SPF record – What is it?

SPF record explained.

SPF record stands for Sender Policy Framework record is a DNS (Domain Name System) record that specifies essential information for a domain name. It points to the outgoing mail server that is responsible for the particular domain. The MX (Mail eXchanger) record serves to show which email servers are responsible for the incoming emails for the domain. On the other hand, SPF records indicate which email servers qualified for sending emails on behalf of the domain name.

Let’s say you want to send an email to James@example.com. But, first, the incoming mail servers of example.com are going to check your domain name. Then, they are going to look for the SPF record and follow the rules that are set by it. Your email is going to be successfully received only in the case the SPF record is present. In another case, your email could end in the SPAM box of your recipient.  

How does it work?

With SPF records, domain owners are able to make a public list containing all of their authorized senders, which are the outgoing mail servers and their IP addresses. Thanks to that list, servers that receive emails are able to verify if the email is delivered from an authorized server to communicate on your company’s behalf. If that message is not received from some of the servers included in the list, the server receiving the email will consider it fake. 

Establishing rules with SPF record

The rules are based on two main groups. The first one is the qualifiers, and the second one is the mechanisms of the SPF record.

The SPF qualifiers are:

  • “-” That minus symbol indicates FAIL. It is a warning that messages coming from the domain must be rejected. 
  • “~” That tilde symbol indicates SOFT FAIL. The signal here is when a message comes from the domain, it should get a failed tag, although it can also be allowed.
  • “?” The question mark symbol indicates NEUTRAL. The signal, in this case, is that there are no policies involved (none).
  • “+” The plus symbol indicates PASS. Messages, which are coming from the domain are signalized that they should be accepted. 

The SPF mechanisms are: 

  • ” all” – All mechanisms after that it will be ignored.
  • ” include” – It provides you the opportunity to include more other domains that are able to send emails from the mail servers of the domain. You can unite example.itexample.co.uk, and example.de to send from example.com.
  • ” a” – When you pick it, then the A or AAAA records will require to get a match with the return path, and emails can be allowed.
  • ” mx” – When you select it, then an MX query requires to be completed and to get a match with the return path. If there is a match, then it is going to be allowed. 
  • ” ptr” – When you select it, then a PTR query requires to be completed and to get a match with the return path. It is allowed only if they match.
  • ” ip4” – This is going to review only A records (IPv4 addresses) to examine if they correspond to the domain.
  • ” ip6” – This is going to review only AAAA records (IPv6 addresses) to examine if the IP addresses match the domain.
  • exists” – This is for more complex queries.

DNS resolution – overview

Have you ever wondered how you can access so easy, so fast, a website on the Internet? 

If you get curious about how this magic happens, DNS resolution is the clue you need to follow.

What is DNS resolution?

Domain name system (DNS) resolution is the process of translating the domain name you type into your browser into the corresponding IP address of that domain. Without the IP address, the domain you search for can’t be located and loaded.

A domain name can have more than one IP address. For instance, it can have one IPv4 and one IPv6. During the DNS resolution, both will be requested. Or it can have multiple IPv4 (or IPv6) addresses, and when the DNS resolution process gets triggered, it will be enough to get one of those addresses to serve the domain.

The reason for this necessary translation emerged decades ago. When the Internet was young, hosts were searched using their IP addresses and stored in a manually updated Host file. Humans could still memorize those numbers (example: 230.115.1.16), but it was not simple. Still, to search this way was possible because there were a lot fewer devices than currently. 

The Internet succeeded, domains got multiplied, and the use of IP addresses got really hard for humans. Therefore, the domain name system (DNS) was created (1983). Instead of using a manually updated Host file with IP addresses, humans could type a name like todaynews.com. 

Then, IP addresses are used by machines, domain names by humans. 

How does DNS resolution work?

Fasten your belt because we are about to get inside the big DNS machinery, and the trip will take milliseconds!

Everything starts when a user requests a domain name (todaynews.com) inside the browser. The DNS resolution is triggered! The domain name has to be translated into its associated IP address to be loaded. The request will be taken by the expert searcher of IP addresses: a DNS recursive server.

If it’s not the first time the user visits this domain, there’s a chance that the DNS recursive server still has it on its cache. These servers’ cache gets configured with a specific TTL (time-to-live) value that establishes the period of time to store data. Once the TTL expires, an update will replace the previously stored data. Then, if the DNS recursive server has the IP address, the process will last a blink of an eye. The translation will happen immediately, and the requested domain (todaynews.com) will be loaded. 

But, if it’s the first time this domain is requested, or if its IP address is not available in the recursive server’s cache, it will have to ask other servers for it. 

First, the DNS recursive server will ask the Root server. It will check the TLD (top-level domain) of the requested domain (.com in our example). Then it will point to the DNS recursive server, the corresponding TLD server for the domain. Both servers will communicate, and the TLD server will point to the right authoritative nameserver, so the recursive can request the IP address.

The recursive server will reach the authoritative one, and this last will provide the IP address. The user’s request will finally be answered by properly loading todaynews.com. The DNS recursive server will store the IP address in its cache. 

Conclusion.

We are very used to the web, and sometimes we take it for granted. But behind every search, there’s a massive process taking place for loading your domain or for you to access that e-shop, news site, social network, etc. And the complete DNS resolution process happens in milliseconds! Amazing, isn’t it?

What does DNS cache mean?

The Domain Name System (DNS) is a keystone for the Internet to work as well and easily as it does for users. But to be vital means, it’s always busy, hard demanded and sometimes, even stressed.

Balancing this and not risking the important mission DNS has, different mechanisms and technology have been developed to make some tasks easier. The objective is to reduce work for the system and devices and accelerate the answer to users’ requests. 

And that is the case with DNS cache!

What does DNS cache mean?

The DNS cache or DNS resolver cache means the temporary cache memory that DNS recursive servers (resolvers) and devices like your computer or mobile have to save the DNS records from the domain names you have already requested. 

Those DNS records are domain names’ and subdomains’ IP addresses (A for IPv4 addresses and AAAA for IPv6). Records related to their verification, authentication, mail servers, etc. They will remain in the DNS cache only the time that their TTL (time-to-live) establishes, not permanently. 

Let’s say it is a mechanism to avoid the multiple repetitions of a DNS lookup to get the necessary IP address for loading its corresponding domain name every time the user requests it. Instead, they could be multiple DNS lookups to serve the same domain name.

Think about the time and effort that can be saved if that information remains handy for a while. The answer to the users’ requests can be executed faster and resources better optimized.

How does it work?

Simply, the operating system (OS) keeps a temporary database on the memory of the server or other devices. 

Then, a user requests a domain name for the first time. The DNS resolution process gets triggered. The user’s browser sends the request. A resolver DNS server gets this to look for its corresponding IP address. 

This search will start with the resolver asking the root server, which will point to the TLD server for the requested domain. The resolver will then ask that TLD server, which will answer, pointing the authoritative name server in charge of the requested domain. This last will be the provider of the IP address for the resolver. Then, finally, the resolver will answer the user’s request while sending its corresponding IP address for the domain to be served and visited by the user.

Together with more domain DNS records, this IP address will be saved on the database we mentioned (cache). Both in the resolver cache and in the device cache. The next time the user requests the same domain name, to load it will be faster and easier. A new DNS lookup won’t be needed. The information will be found directly in the DNS cache.

This will happen with every domain requested. And based on the TTL value established on each DNS record, they will be more or less time available directly on the cache. Once the TTL expires, a new lookup will occur if the domain is requested again, and its results will be kept in the cache. 

What is DNS cache poisoning?

Unfortunately, cybercriminals already know very well how useful DNS cache is, and they have created a way to take advantage of its functionality.

DNS can be poisoned by inserting IP addresses or domain names into it for directing users to dangerous destinations, usually malicious websites. 

The DNS cache can get corrupted due to technical issues or administrative errors, but sometimes its corruption means criminal activity in progress. You can clear the cache regularly to prevent this risk. 

Why is the DHCP server used?

The DHCP server is one of the really beneficial components when we are speaking for an extensive network. It can significantly reduce the number of errors made when a network administrator has to assign IP addresses manually. Let’s explain a little bit more about it and why it is used!

DHCP server – What does it mean?

The short DHCP server stands for Dynamic Host Configuration Protocol server. It is a server that automates different tasks and network configurations. This server relies on the standard DHCP protocol inside a particular network. Some examples of implementing the DHCP server are assigning Internet Protocol (IP) addresses to various devices, default gateways, subnet masks. 

When you have a DHCP server, it is going to serve the queries of the clients automatically. Furthermore, it is going to provide them all required parameters and configurations to achieve communication on the network without any difficulties.

In case you don’t have a DHCP server, these kinds of tasks are going to be a responsibility of the network administrators. They will have to serve those requirements of clients to join the network, all of it performed manually. In more extensive networks, this could be a full-time job. 

Why use a DHCP server?

The process of supplying, administrating, and renewing IP addresses will become automated and dynamic. You just have to set up your particular preferences on the DHCP server. As a result, the process is going to operate without the need for any permanent further supervision.

Human mistakes are lead to a minimum, and automation helps with it. Every device, such as a smartphone or a computer that wants to connect successfully to a particular network requires a unique IP address. It is not possible for one IP address to work at the same time for several devices. 

The connection is not going to be achieved. Leases require to be monitored and renewed. Endpoints need to be modified, etc. Such tasks are capable of overwhelming the most prepared administrators if they have to perform them manually. The high number of demands can transcend them and lead to mistakes. Effectively this can be avoided with DHCP.

The process of configuring, modifying, and upgrading is pretty simple. The settings are going to be saved and propagate for everything to operate without any difficulties.

How does it work?

the Dynamic Host Configuration Protocol process has four main stages:

1. Discover. The client of the DHCP is going to distribute a message. This message includes information that it is on the network and that it requires an IP address.

2. Suggestion. The DHCP server receives the discover message from the client. It is going to proceed with suggesting an available IP address from the IP pool that this DHCP manages. 

3. Request. The client is going to get the DHCP offer for an IP address and also has to accept it. As the next step, the client sends a request to accept the given IP address back to the Dynamic Host Configuration Protocol server. 

4. Confirmation. The DHCP server receives the request. So it records it with details like, what IP address was given, to which MAC, and for how long. Then, it is going to confirm it and send the full network data required, such as DNS server, subnet mask, gateway, etc. 

Creating a website – 4 basic steps

Creating a website is an easy process. Follow these 4 basic steps, and you will get your site up and running in no time.

​1. Register your domain name

If you already have a business going on, this might be an easier task. Try to find an available domain name, similar or the same as your company’s name. Don’t try any misspelled version of your brand because this might confuse your clients. There are plenty of gTLDs. Don’t limit your search to just .com. You might find a very good option with a new one. Just pay attention to the register and the renewal fees.

If your business is new, then think about a short and memorable domain name that could become your brand. Think about keywords that are related to your business, products, or services and try different combinations. Find a great one and get it from a domain registrar.

Think about from which country the registrar is. If it is not from yours, there might be different taxes applying.

​2. Find a web hosting company

The second step of creating a website is to find the right web hosting. Now ask yourself, what is the purpose of the website? Is it just your company’s web presence, or will it be an e-commerce site?

Think about how many resources you need, and it won’t be so hard to choose the right type of web hosting.

A shared web hosting is usually good for a basic site with not so many visitors.

If you want to run an online shop, it would be better to choose VPS (virtual private server). It will have dedicated resources for you that you don’t share with the rest.

There are also various cloud solutions, but you should check what exactly do they promise. For example, are there dedicated resources, or will you share everything with your neighbors?

It is also important to think about the physical location of the server. As closer it is to your potential clients, the better.

Web hosting from your country might be a good choice.

​3. Prepare your content

Here you have 3 choices:

  1. First, do it yourself. You can think about the structure of your site – menus, categories, articles, texts, items, products, etc. Write the content following SEO rules and content structure. Find images that you can legally use for your needs.
  2. A variant is to use a digital agency. A company that is dedicated to creating websites and content for them. This option might be better, but it might cost a lot, so think it well.
  3. Hire a freelancer. There are many available writers out there that will charge a lot less than an agency, and there is a good chance it will be better quality.

Whatever you decide, you still need to be engaged in the content and work to get it right.

​4. Build your website

Again the same 3 options will be in front of you:

  1. Do it yourself. It is fairly easy to install a content management system like WordPress. Then you can expand the functionality with extra extensions and make it pretty with a custom theme. It takes some time, but in general, most people can do it.
  2. Agency. You can get a complete deal of content, website building, and digital marketing together. Everything to create a website and start using it right away. Again, just think about the price and don’t get surprised at the end.
  3. Freelancer. There are freelancers who only create sites. If you are thinking about a custom website with unique features or designs, this option might be the best one. Find references for the person you are hiring and not blindly trust them.

So, what are you waiting for? Go and create your website today! Your clients are already waiting for it!

​What is a DNS outage?

Imagine this. You are an owner of a large e-commerce site. It is Black Friday, the biggest online promotion that you have, and you are eager to see how the site is going on. You type your domain name into your browser and… “Oh no!” “It is not opening. This is a disaster!” What is going on! You are experiencing a DNS outage that might completely devastate your promotion!

​So, what is this DNS outage?

DNS outage is the time when your DNS is not functioning for some reason (your nameservers were attacked, or they were saturated with too strong traffic, etc.), and that does not allow the domain resolution of your domain name to its IP address. The DNS resolution is the first step to enter a site. The browser won’t know where your website is hosted without it, and it can’t find its content.

All the visitors trying to resolve your domain will get an error message and won’t be able to access your site.

In a simple term:
The DNS outage is when your potential visitors enter your site name (domain name) into their browser and don’t get redirected to its IP address.

​Why is it bad?

If the DNS is down, nobody will be able to visit your site, and all the services related to the domain name, like emails, won’t function correctly. You will need to get it up and running again to get back all the temporary lost functionality.

During this time, you can:

  • Miss potential visitors.
  • Lose potential sales.
  • Have problems with services like email, FTP, VoIP, etc.
  • And more.

​What causes DNS outage?

  • Human error. Don’t be surprised. Most of the mistakes in Tech are human errors. For example, somebody didn’t configure the DNS records properly. Another performed a DNS migration badly, and so on. There are plenty of problems that could cause it. 
  • Hardware problems. If you are using your own server for DNS, any hardware failure could bring your server down and all the services that it provides. That is the risk of having your own server. 
  • DDoS attack. A Distributed Denial of Service attack is targeted traffic going your way with the purpose of taking out of service your server or servers. There are plenty of DDoS attacks in the last years, and their popularity is just increasing. They are getting stronger too, so the future does not look very pinkish in this aspect.

​Could I have prevented the DNS outage?

Of course, you could have prevented the DNS outage, and there are different measures that you can take to prevent future DNS downtime:

  • Secondary DNS. The easiest solution that could save you in most cases is to use a secondary DNS service. Preferably with another DNS provider. The secondary DNS will allow you to have other authoritative DNS servers that could still respond to queries, even if the Primary DNS is down. The more, the better.
  • DDoS protection. Many of the times that you are experiencing a problem with your domain name, the reason is a DDoS attack. Unfortunately, those traffic attacks have become cheap, and it is common that cybercriminals, sometimes paid by your competitors, are bringing down your domain. Get DDoS protection for your DNS servers that can resist strong traffic.
  • Load Balancing. You can organize your nameservers to use a load balancing method and redirect the traffic between them. That way, you can be sure that the weight is not falling on one of them. Spreading heavy traffic will improve the performance and the resilience of your DNS network.

Shared hosting explained

Do you have a great online business in mind? You can already visualize the website, its functions, its design… Well, without a web hosting service, it won’t be possible on the Internet. 

Yes, websites are available online because they are hosted on a server. Therefore, one of the necessary steps to start your business is to choose the type of web hosting that best suits your needs and a provider. 

Why do I need web hosting?

If you are still wondering why, the reason is that a site is created from many elements: codes, themes, database, text, images, videos, etc. And for all of them to be available online as a website, they have to be stored on a server connected to the Internet.

And that’s exactly what a web hosting service means, a vendor that provides you the space you require for storing all the files that integrate your website. Once hosted, every person with an Internet connection can visit it.

What is shared hosting?

Shared hosting is the type of service in which your website will be saved in a server with many other websites. The server is not only for you. Its space and all the resources it offers (RAM, storage, processor, bandwidth…) are shared by all the websites living in it.

Providers offer different types of web hosting and a variety of plans. Based on what you choose, the resources and possibilities your website will have.

Advantages of shared hosting.

  • Cost-efficient. Sharing the server’s space and resources with other websites means sharing the cost too. In general terms, you can get this service by paying an average, 3 to 10 dollars per month for a basic plan. Initial prices can be really cheap, but always check regular prices before signing a contract. Sometimes, the initial cost can go double or higher after the first year. 
  • User-friendly. Not only to set it up but also to manage its features can be a matter of just a click. You don’t have to be a professional developer to manage it. If you are, for sure you can easily make the best out of each of its possibilities. 
  • Built-in features for easy managing the website. cPanel, DNS management, and many more tools make it easy for you.
  • Maintenance is not on you. The time and cost of technical maintenance can be harsh for some budgets. Your provider is in charge of that task. Helping you prevent and fix issues is not a minor advantage. 
  • Customer support. Most of the providers of shared hosting include basic customer support for you. Depending on the company you choose, its quality, plans, etc., support can be basic or more advanced.

Disadvantages of shared hosting.

  • Shared resources. While living with hundreds or more websites, all the technical resources will be shared. The websites can be very different between them. Some can take much more RAM or CPU, and that definitely can affect your website’s performance.
  • Security issues. Sharing also can mean sharing risks. A neighbor site can be attacked, and its disgrace can reach your website too. Once a vulnerability is broken, one, many, or everybody’s security could be compromised.
  • No root access. The service is designed for being easily used, basically through the cPanel. Customization in this sense has limits for clients. Your provider is in charge of the biggest changes the system requires, updates, maintenance, etc.  

Conclusion.

Shared hosting is a popular, affordable, and reliable alternative. Analyze in detail the needs of your business. Then you will know if it’s or not what you need to succeed. 

Top-Level Domain (TLD) explained.

One of the fundamental things you will face if you want to start a website is the domain name. Of course, you have lots of TLDs to pick from! Yet what precisely are the TLDs? Is there a method to determine the most suitable one for your website? Let’s explain a little bit more about it.

What does TLD mean?

TLD is the short acronym for top-level domain. In the Domain Name System (DNS), it is the second level from top to bottom. TLD is interpreted as the last element of a Fully Qualified Domain Name (FQDN). It stands after the domain name divided with a dot “.”.

The Domain Name System is international and saves a lot of effort for Internet users. The purpose of it is to translate domain names to IP addresses.

The DNS has a tree-like structure. On the top are the root servers, next are the TLD servers, and then the domain nameservers.

The IP addresses of all TLD nameservers are stored in the root servers. In addition, the top-level domain servers hold the IP addresses of the nameservers of every domain name they are answerable for.

In the example, nameservers responsible for .com TLD will hold the coordinates of yahoo.com, google.com, and so on. 

Varieties of TLD

There are two main varieties of TLD – gTLDs and ccTLDs.

The gTLD is short for generic top-level domain. In this group of domain names exist hundreds of examples, so some popular ones are .net, .com, .info, and more. The reason why they are named generic is based on the fact that they are not related to any country. Also furthermore, all of them are possible to express various kinds of aims. For example, .info stands for information, .com is representing commercial, and so on.

It is possible, individuals or businesses to form a new register with a brand-new gTLD. The way is to comply with the Internet Corporation for Assigned Names and Numbers terms, and also they have to pay a certain fee.

The acronym ccTLD is or country code top-level domain. There exist a particular TLD for any country. Probably you have seen such examples as .de for Germany, .cn for China, .mx for Mexico, etc. To be able to register a ccTLD, you perhaps would need to have a working permit or living in the particular country that you desire to implement the ccTLD. These TLDs are going to work excellent if you own a company in a specific country. Your targeted audience is going to see it right away.

Who’s accountable for managing TLDs?

This is ICANN. Behind this short abbreviation stands for the Internet Corporation for Assigned Names and Numbers. It is a non-profit organization that is the one responsible for managing the TLDs. That is possible by the IANA. Another short abbreviation, which is for Internet Assigned Numbers Authority.

Simply put, the IANA is a department of ICANN.

Furthermore, ICANN/IANA delegate some of the responsibilities for certain TLDs to diverse companies.

IPv6 explained

What does IPv6 mean?

IPv6 is the latest version of Internet protocol (IP). These protocols are sets of rules for the devices. They are needed to achieve sending and receiving information. The exchange of data happens between a host and a recipient, which is another host. To succeed in the communication, these hosts have to be identified. Their location can be tracked with the help of their corresponding IP addresses. So, the route is established, and the exchange of data can be performed.

An interesting fact is that IPv6 is around for more than twenty years. The introduction was in 1995. The tremendous growth of devices wanting to connect to the Internet showed that IPv4 wouldn’t be able to fulfill such needs. Thus the IPv6 was created and ready to be implemented. However, people were not ready to stop using IPv4. It is a transformation that requires a long period of time to complete.

If you try to count the number of computers, smartphones, tablets, and Internet of things (IoT) that want to connect to the web, they request a unique and individual IP address every day. So, you could assume how significant is the role of IP addresses and also their daily supply.

How does the IPv6 address look like?

IPv6 addresses contain eight sequences of four hexadecimal digits. They are all separated by colons. Also, each sequence signifies 16 bits.

Here is an example with Google’s IPv6 address: 2607:f8b0:4004:0807:0000:0000:0000:200e

Why apply it?

  • You need IP addresses for domain name resolution if you have a website or a network. Perhaps you have an A DNS record, and you use IPv4 for now. Although sooner, it will accrue the need to migrate to AAAA record and IPv6.
  • Connecting several devices and IoT is much more easily. Usually, to accomplish this, you need a lot of IP addresses. To solve this, you have to use network address translation (NAT). It helps map several local private addresses to a public IP as a prior action to transfer the data. If you apply IPv6, you skip this step.
  • Suppose you want to set up network routing at your business or at home. You have to know that there is a chance that older devices may not support the new IPv6.
  • If you want to make several services available on the Internet. For example, application hosting, web hosting, etc.
  • IPv6 is 5G, and its structure is compatible with the future Internet. 

IPv4 vs. IPv6

  • Thanks to the 128-bit addresses, the new IPv6 can provide more than enough available IP addresses. 
  • Another great innovation is IPSec. It is a method of authentication, which encrypts the connection. Also, it validates the sender of the packets. So this allows the receiver to be able to check the data’s origin.
  • SLAAC – stateless address auto-configuration. When you are using IPv6 in a network, you can apply the SLAAC. It will provide a new host’s auto-configuration, and a DHCP server won’t be needed. However, DHCP can still be involved with IPv6 addresses also.
  • There is no more problem with the packets’ fragmentation. The previous IPv4 address experienced it and led to numerous difficulties.