check the information in an outgoing email against the SPF record to verify whether the email is forged.
• Any email from servers not registered in the SPF record is processed as spam.
• Examples
  • Record name: @.example.com
  • Record value: v=spf1 include:_spfblocka.ncloudtest.com include:_spfblockb.ncloudtest.com ~ all

TXT record

• A TXT record is a text record consisting of arbitrary strings of characters, and you can enter simple text data about your domain.
• It can be used for a variety of purposes including verifying domain ownership, authorizing senders with SPF, adding digital email signatures (DKIM), and preventing spam from being sent.
• Examples
  • Record name: @.example.com
  • Record value: "favorite drink=orange juice"

SRV record

• SRV stands for Service, which stores the location (host name and port number) of a service in DNS.
• When listing multiple servers, their priority and weight can be indicated.
• Servers with higher priorities receive more traffic than other servers. When servers have the same priority value, servers with higher weights receive more traffic than other servers.
• Record form: _ {Service}._ {Protocol}.{Domain} SRV {Priority} {Weight} {Port number} {Target}
• Examples
  • Record name: _kerberos._tcp.ncloudtest.com
  • Record type: SRV
  • Record value: 10 60 88 kerberos.ncloudtest.com

CAA record

• It specifies a certificate authority (CA) that can issue a certificate for a domain.
• A wrong CA may interrupt the issuance of a certificate regarding the domain.
• Record form: {flags} {tag} "{value}"
  • flags: set a value from 0 to 255
  • tag: set to the value of issue or issuewild
  • value: enter a value according to the specified tag value
• Examples
  • Record name: ca.example.com
  • Record value: 0 issue "ncloud.com"

DS record

• A DS record is a DNSSEC key fingerprint used for zones with delegated security when DNSSEC is enabled and is used to verify the reliability of the subdomain.
• In Global DNS, DS records are created automatically when DNSSEC is enabled.
• Record form: {Key tag} {Algorithm} {Digest type} {Digest}
  • Key tag: A numeric value used for record identification
  • Algorithm: The encryption algorithm used to create a security key for the DNSKEY record (record with a public signing key in the domain zone). It is paired with a hash function, such as RSA/SHA1.
    • Note that 1 (SHA1) can be a potential threat.
  • Digest type: the algorithm used to create a digest of DNSKEY records
  • Digest: the hashed value of the DNSKEY records uniquely identifying the records
• Examples
  • Record name: ds.example.com
  • Record value:
    36061 8 2 b7b5c0f2c4917d6eacc9ba4461e6ae693d7a366823530b385168cc842492c271
    36061 8 4 938888f1b4185ed56e65bbc63470d712decc509c1caf1682173134e2d833b8d3676965cc7084d5b1254ca21a62eaf94c