Intelligent DNS

Edit on GitHub

Azion Intelligent DNS is a domain hosting service that is part of Azion’s traffic routing solution. With it, your domains will be hosted on Azion’s distributed infrastructure, using the same performance and security solutions built for other Azion products, combining techniques to optimize requests with protection against DDoS attacks.

  1. What a DNS is
  2. How Intelligent DNS works
  3. Configuring Intelligent DNS
  4. Types of supported entries and recommendations for each
  5. Rules for filling in values
  6. Using wildcards
  7. Testing my zone
  8. Configuring Intelligent DNS to respond to my domains

1. What a DNS is - Domain Name System

As the name implies, it is a domain name resolution system. It manages to translate the name into an IP address so a connection can established with the destination that will provide the requested website content.

It is the DNS that allows you to type in a domain name instead of a string of numbers. In other words, DNS translates the string of numbers - IP - of the domain you want to access into words that form the URL you know.


2. How Intelligent DNS works

It’s designed for those that want high performance and high availability for their hosting and their domain. Intelligent DNS is an authoritative DNS solution, and allows the client to manage their domains, zones and records through a friendly and intuitive interface.

You can create ANAME type entries, which allow you to host and use naked domains with other Azion products.


3. Configuring Intelligent DNS


Creating a Hosting Zone

  1. Go to Real-Time Manager, access Edge Routing > Intelligent DNS menu. You will see the main interface where you can create and manage your zones;
  2. Click the Add Zone button and fill in the following fields:
    Name for zone: Identifier for the newly created zone of the domain. This field is free text. You can enter text in whatever form suits you best; Domain: You can only enter the Naked Domain in FQDN format, in this field. E.g.: mydomain.com;
    Active: This flag indicates whether the zone is active and therefore whether the Intelligent DNS should respond to it or not. Deactivated zones are ignored in DNS responses;
  3. Click the Save button to finish.

Creating Records in your zone

Create and edit entries for your domains as needed.

Go to Real-Time Manager, access the menu Edge Routing > Intelligent DNS. Choose the domain you want to manage. You will see the main interface where you can create and edit your zones. When you do this, you will see two tabs:

Main Settings

In this tab you can edit the zone’s name, the main domain, the DNS service status and you will also have access to the addresses of Azion’s authoritative servers - Nameservers that will answer the queries for your zone.

Records

In this tab you will see a list of all the records that are part of this zone. Click the Add Record button, to add a new record.

The window for adding records will open with the following fields:

Field Descriptiion
Name This description is the domain that you want to create. For example: “help”, in “help.azion.com”, or then “manager” in “manager.azion.com”.
Type This is the type of record that is being added, such as types A, AAAA, MX or CNAME, among other examples.
(see section - Types of supported entries and recommendations for each)
Value This is the DNS response to the registered record, such as an IPv4 address for example.
(see section - Rules for filling in values)
TTL - Time To Live This is the time a response can be cached for on a resolver server.

Click the Save button to finish creating your record.

From this point on, this set of information will be synchronized with the Intelligent DNS service. Your settings are saved and distributed to the Azion network practically in real time.

That’s it! Your domain is now set up and ready to be served by Azion’s Intelligent DNS. To make sure everything is working well, run some of the tests described in the section Testing my zone.


4. Types of supported entries and the respective recommendations that Intelligent DNS follows

** To provide record creation Intelligent DNS supports the following types of DNS entries.**

Type Referência
A RFC1035
AAAA RFC3596
ANAME draft-ietf-dnsop-aname-04
CAA RFC8659
CNAME RFC1035
MX RFC1035 e RFC7505
NS RFC2782
PTR RFC1035
SRV RFC2782
TXT RFC1035 e RFC1464

5. Rules for filling in values

Type Restriction rule Example
A It must be in IPv4 format

Maximum of 10 IP addresses (one per line).

Only valid IPv4 addresses are accepted as a response.
Name of zone: azion.com

Name of record: @ (or blank)

Value(s) of response:

192.209.210.67

198.199.105.93
AAAA It must be in IPv6 format

Maximum of 10 IP addresses (one per line).

Only valid IPv6 addresses are accepted as a response.
Name of zone: azion.com

Name of record: www

Value(s) of response:

2800:3f0:4001:815::2004
ANAME It must be in FQDN format

Only one domain for each ANAME type record.

Only the domains below from ‘azioncdn.net’, ‘azionedge.net’ e ‘azionedge.com’ are accepted.

It can coexist with records of the same name but of different types (MX, TXT etc.)
Name of zone: azion.com

Name of record: @

Value of response:

32082s.ha.azioncdn.net
CAA The value of the response must follow the format [FLAG] [TAG] “[VALUE]”.
Example: 0 issue “ca.example.net”.

It will not be possible to register a CAA type record, when the zone already has a CNAME type record.

N.B. the tool SSL mate can help when creating and querying.
Flag:
If the flag has a value of 0 (zero), all flags will be switched off. If the flag has a value of 1, the 0 bit (Issuer Critical Flag) is on, i.e. A CA must not send certificates for any FQDN, if the relevant record for that FQDN contains a CAA.

Tag:
The tags must be in lower case and must follow the naming convention in the RFC, Example: issue, issuewild, iodef.

Issue: it indicates that the CA of the ACM specified in the value field can send a certificate to your domain or sub-domain.
Issuewild: it indicates that the CA of the ACM specified in the value field can send a wildcard certificate to your domain or sub-domain.

iodef: it indicates that should the CA receive an invalid request for a certificate, it should send a notification to the domain owner. Use url (http/https) or mailto, e.g. “mailto:email@domain.com”, “https://url” and “http://url”.

Value:
The value must always be between inverted commas, e.g. “ca.example.com”, and the content will depend on the tag you use.
Issue: url or a sequence, e.g. “ca.example.net; account=123456” or “ca.example.com”
Issuewild: must use a domain with a wildcard e.g. “*.example.com”
iodef: a url callback or an email address, e.g. “mailto:email@domain”, “https://example.com/callback” and “http://example.com/callback”.
CNAME It must be in FQDN format

Only point it to another domain name, never an IP address.

It can’t be added at the level of the root domain.

Only one domain is allowed for each CNAME type record.

A defined host name in a CNAME record must not include records from other types of resources (MX, A, etc.)

CNAME records can point to other CNAME records, but this isn’t considered good practice, as it is inefficient.

If a CNAME record is pointing to a record in the same zone, Intelligent DNS will respond to all of them in just one query.
 
MX It must be in the format [PRIORITY] [ADDRESS].

Maximum of 10 IP addresses (one per line).
Name of zone: azion.com

Name of record: mail

Value(s) of response:

10 mailserver.example.com

20 mailserver2.example.com
NS It must be in FQDN format or an IP address.

Maximum of 10 addresses (one per line).

An NS cannot be configured by the main domain of the zone (naked domain).

It must point to the servers that have authority over that record.
Name of zone: azion.com

Name of records: ns

Value(s) of response:

ns1.aziondns.net

ns2.aziondns.net
PTR Reverse zones lined to IPv6 addresses follow other rules. See here for more information. 1- Create a new zone, add the following information for DOMAIN:
0.168.192.in-addr.arpa

2 - After creating the zone, you must create a type PTR record associated with it, with the following settings:

Name of record: 1

Value of response: www.exemplo.com
SRV The record name must have the following format: ‘_service._protocol.name’. Example: “_ldap._tcp.azionsrv”.

The response values must be in the format [priority] [weight] [port] [target].

Maximum of 10 records (one per line).

It must point to the host name that has an A or AAAA record.

Note: You must pay special attention to this, because Intelligent DNS will not validate this automatically.
Name of zone: azion.com

Name of record: _ldap._tcp.azionsrv

Value(s) of response:

0 60 5060 bigbox.example.com
TXT Limited to 100 characters.

Text that is separated by ENTER is considered as differente responses by Intelligent DNS
Name of zone: azion.com

Name of record: txt

Value(s) of response:

This domain name is reserved for use in documentation

“printer=lpr5”

“favorite drink=orange juice”

6. Using wildcards

A wildcard record is a record that responds to DNS requests by domains that you haven’t defined yet. You can create them for any type, inserting an asterisk (*) in the record name. For example, imagine that you have the following configuration for a zone whose domain is “example.com”:

Name Type Value
www A 192.168.0.1

192.168.0.2

192.168.0.3
* A 1.1.1.1
*.wildcard A 2.2.2.2

This means that:

  • if the query is made by www.example.com the response will consist of 3 IP addresses: 192.168.0.1, 192.168.0.2 and 192.168.0. N.B. It isn’t a wildcard, but it is given priority for the response because it correctly meets the record that is queried;
  • if the query is made by ghost.example.com the response will be according to the wildcard it found. I.e. The response will be: 1.1.1.1;
  • If the query is made by another.wildcard.example.com the response will be according to the wildcard it found this time, i.e. The response will be: 2.2.2.2;
  • if the query is made by wrong.record.example.com the response will have no value, because there is nothing that corresponds to this structure.

Restrictions on the use of wildcards

Only the left-most asterisk followed by a dot will be considered a wildcard. All other asterisks, if any, will be considered as valid characters.

Asterisks located further to the left that are not followed by a dot will not be considered wildcards.

It is not allowed to use wildcard characters in SRV type records because it requires a standard format in its name.


7. Testing my zone

If you have already set up Intelligent DNS as you want and you now want to test it to see if it is processing your information properly, you can test it using the following tools:

DIG

The “dig” - domain information groper - is a network administration command-line tool for querying the Domain Name System (DNS). It is useful for network troubleshooting and for educational purposes. It can operate based on command line option and flag arguments, or in batch mode by reading requests from an operating system file. When a specific name server is not specified in the command invocation, it uses the operating system’s default resolver, usually configured in the file ‘resolv.conf. Without any arguments it queries the DNS root zone.

It is a component of the domain name server software suite BIND and, in practice, replaces older tools, such as “nslookup” and “host”. However, the older tools are still used in complementary way.

To test Intelligent DNS, you should use one of the nameservers listed on the Main Settings tab of your Azion registered zone.

For example, imagine you have the following settings:

Name Type Value TTL
www A 192.168.0.1

192.168.0.2

192.168.0.3
3600

To check how Intelligent DNS handles a type “A” query, registered to the “www” record, type the following command:

  > dig A www.example.com @ns1.aziondns.net 

The response to this will be:

 ; <<>> DiG 9.10.6 <<>> A www.example.com @ns1.aziondns.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46329 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION: www.example.com. 3600 IN A 192.168.0.1 www.example.com. 3600 IN A 192.168.0.2 www.example.com. 3600 IN A 192.168.0.3 ;; Query time: 22 msec ;; SERVER: 179.191.160.2#53(179.191.160.2) ;; WHEN: Thu Sep 12 13:13:14 -03 2019 ;; MSG SIZE rcvd: 137

HOST

Host queries the DNS, converting domain names into IP addresses and vice-versa. If no argument or option is provided, the host prints a brief summary of the command line options and arguments.

For example, imagine you have the following settings:

Name Type Value TTL
www A 192.168.0.1

192.168.0.2

192.168.0.3
3600

To check how Intelligent DNS handles a type “A query, registered to the “www” record, type the

> host www.example.com ns1.aziondns.net

The response to this will be:

Using domain server: Name: ns1.aziondns.net Address: 179.191.160.2#53 Aliases: www.example.com has address 192.168.0.1 www.example.com has address 192.168.0.2 www.example.com has address 192.168.0.3

NSLOOKUP

Nslookup is a tool, common to both Windows and Linux, used to obtain information about DNS records for a particular domain, host or IP.

For example, imagine you have the following settings:

Name Type Value TTL
www A 192.168.0.1

192.168.0.2

192.168.0.3
3600

To check how Intelligent DNS handles a type “A” query, registered to the “www” record, type the following command:

 > nslookup www.example.com ns1.aziondns.net

The response to this will be:

 Server: ns1.aziondns.net Address: 179.191.160.2#53 Name: www.example.com Address: 192.168.0.1 Name: www.example.com Address: 192.168.0.2 Name: www.example.com Address: 192.168.0.3

8. Configuring Intelligent DNS to respond to my domains

In order for Intelligent DNS to become the authority over your zones, you must point it at your DNS registry. (registro.br, GoDaddy, AWS Registrar, etc)

To point to your registration DNS, use one of the nameservers listed in the Main Settings tab of your Azion registered zones.

It is important to verify that all your records are properly registered and tested at Intelligent DNS before making this appointment. Otherwise you run the risk of having your service unavailable.


Didn’t find what you were looking for? Open a support ticket.