DNS Fundamentals & Configuration

Dec 12, 2024 · 7 min read · dns networking gmail github-pages email ·

Share on:

DNS fundamentals and practical configuration for common services like Gmail and GitHub Pages.

DNS Basics

DNS Record Types

Record	Purpose	Example
A	IPv4 address	`example.com → 192.0.2.1`
AAAA	IPv6 address	`example.com → 2001:db8::1`
CNAME	Alias to another domain	`www.example.com → example.com`
MX	Mail server	`example.com → mail.example.com`
TXT	Text records (SPF, DKIM, verification)	`"v=spf1 include:_spf.google.com ~all"`
NS	Name servers	`example.com → ns1.provider.com`
SOA	Start of authority	Zone metadata
SRV	Service locator	`_service._proto.name`
CAA	Certificate authority authorization	`0 issue "letsencrypt.org"`
PTR	Reverse DNS	`1.2.0.192.in-addr.arpa → example.com`

DNS Lookup Tools

dig (Recommended)

 1# Basic lookup
 2dig example.com
 3
 4# Specific record type
 5dig example.com A
 6dig example.com AAAA
 7dig example.com MX
 8dig example.com TXT
 9dig example.com NS
10
11# Short answer only
12dig example.com +short
13
14# Query specific nameserver
15dig @8.8.8.8 example.com
16
17# Reverse DNS lookup
18dig -x 192.0.2.1
19
20# Trace DNS resolution path
21dig example.com +trace
22
23# Show all records
24dig example.com ANY

nslookup

 1# Basic lookup
 2nslookup example.com
 3
 4# Specific record type
 5nslookup -type=A example.com
 6nslookup -type=MX example.com
 7nslookup -type=TXT example.com
 8
 9# Query specific nameserver
10nslookup example.com 8.8.8.8

host

 1# Basic lookup
 2host example.com
 3
 4# Specific record type
 5host -t A example.com
 6host -t MX example.com
 7host -t TXT example.com
 8
 9# Verbose output
10host -v example.com

Gmail/Google Workspace DNS Configuration

MX Records (Mail Routing)

Priority matters - lower number = higher priority.

1Priority  Hostname
21         aspmx.l.google.com
35         alt1.aspmx.l.google.com
45         alt2.aspmx.l.google.com
510        alt3.aspmx.l.google.com
610        alt4.aspmx.l.google.com

DNS Configuration:

 1Type: MX
 2Name: @
 3Value: 1 aspmx.l.google.com.
 4TTL: 3600
 5
 6Type: MX
 7Name: @
 8Value: 5 alt1.aspmx.l.google.com.
 9TTL: 3600
10
11Type: MX
12Name: @
13Value: 5 alt2.aspmx.l.google.com.
14TTL: 3600
15
16Type: MX
17Name: @
18Value: 10 alt3.aspmx.l.google.com.
19TTL: 3600
20
21Type: MX
22Name: @
23Value: 10 alt4.aspmx.l.google.com.
24TTL: 3600

SPF Record (Sender Policy Framework)

Prevents email spoofing by specifying authorized mail servers.

1Type: TXT
2Name: @
3Value: v=spf1 include:_spf.google.com ~all
4TTL: 3600

SPF Syntax:

v=spf1: SPF version 1
include:_spf.google.com: Include Google's SPF records
~all: Soft fail for others (mark as spam but accept)
-all: Hard fail for others (reject)
+all: Allow all (NOT recommended)

DKIM Record (DomainKeys Identified Mail)

Cryptographic signature to verify email authenticity.

1Type: TXT
2Name: google._domainkey
3Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN...
4TTL: 3600

Get your DKIM key:

Go to Google Admin Console
Apps → Google Workspace → Gmail → Authenticate email
Generate new record
Copy the TXT record value

DMARC Record (Domain-based Message Authentication)

Policy for handling failed SPF/DKIM checks.

1Type: TXT
2Name: _dmarc
3Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
4TTL: 3600

DMARC Policies:

p=none: Monitor only (no action)
p=quarantine: Mark as spam
p=reject: Reject email
rua=mailto:...: Aggregate reports
ruf=mailto:...: Forensic reports
pct=100: Apply policy to 100% of emails

Verification TXT Record

Google requires verification before using Gmail.

1Type: TXT
2Name: @
3Value: google-site-verification=abc123xyz...
4TTL: 3600

Complete Gmail DNS Example

 1; MX Records
 2@    IN MX 1  aspmx.l.google.com.
 3@    IN MX 5  alt1.aspmx.l.google.com.
 4@    IN MX 5  alt2.aspmx.l.google.com.
 5@    IN MX 10 alt3.aspmx.l.google.com.
 6@    IN MX 10 alt4.aspmx.l.google.com.
 7
 8; SPF Record
 9@    IN TXT "v=spf1 include:_spf.google.com ~all"
10
11; DKIM Record
12google._domainkey IN TXT "v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY"
13
14; DMARC Record
15_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
16
17; Verification
18@    IN TXT "google-site-verification=YOUR_VERIFICATION_CODE"

GitHub Pages DNS Configuration

Custom Domain (Apex Domain)

For example.com:

 1Type: A
 2Name: @
 3Value: 185.199.108.153
 4TTL: 3600
 5
 6Type: A
 7Name: @
 8Value: 185.199.109.153
 9TTL: 3600
10
11Type: A
12Name: @
13Value: 185.199.110.153
14TTL: 3600
15
16Type: A
17Name: @
18Value: 185.199.111.153
19TTL: 3600

All 4 A records are required for redundancy and load balancing.

Custom Subdomain (www)

For www.example.com:

1Type: CNAME
2Name: www
3Value: yourusername.github.io.
4TTL: 3600

Note: The trailing dot (.) is important!

Both Apex and www

1; Apex domain (example.com)
2@    IN A 185.199.108.153
3@    IN A 185.199.109.153
4@    IN A 185.199.110.153
5@    IN A 185.199.111.153
6
7; www subdomain (www.example.com)
8www  IN CNAME yourusername.github.io.

Verification (Optional but Recommended)

1Type: TXT
2Name: _github-pages-challenge-yourusername
3Value: verification-code-from-github
4TTL: 3600

Complete GitHub Pages Example

 1; GitHub Pages A records
 2@    IN A 185.199.108.153
 3@    IN A 185.199.109.153
 4@    IN A 185.199.110.153
 5@    IN A 185.199.111.153
 6
 7; www subdomain
 8www  IN CNAME yourusername.github.io.
 9
10; Verification (if required)
11_github-pages-challenge-yourusername IN TXT "verification-code"

GitHub Pages Configuration

After DNS setup:

Go to repository Settings → Pages
Enter custom domain: example.com or www.example.com
Wait for DNS check (can take 24-48 hours)
Enable "Enforce HTTPS" (after DNS propagates)

Combined Example: Gmail + GitHub Pages

 1; GitHub Pages
 2@    IN A     185.199.108.153
 3@    IN A     185.199.109.153
 4@    IN A     185.199.110.153
 5@    IN A     185.199.111.153
 6www  IN CNAME yourusername.github.io.
 7
 8; Gmail MX Records
 9@    IN MX 1  aspmx.l.google.com.
10@    IN MX 5  alt1.aspmx.l.google.com.
11@    IN MX 5  alt2.aspmx.l.google.com.
12@    IN MX 10 alt3.aspmx.l.google.com.
13@    IN MX 10 alt4.aspmx.l.google.com.
14
15; Email Authentication
16@              IN TXT "v=spf1 include:_spf.google.com ~all"
17google._domainkey IN TXT "v=DKIM1; k=rsa; p=YOUR_DKIM_KEY"
18_dmarc         IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
19
20; Verification
21@    IN TXT "google-site-verification=YOUR_GOOGLE_CODE"
22_github-pages-challenge-yourusername IN TXT "YOUR_GITHUB_CODE"

DNS Propagation & Testing

Check DNS Propagation

1# Check from multiple locations
2# Use online tools:
3# - https://dnschecker.org
4# - https://www.whatsmydns.net
5
6# Check locally
7dig example.com @8.8.8.8
8dig example.com @1.1.1.1
9dig example.com @your-isp-dns

Test Email Configuration

 1# Check MX records
 2dig example.com MX +short
 3
 4# Check SPF
 5dig example.com TXT +short | grep spf
 6
 7# Check DKIM
 8dig google._domainkey.example.com TXT +short
 9
10# Check DMARC
11dig _dmarc.example.com TXT +short

Test Email Deliverability

Online tools:

MXToolbox: https://mxtoolbox.com
Google Admin Toolbox: https://toolbox.googleapps.com/apps/checkmx/
Mail-tester: https://www.mail-tester.com

Flush DNS Cache

1# Linux (systemd-resolved)
2sudo systemd-resolve --flush-caches
3
4# macOS
5sudo dscacheutil -flushcache
6sudo killall -HUP mDNSResponder
7
8# Windows
9ipconfig /flushdns

Common DNS Providers

Cloudflare

1# API example (set A record)
2curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
3  -H "Authorization: Bearer YOUR_API_TOKEN" \
4  -H "Content-Type: application/json" \
5  --data '{"type":"A","name":"example.com","content":"192.0.2.1","ttl":3600}'

AWS Route 53

 1# CLI example
 2aws route53 change-resource-record-sets --hosted-zone-id ZONE_ID --change-batch '{
 3  "Changes": [{
 4    "Action": "CREATE",
 5    "ResourceRecordSet": {
 6      "Name": "example.com",
 7      "Type": "A",
 8      "TTL": 300,
 9      "ResourceRecords": [{"Value": "192.0.2.1"}]
10    }
11  }]
12}'

Google Cloud DNS

1# gcloud example
2gcloud dns record-sets create example.com. \
3  --zone=my-zone \
4  --type=A \
5  --ttl=300 \
6  --rrdatas=192.0.2.1

DNS Security

DNSSEC (DNS Security Extensions)

1# Check DNSSEC validation
2dig example.com +dnssec
3
4# Check DS records
5dig example.com DS +short

CAA Records (Certificate Authority Authorization)

 1Type: CAA
 2Name: @
 3Value: 0 issue "letsencrypt.org"
 4TTL: 3600
 5
 6Type: CAA
 7Name: @
 8Value: 0 issuewild "letsencrypt.org"
 9TTL: 3600
10
11Type: CAA
12Name: @
13Value: 0 iodef "mailto:security@example.com"
14TTL: 3600

Troubleshooting

Email Not Working

 1# 1. Check MX records
 2dig example.com MX +short
 3
 4# 2. Check SPF
 5dig example.com TXT +short | grep spf
 6
 7# 3. Test with mail-tester.com
 8# Send email to the provided address
 9
10# 4. Check Google Admin Console
11# Apps → Google Workspace → Gmail → Authenticate email

GitHub Pages Not Loading

 1# 1. Check A records
 2dig example.com +short
 3
 4# Should return all 4 GitHub IPs:
 5# 185.199.108.153
 6# 185.199.109.153
 7# 185.199.110.153
 8# 185.199.111.153
 9
10# 2. Check CNAME (if using www)
11dig www.example.com +short
12
13# Should return: yourusername.github.io
14
15# 3. Wait for propagation (up to 48 hours)
16
17# 4. Check GitHub Pages settings
18# Repository → Settings → Pages

DNS Not Propagating

1# Check TTL (Time To Live)
2dig example.com | grep "^example.com"
3
4# Lower TTL before making changes
5# Wait for old TTL to expire
6# Make changes
7# Increase TTL again

Quick Reference

Gmail DNS Records

1MX:   1  aspmx.l.google.com.
2MX:   5  alt1.aspmx.l.google.com.
3MX:   5  alt2.aspmx.l.google.com.
4MX:   10 alt3.aspmx.l.google.com.
5MX:   10 alt4.aspmx.l.google.com.
6TXT:  v=spf1 include:_spf.google.com ~all
7TXT:  (DKIM at google._domainkey)
8TXT:  (DMARC at _dmarc)

GitHub Pages DNS Records

1A:    185.199.108.153
2A:    185.199.109.153
3A:    185.199.110.153
4A:    185.199.111.153
5CNAME: www → yourusername.github.io.

Tips

Always use trailing dots in DNS records (e.g., example.com.)
Lower TTL before changes to speed up propagation
Test with multiple DNS servers (8.8.8.8, 1.1.1.1, etc.)
Wait 24-48 hours for full DNS propagation
Use dig +short for quick checks
Enable DNSSEC for security (if provider supports it)
Set up DMARC to monitor email authentication
Use CAA records to restrict certificate issuance
Test email deliverability with mail-tester.com
Keep verification TXT records even after verification

Related Snippets

iftop - Network Bandwidth Monitor
Real-time network bandwidth monitoring with iftop. Basic Usage Monitor Default …
iperf & iperf3 Network Testing
Network bandwidth testing with iperf and iperf3. Understand differences and …
NATS Setup with JWT Authorization
NATS server setup and JWT-based authorization cheatsheet
Performance Measurement Tools
Essential tools for measuring network and computer performance. Quick reference …
Security Essentials & Best Practices
Security best practices, OWASP Top 10, secure coding practices, and security …
Serial Port Sniffing
Tools and techniques for capturing and analyzing serial port communication …
tcpdump - Packet Capture
Packet capture and analysis with tcpdump. Essential tool for network debugging …
WireGuard VPN Setup
WireGuard VPN setup with port forwarding and tunneling. Modern, fast, and secure …