DNS 🀘 Own it!

by Stephen DeLorme

🧐 My observation = People fear DNS 😱

A lot relies on your DNS records

  • πŸ™‚ Your website
  • πŸ˜ƒ Your other website
  • πŸ˜… Maybe your client’s website
  • πŸ“§ Your email
  • 😡 Your digital marketing tools
  • 🀯 Almost anything

Problems we will look at

  • Migrating a website
  • Losing DNS records
  • Security breaches
  • Slow page speed
  • Emails going to spam

πŸ€” What is DNS?

DNS = Domain Name System

DNS records tell people’s computers how to get to your website, email, etc.

DNS converts example.com into 205.142.35.67 

							
							@          IN    A     172.134.55.67    ; example.com

Key Terminology

Registrar

Company or organization that registers your domain. They point to your name servers.

Nameservers

Where your DNS records are hosted. DNS records point to your host.

There are lots of nameservers in the world. Your nameservers are the authority for your domain.

Hosts & Service Providers

Your host is where your website lives.
(Or we could be talking about a service provider, like in the case of email or a digital marketing tool).

Understanding Your DNS Configuration

  • Your registrar, nameservers, and website hosting could all be coming from the same provider.
  • Or, you might have a registrar for your domain, and a website host that provides you with nameservers.
  • For advanced setups, you might even have your registrar, nameservers, and hosting coming from three separate providers.

Problems & Solutions

Problem: Migrating a Website

You’re trying to migrate to a new host and are worried about experience downtime.

Solution: Stage to a Subodmain

Use your DNS to establish a subdomain. Setup site at new host under the subdomain and get it running. Once running, point the main domain to same place as subdomain. When the propagation is complete, users will seamlessly be directed to the cloned site without noticing. 😎

Step 1 - Create subdomain
						
							NAME             TYPE  POINTS TO
							@          IN    A     172.134.55.67    ; example.com - TacoHost Server
							staging    IN    A     164.55.78.125    ; staging.example.com - Our new hosting server
Step 2 - Create a clone

Create a clone of your website on the staging server. This could be done manually by copying the files and database of your WordPress site, or using a migration plugin.

Step 3 - Change primary A record
						
							NAME             TYPE  POINTS TO
							@          IN    A     164.55.78.125    ; example.com - Our new hosting server
							staging    IN    A     164.55.78.125    ; staging.example.com - This can be deleted now
Step 4 - Check propagation

In a shell, run the command:

							
								dig example.com a

Or just go to whatsmydns.net πŸ˜†

Then 🍻

Problem: Lost Records

Your host cancels your account. Or your host messes something up. Or a malicious threat cyber-actor [insert current jargon] hacks the crap out of your zone file. 😱

Solution: Backup Your Records

You can actually copy the text of the zone file if you like, or you can just take a screenshot of the DNS records as you see them in the browser. πŸ’Ύ

Seriously πŸ‘‡

If you only take away one thing from this talk, let it be this.

Problem: Security Breach

Somebody with access to your DNS manipulates the records to point your traffic somewhere else. 🀬

For further reading: What Is DNS Hijacking?

Solution: Basic Security Hygiene

Pay close attention to who has access to your DNS records. Don’t give out the password all willy nilly. Basic security hygiene. πŸ”

Limit Who Has Access
  • 🀨 Delegating access or creating an account is preferable to giving someone your login info
Limit Who Has Access
  • If you must share your password with them, find a secure way of doing this.
    • πŸ”‘ Encrypted email or messaging app
    • πŸ’£ Or, expiring / exploding messages
    • πŸ“± Or, use different channels, e.g email the username but text the password.
  • 😬 When they are done, change the password. Even if you trust them, you certainly won't trust someone who compromises their computer and takes the password.

Problem: Site Too Slow

Can be due to the host (most common, in my personal experience). But also people have to do a DNS lookup to get there, and slow DNS just adds to the time it takes. 😴

Solution: Premium DNS

Switch to a professional DNS provider that’s separate from your registrar or host. πŸ”₯

Problem: Email going to spam

Your mail is not coming from the same server as your website is hosted on. So any email from your WP site goes to spam. πŸ’©

Solution #1: SPF Records

This establishes at the DNS level which servers can send mail on your behalf (with the IP, not the domain). Add any server you want to send mail from to the SPF records. πŸ“§

In this example, only spf.protection.outlook.com, salesforce.com, and some server at 201.56.71.59 can send mail on behalf of your domain. 

							
								NAME                  TYPE     VALUE
								example.com.    IN    TXT      "v=spf1 include:spf.protection.outlook.com include:salesforce.com 210.56.71.59 ~all"

Further Trust: Add DKIM keys πŸ”‘

DKIM is a technique for digitally signing emails. It uses a private key on the mail server and a public key that is published in the DNS records.

tl;dr It helps your email client verify that the email you are looking at really cames from where it says it did.

Using DKIM πŸ”‘

  • Many enterprise level mail providers, e.g. Microsoft, support DKIM.
  • Many digital marketing tools, e.g. SalesForce, support DKIM.
  • If you are self-hosting WordPress, you can configure DKIM at the server level.
  • Or, you can use a 3rd party provider.

Solution #2: 3rd Party Mail Service

Offload all of your site's mailing to a 3rd party provider. They typically support SPF and DKIM.

You will likely need to modify your DNS records to use a 3rd party service. It will vary from provider to provider, but will likely involve adding MX records and TXT records. πŸ“©

Questions


Stephen DeLorme

stephen@delineator.media

delineator.media

@StephenDeLorme

@sbddesign

@StephenDeLorme