Ref: https://learn.cantrill.io/courses/1820301/lectures/41301636 [SAA-C03]
DNS Resource Records and RRSETs
- Hosted in the name servers (NSs) of a DNS zone
- 🔧 Contain information that DNS clients may query about the zone
- Types of records:
- Copies of resource records are stored/cached in DNS resolvers and local machines
- Number of queries to the DNS zone greatly reduced via non-authoritative caching
- Cached records have a time-to-live (TTL)
- Resource records of the same name and same type are stored in one RRSET
-
RRSET = Resource Record Set
-
Facilitates administration of resource records
-
In this diagram, the icann.org zone has 7 resource records and 4 RRSETs:
Time To Live (TTL)
- ❗When TTL expires (i.e. TTL=0), a non-authoritative cached record is stale, no longer valid
- Querying a record with expired TTL requires a new authoritative answer from a zone NS
- If a zone changes records, it will take time for changes to propagate throughout the Internet (until all cached records expire)
- ‼️ During this time, DNS clients will have cached records that are wrong → usually leads to system failures!
- ❗ Setting a TTL involves a trade-off:
- ↑ TTL = less queries to NSs, but less flexibility when updating projects & records
- ↓ TTL = more flexibility when updating projects & records, but more queries to NSs
- 💡 DNS issues are very common in project failures. It's recommended to lower the TTL days & weeks in advance of changing/updating product to avoid these problems.
Name Server Records (NS)
- 🔧 Indicate which Name Server is authoritative for a specific domain
- i.e. which DNS server contains the actual DNS records of the domain
- 💡 A domain often has multiple NS records (can indicate primary and secondary NSs)
- ‼️ Point to other Name Servers (NSs), they never point to CNAME records!
- Allow delegation → they point to the NSs of the next step in the DNS hierarchy
- e.g. The NSs of the
.com zone contain NS records for amazon.com, which point to the NSs that host the amazon.com zone.