Avoid School Communication Issues With Proper DNS Setup

DNS, or the domain name system, is an often-misunderstood part of everything your school website does. Most school IT administrators set up some basic items for their DNS, and never think about it again in detail. As someone who manages websites for a living, the DNS system is a vital piece of my job. As an IT professional, understanding and using DNS can help you prevent outages, SPAM, and other things that keep you from your weekends.

Any service that uses a domain name relies on DNS. Your school’s email, websites, and applications all can be affected by failed or misconfigured DNS. With this post, I'm going to review what DNS is, and some pointers on how to use it to keep your school web communications problem-free.

What is DNS?

Every device that connects to the internet needs an IP address to access. DNS lets us all use friendly, text-based names like www.mapledaleschools.edu or innersync.wpengine.com to find the IP address rather than plugging in the numeric address. DNS is like the phone book of internet devices.

So how does DNS know where to look? At the core of the internet are the root level DNS servers. The root level servers carry the information to find the authoritative DNS server for a domain. When you work with DNS, you will interact with two different servers. The first is your registrar, where you enter the location of your domain’s authoritative DNS servers. The second server you use is your authoritative DNS server, where you map names to IP addresses.

So how does it work when you enter, for example, innersync.wpengine.com into your browser? The browser asks your computer to make a DNS lookup. All your computers have a DNS server to look up requests. Your computer makes a connection to the DNS server, and asks for "innersync.wpengine.com." The lookup server then asks a root level server for the authoritative server for the domain schoolnow.com.

For schoolnow.com, the first authoritative DNS server is 204.12.76.1. The lookup server then asks the server 204.12.76.1 for the IP address listed for innersync.wpengine.com. The lookup server then answers your computer 45.33.114.217, and your browser then opens that IP address. The mind-boggling part is that this transaction happens in milliseconds – and every time you access a domain. There are billions of IP addresses in use, and over 254 million domains registered.

So how do you use DNS? First, you use the root level system if you ever moved DNS hosts. Root level changes want the name of two or three DNS servers that will hold your domain information. Second, you need to maintain a zone file on your authoritative DNS server with all of your domain name mappings.

MX Toolbox is a handy resource to to take a look at your DNS setup. You simply enter your domain name, and it will check for common misconfigurations, and show your current authoritative DNS servers.

Types of DNS records

The DNS can hold five types of records. The use of these five records spans the entire internet. I find that many people – even experienced IT administrators – misunderstand these records and how to use them.

• Host record – Also known as simply a record, a host record links your domain to the physical IP address of a computer hosting that domain's services. (e.g., innersync.wpengine.com to 45.33.114.217)
• CNAME record – links an alias name to another true or canonical domain name. (e.g., innersync.wpengine.com to schoolnow.com)
• NS record – determines which servers will communicate DNS information for a domain. (e.g., the first NS record for schoolnow.com is ns1.lnhi.net)
• TXT record – provides text information to sources outside your domain, that can be used for many purposes. TXT records can be either human- or machine-readable text. (e.g., Google asks users to verify a domain by creating a TXT record that looks like this: "google-site-verification=rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbLOPY")
• MX record – directs a domain's email to the servers hosting the domain's user accounts. MX records have a preference number, which goes from lowest to highest. Other mail servers attempt to send mail to the lowest preference, and move up the preference ranking if a server doesn't respond. (e.g., the first MX record for schoolnow.com has a preference of 10, and points to aspmx.l.google.com. We use Google Apps for email.

How schools can use DNS records

So how do you use these records? We map resources with A and CNAME records. We create an A record for a mail server, then use the A record in the MX setup. NS records are created by our registrar, and we rarely touch them.

TXT records have two specific uses that can benefit your school:

• SPF – Sender Policy Framework. Do you have people sending forged email with your domain name? SPF is a standard that enables you to safely publish the IP addresses and servers that are allowed to send email as your domain. Microsoft offers an easy-to-use 4-step tool for creating an SPF record for your DNS domain. Use it to safeguard against email abuses, and don't forget to add your website, your newsletter tool, and anything else that sends email.
• Domain verification – Google, Office 365, and other services use a TXT record to verify you manage a specific domain name. Google will give you a long string to add as a TXT record.

Master your school domain

DNS is often neglected by schools until something fails, or needs to be moved between providers. Understanding how DNS works – tracking the entire path of that URL you type into your browser as it winds through servers – is your first step to protecting your school data. Configuring your website and servers accurately will help you avoid and diagnose problems.

Knowing these basics of DNS will also make it easier to work with third-party applications and services like Google Apps for Education, Office 365, and others. If you want to learn more about DNS and its impact on your school website, take a deeper dive in a Digital Ocean article by Justin Ellingwood.