Short for Domain Name System, DNS is the address of every page on the Web. When you type in a domain name, the DNS translates the words you typed into your browser and converts them to the address web servers can understand.
In this post, you will learn how vital DNS is, how to make changes, how you can influence DNS propagation, how to ensure your DNS files remain secure, and why moving to premium DNS services can take your WordPress site to a whole new level of efficiency.
Ready? Let’s dive in!
What Is a DNS?
If you type into your browser kinsta.com, the server where the Kinsta homepage is stored can’t understand English.
The DNS translates the domain name you typed into your browser into the IP (Internet Protocol) address. In the case of Kinsta, the DNS translates kinsta.com into 188.8.131.52. The IP address is the actual location of the Kinsta homepage on the server.
All web pages operate like this.
As remembering the IP addresses of a website is virtually impossible, DNS does all the hard work for you. And, of course, it makes the whole ecosystem of the Web much easier for humans to navigate. You will sometimes see the DNS referred to as the phonebook of the internet.
Types of DNS
There are several types of DNS records you may need to be aware of. The main records include:
You’ll spend most of your time editing your website’s DNS A record, as this record is used by IPv4 web addresses to point at a domain or subdomain. If the webserver where your site is located uses IPv6 instead of IPv4, you will need to edit your DNS AAAA record instead. If you’re not sure what IPv6 and IPv4 are, we’ll be covering them in the next section.
If you use subdomains, you use the CNAME record to associate these subdomains with their primary domain.
Connecting your website to the email service it uses is the job of the MX record. You use the record to assign a specific email service such as Gmail.
Spam continues to be the scourge of the Web. You use the TXT record to fight spammers who are looking for domains that are unprotected. Read more about email authentication here.
Essential Acronyms: IP and DNS
If you’ve never seen the IP address of your website, you can see your website’s IP address from your MyKinsta dashboard.
To show your website’s IP address, click the ‘Sites’ link on the left of your dashboard and then choosing the ‘Info’ tab which will reveal the basic information that enables your website to be located on the Web.
Also, if you haven’t yet, learn how to point your domain at Kinsta here.
Think about IP addresses like phone numbers. Eventually, we ran out of new numbers to give to customers, so we had to change how we organized the phone numbers in use. It’s the same with IP addresses. IPv6 gives us more IP addresses to hand out to new websites. As the Web continues to expand, IPv4 simply ran out of IP addresses!
You may have also heard there are dedicated IP addresses and shared IP addresses. A dedicated IP address is like your landline or mobile phone number; it’s unique to you and your website.
A shared IP address, as its name suggests, is shared by several websites. Shared IP addresses are common with websites that use WordPress. It’s important to understand that a shared IP address doesn’t mean your website is sharing other resources as well. Kinsta uses LXD managed hosts and LXC software containers.
How DNS and Nameservers Link Together
OK, now you have a clear understanding of what your website’s IP address is and, how this relates to DNS, the next thing to consider is your website’s nameserver.
A nameserver is essential as it’s part of the bridge that connects your website’s domain name with the IP address where your website is located on its web server. You might also hear nameservers called authoritative DNS servers.
To find a website’s domain, the browser your visitor is using will use DNS to find the domain’s nameserver. The query actually asks for something called the A record. The A record contains the IP address of the webserver. Note, if your web server is using IPv6 and not IPv4 addresses, the DNS AAAA record will be used instead of an A record.
Often the nameserver will initially be the nameserver used by the domain registrar you used when you bought the domain name your website is using. The general advice is to change the nameserver to the nameserver used by your website hosting service. You make this change by editing your website’s DNS file.
The nameservers are like traffic police directing the traffic across the Web and ensure that the right domain is delivered to the browser your website’s visitors are using.
Don’t forget, once you have changed your nameserver to the one your hosting service uses, any future changes to your DNS are on your host’s nameserver, not your original domain registrar’s nameserver. If you’re not sure which nameserver your website is using, you can check with the Whois lookup tool.
What Is DNS Lookup?
Think about the last time you searched for a website. The time it took from the moment you hit the enter key to the website appearing in your browser has a lot to do with DNS lookup. As you already know, the faster your website can be served to a visitor, the better.
As you’ll remember, when someone types your website’s domain name into their browser, the location of your website has to be found. The DNS file associated with your website contains that information including the nameserver and IP address.
If you’re asking yourself if you have control over DNS lookup speed as you do over other factors that affect the performance of your website, you’d be right. In fact, reducing the speed of DNS lookups can be achieved in several ways.
What Is DNS propagation?
Now that you have the background knowledge you need, we can now take a closer look at what DNS propagation is and how you can influence its performance.
When you make a change to your website’s DNS, the changes you make such as pointing your site to a new hosting service, don’t happen instantaneously. The update (propagation) can take varying amounts of time to complete. This is called DNS propagation.
There is no set time for DNS propagation to complete, as there are too many variables relating to many aspects of how your site is constructed and hosted. A good example is TTL or Time To Live. TTL has a fundamental impact on the performance of your website. The TTL value associated with a DNS record will have a profound effect on the speed of DNS propagation.
How Long Does DNS Propagation Really Take?
By default, most TTL for your DNS records will be set at a time interval of between 1 to 4 hours. For example, when you point your domain at Kinsta, you have the option to set the TTL.
Kinsta recommends setting the TTL of your website to 1 hour, which also happens to be the time set by default. This will ensure your website’s load time is as low as possible.
Nameservers can also have an impact on TTL values, and therefore, the load time of your website. Kinsta does not influence the speed of DNS propagation.
However, if you are moving your domain to Kinsta, making the change to a low TTL before you start the migration will ensure the changes are completed (propagated) as fast as possible.
How Do I Know If My DNS Is Propagating?
As the Web is hosted across a massive network of servers that make up the Internet, your website’s DNS records could be cached on many servers. It’s important to remember that propagation will only be complete when all these cached DNS files have been updated.
This is why in some cases, DNS propagation can take anything from a few hours to several days. Bear this in mind when making changes to your DNS file that might be time-sensitive and impact the performance of your website.
If you want to check if DNS propagation has changed, there’s a handy tool whatsmydns.net you can use.
Pointing Your Domain to Kinsta
One of the practical uses of your website’s DNS file is if you want to change hosting services. For example, if you wish Kinsta to handle your WordPress hosting, you have a couple of options when pointing your domain at Kinsta:
Your first option is to use the A record of your DNS.
Your second option is to use nameservers. This is a Premium DNS which we’ll come to in a minute.
The second option gives you much more control over your DNS. Kinsta uses Amazon Route 53 – a global Anycast network – that ensures your website has maximum uptime with low latency to deliver world-class speed and performance. Amazon Route 53 premium DNS is included for free with all plans.
Troubleshooting: How to Flush Your DNS Cache
You’ve made some changes to your website’s DNS file and checked DNS propagation has completed, yet your website isn’t performing as you expect.
What’s going on? Often, you have an issue with the DNS cache.
When you visit websites, your browser keeps track of the sites you have viewed. Have you noticed when you go back to a website it seems to load a bit quicker? That’s because your browser has saved or ‘cached’ the location of the site, so the browser doesn’t have to find the location of the server where the site is hosted.
The cache contains a temporary record of your website’s IP address, hostname, and the DNS A or AAAA record.
Your website’s DNS cache works in a similar way storing information about your site. If you’re having problems with your website, this could because your DNS cache has become corrupted, or the data the DNS cache contains hasn’t been updated correctly.
Flushing simply means emptying the DNS cache. This can resolve many of the issues you may encounter when managing your website. How you flush your DNS cache is different for each operating system (OS). Follow the steps below for the OS you are using:
Flushing the DNS cache of your website is a good idea, particularly if you are changing your website’s host. If you’re making changes to the DNS A record, for instance, then flushing the cache will ensure you are looking at the correct version of your site when checking it loads and displays correctly when the migration is complete.
Making your WordPress site as secure as possible is vital. Visitors to your site want to have confidence they can use your site securely. In the context of DNS security, DDoS (Distributed Denial of Service) attacks are a present danger you need to pay close attention to.
One of the most significant DNS attacks took place, on October 21, 2016, bringing down some of the world’s largest websites, including Twitter and eBay. Some even called this DNS Doomsday. What happened was the DDoS attack targeted the nameservers of big online brands. As we learned earlier, without a working nameserver, DNS can’t locate the IP address of the website being asked from a user’s browser.
To avoid, or at least reduce, the impact an attack on your WordPress site could sustain, there are several steps you can take from ensuring your website is using secure WordPress hosting at first, to specific steps to avoid DDoS attacks.
At Kinsta, we take the security of our customers’ website very seriously indeed. One of the many ways we help websites become more secure is to use two-factor authentication (2FA).
You may have already come across this if you use online banking. To access your bank account, you need to provide two or more pieces of information to prove you are who you say you are. Kinsta uses a similar system to protect all the websites we host.
The first level of defense against attack is the passwords you use to protect your site. Unfortunately, weak passwords are still rife across the Web. Indeed, the annual survey of passwords by the National Cyber Security Centre concluded that 123456 followed by ‘qwerty’ and the word ‘password’ are still in common use.
Using two pieces of information, only you know is a robust and proven way to protect your website from attack. This includes the attacks that could affect your DNS files and potentially bring your website down. Most of the 2FA systems will use SMS to send authentication codes, which form the second part of the 2FA service.
At Kinsta, we do things differently to avoid SIM swapping attacks that would target your phone. Our Authenticator-based method uses dynamically generated codes in Google Authenticator, 1Password, and other 2FA apps. If you haven’t yet, you can learn how to enable 2FA with our handy guide.
We just covered a few of the first steps you can take to protect your website’s DNS files from attack. But what if you could go one step further?
As businesses adjust to new ways of remote mass working, cybersecurity is even more relevant today it has ever been. If your business’s IT teams and users will continue to work remotely, protecting your WordPress website and its supporting DNS files is critical.
“You’re probably doing DNS wrong like we were” said Brian Armstrong, co-founder at Canopy in a blog post he wrote in 2014. He wrote his article in the wake of a DDoS attack that disabled his website’s DNS provider, DNSimple.
Many free DNS service providers do an adequate job. However, as cybersecurity becomes more critical in a post-COVID-19 world, upgrading the DNS service your website uses is paramount.
Kinsta surveyed all of the premium DNS service providers and chose to partner with Amazon Route 53. The service offers DNS failover and geolocation routing to ensure your website stays live.
Understanding how your DNS files control your website is vital to maintain a reliable, secure, and efficient website. Making changes to your DNS files should be carried out with care. Once you have completed your changes, appreciating how the DNS propagation process works, and what impacts its performance, will ensure your site updates with minimal delays.
DNS propagation is an essential component of proper website maintenance. DNS propagation is also about more than having a low TTL value set for any changes you make to come into effect.
As the Web has evolved and the ecosystem of nameservers has expanded, DNS has become a vital component to ensure the Web operates efficiently. And not all DNS services providers are made the same.
You may have been using a free DNS service for several years without any issues. Today with heightened cybersecurity, it could be the time to move to premium DNS services to protect the long-term health of your website.