DNS settings

Questions about the DNS settings

DKIM record
SPF records
How to create a DMARC record?
NS record
SRV record
TXT record
MX record
CNAME record
AAAA record
A record
SOA record
TTL
TTL (DNS)
DNS resolver
DNSSEC
Setup the domain redirect
Redirect
Why can I only set an IP address in an A record
Can I use my free hosting plan, but use an other e-mail provider?
CNAME at the root of the domain
Setup the hosting nameservers
Use own nameservers
Modify nameservers
Modify DNS settings for domain names using the webhosting nameservers
Verify Google Domain ownership on the Search Console interface
Modify DNS settings for domain names using the default name server

DKIM record

WHAT IS THE DKIM RECORD?

DKIM is the abbreviation for DomainKeys Identified Mail. DKIM is not really a spam protection technology, it’s a cryptographic signature that our mail server (that is, not our own machine) digitally signs on sending, protecting it against unauthorized modifications. Spam protection will take effect if you enter a rule in the domain TXT record so that the host server will dismiss all unsigned mails to protect the (as all unsigned emails are, as a rule, fake). This is useful if few users only email through 1-2 servers.

Signatures with the DKIM key are executed by the sender server.

DKIM signature is usually invisible to average users.

QUERYING DKIM RECORD

For example, you can use the nslookup command in Windows to access record DKIM, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=TXT staff._domainkey.dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
staff._domainkey.dotroll.com    text =

        "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMGy34jPh1A9JPiDN+fHGuLPf0Kb0U752RW8UZti9F4/6BHZVm1aYCNG+QZfy4RAdYTW2uyajuQKigzNemNgAmm6FOEerc+pUFI3CFI3+KzkFcjErSPL6oeZYp1Gs43j3nYb0MJWJttFJZkKKLplPAKq4HccE52Uk3fs+qo4c9UQIDAQAB"

Example of Linux based host query:

host -t TXT staff._domainkey.dotroll.com
staff._domainkey.dotroll.com descriptive text "k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMGy34jPh1A9JPiDN+fHGuLPf0Kb0U752RW8UZti9F4/6BHZVm1aYCNG+QZfy4RAdYTW2uyajuQKigzNemNgAmm6FOEerc+pUFI3CFI3+KzkFcjErSPL6oeZYp1Gs43j3nYb0MJWJttFJZkKKLplPAKq4HccE52Uk3fs+qo4c9UQIDAQAB"

DKIM RECORD FORMAT

Fields name	Description
v=	set to the record type, the value will typically be `DKIM1`. Required element.
k=	specifies the type of generated key, which can be `dsa` or `rsa`. Required element.
g=	you can enter the detail of the key. Not required element.
h=	an authorized HASH algorithm that can be any `SHA1` or `SHA256`. Not required element.
n=	can be added a comment. Not required element.
s=	define the service type. Not required element.
t=	the given key can be assigned to a single subdomain name. Not required element.
p=	you can enter the public key part of the generated key pair. Required element.

Some service providers limit the length of the TXT record in 255 characters. If the received DKIM key is longer than 255 characters, the key can be truncated.

For example, the following DKIM key length is 411 characters:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDv2kr5/XYYmYzy1ynCe25/2AYsLaQtZMvKoXsa1W1qgFfKFKmMw6vhcuLkII8FA8gJG18p9wwoXoP5wNZZOC02u9rrgoZt8FsuQmO6b/QJKNSuHEECr6hVD+H9C9zS9ThuQk2qa3RtVO6apHCcw/DLpQ1DN14kNd7URNQlGZLKFgblGI1NwaCOLvUgqpFP/hOzk5veqG2qh50krPLrg6Lzjvd4pLx/5+n87yvLXian3ZAjcVZ1IqT9O7UQtPu1mwPbjBH+odpc6xF3ZUFUoHLDpgxYmwW3z7lD7vTLErgkhxpzEl1+xQwYKG8IM/ryO85cZ4ADRX7fqj/QUi1mzGwIDAQAB;

In this case, the key must be divided into two sections where the first part will be 254 characters long while the second part will contain the remaining 156 characters:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDv2kr5/XYYmYzy1ynCe25/2AYsLaQtZMvKoXsa1W1qgFfKFKmMw6vhcuLkII8FA8gJG18p9wwoXoP5wNZZOC02u9rrgoZt8FsuQmO6b/QJKNSuHEECr6hVD+H9C9zS9ThuQk2qa3RtVO6apHCcw/DLpQ1DN14kNd7URNQlGZLKFgblGI1NwaCOLvUgqpFP/"

"hOzk5veqG2qh50krPLrg6Lzjvd4pLx/5+n87yvLXian3ZAjcVZ1IqT9O7UQtPu1mwPbjBH+odpc6xF3ZUFUoHLDpgxYmwW3z7lD7vTLErgkhxpzEl1+xQwYKG8IM/ryO85cZ4ADRX7fqj/QUi1mzGwIDAQAB"

The DNS management interface can then be added, so that the subdomain name is given in the domain / subdomain box:

default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=..."
default._domainkey 14400 IN TXT "hOzk5ve..."

ADDING DKIM RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select DKIM from the next drop-down list.
- set the desired values
Then click Save Changes.

SPF records

WHAT IS THE SPF RECORD?

According to the original operation of the SMTP protocol, any computer could send an email with any sender address. As a result, spammers have a simple job as they can easily falsify the sender addresses (Return-Path headers). The SPF would remedy this by defining domain names by which servers can send a mail from the email address that belongs to that domain. This information must be published in the TXT record for that domain.

The SPF ignores a single important parameter in the SMTP operation of the email redirection. If a server is configured to redirect to a specific address and the server to which the mail is forwarded, it checks the SPF, then it will optionally reject a real mail as it is not transmitted by the server that was enabled in the SPF entry.

Solution attempts have been created for this problem, but all of these can only work if all servers on the Internet implement them.

QUERYING SPF RECORD

For example, you can use the nslookup command in Windows to access record TXT, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=TXT dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     text =

        "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"

Example of Linux based host query:

host -t TXT dotroll.com
dotroll.com descriptive text "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"

SPF RECORD FORMAT

The SPF record always begins with v=. This indicates the SPF version used. Currently, version spf1 must be configured, as this is the most common version of SPF that is understood by mail servers.

There may be one or more values after this version. These will determine which servers to send mail through the domain name.

Globally usable elements:

Usable elements	Result	Description
+	Pass	Specifies the server through which you can send a mail, this is the default operating mode
–	Fail	Specifies the server through which no mail can be sent
~	SoftFail	Specifies the server through which you can not send mail but is temporarily enabled
?	Neutral	It determines that nothing can be said about validity

These elements can be used for the items listed in the table below.

Usable elements	Description
ip4	IPv4 addresses can be specified in CIDR format that can deliver or forward the message through the domain name.
ip6	IPv6 addresses can be specified in CIDR format that can deliver or forward the message through the domain name.
a	You can specify any host name that you can send or forward through a domain name.
mx	You can enter any host server host name that you can send or forward through a domain name.
ptr	You can specify any host name that you can send or forward through a domain name. Its use is not recommended.
exists	If this value is set, the specified domain name records the record and if it finds a match between the specified IP addresses, it will allow the mail to be sent or forwarded via the domain name.
include	You can specify any additional domain name that can be delivered or forwarded via the domain name.
redirect	At the domain name, the current SPF record will be replaced by the SPF record of the domain name specified here.
exp	A brief explanation of what to do after a letter is rejected
all	This determines the strictness of the items set in the SPF record.

ADDING SPF RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select SPF from the next drop-down list.
- set the desired values
Then click Save Changes.

How to create a DMARC record?

How to create a DMARC record? Once SFP and DKIM are in place, you configure DMARC by adding policies to your domain’s DNS records in the form of TXT records (just like with SPF or DKIM).

The TXT record name should be “_dmarc.your-domain.com.” where “yourdomain.com” is replaced with your actual domain name (or subdomain).

Here are common tags used in DMARC TXT records:

Tag name	Required	Purpose	Sample
v	required	Protocol version	v=DMARC1
p	required	Policy for domain	p=quarantine
sp	optional	Requested handling policy for subdomains	sp=reject
adkim	optional	Alignment mode for DKIM	adkim=s
aspf	optional	Alignment mode for SPF	aspf=r
pct	optional	% of messages subjected to filtering	pct=20
ruf	optional	Addresses to which message-specific forensic information is to be reported (comma-separated plain-text list of URIs).	ruf=mailto:authfail@your-domain.com
rua	optional	Reporting URI of aggregate reports	rua=mailto:aggrep@your-domain.com
fo	optional	Failure reporting format(s)	fo=0
ri	optional	Aggregate Reporting interval	ri=3600

Only the v (version) and p (policy) tags are required. Three possible policy settings, or message dispositions, are available:

none – Take no action. Log affected messages on the daily report only.
quarantine – Mark affected messages as spam.
reject – Cancel the message at the SMTP layer.

Alignment mode (aspf / adkim) refers to the precision with which sender records are compared to SPF and DKIM signatures, with the two possible values being relaxed or strict. represented by “r” and “s” respectively. In short, relaxed allows partial matches, such as subdomains of a given domain, while strict requires an exact match.

Generally, the following settings are appropriate for the DMARC key:

_dmarc.your_domain_name.tld. IN TXT "v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400"

NS record

WHAT IS THE AAAA RECORD?

The NS record is the shortened equivalent of NameServer. This record is used to provide a domain name server.

Use this record to determine which server name is a domain name or a name server of a subdomain name. It is recommended that you enter two nameservers so that the domain name zone can be accessed if, for any reason, one of the two name servers is unavailable.

GLUE RECORD

It is common that one of the name servers in the delegated zone is in the zone itself. The ns1.dotroll.com record is in the dotroll.com zone, but there is a need to go up one level in the .com zone, otherwise we will be trapped. That’s why we need to pick up a record-breaking record. Such a foreign A record is called a glue record.

QUERYING NS RECORD

For example, you can use the nslookup command in Windows to access record NS, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=NS dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     nameserver = ns1.dotroll.com
dotroll.com     nameserver = ns2.dotroll.com

Example of Linux based host query:

host -t NS dotroll.com
dotroll.com name server ns2.dotroll.com.
dotroll.com name server ns1.dotroll.com.

NS RECORD FORMAT

Fields name	Description
Name	this field contains the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
Address	contains the nameserver name.

ADDING NS RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select NS from the next drop-down list.
- enter the names server name in the last field.
Then click Save Changes.

SRV record

WHAT IS THE SRV RECORD?

SRV corresponds to the abbreviation for SeRVer to help you find the availability of a particular service with a certain protocol for a domain. You can give more servers, define preferences, and specify which port the service is running.

It is similar to the record of the SRV record for the long-established MX record, in fact its generalization: it is possible to specify SRV records not only for correspondence but also for any service, which can be prioritized and weighted by parameters, and finally, what kind of protocol and port we provide given service.

A domain name may have more SRV records.

EXAMPLE OF THE SRV RECORD

Two typical SRV records can be seen below:

_sip._tcp.example.com.   3600 IN    SRV 10       60     5060 bigbox.example.com.
_sip._udp.example.com.   3600 IN    SRV 10       20     5060 smallbox1.example.com.

SRV RECORD FORMAT

Prioritycontains the priority value

Fields name	Description
Name	In general, the symbolic name of the service (`_sip`) is provided, and the service is protocols (`_tcp` or `_udp`). This is followed by the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
Weight	contains the weight value
Port	contains the port on which the given service is available
SRV target	contains the target address

ADDING SRV RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select SRV from the next drop-down list.
- enter the priority
- enter the weight
- enter the port
- enter the name of the service provider in the last field
Then click Save Changes.

TXT record

WHAT IS THE TXT RECORD?

Any text information can be stored in the TXT record. TXT corresponds to the abbreviation for Text.

With TXT records, you can verify the domain name property rights for some services. The SPF, DK, DKIM and DMARC keys are published in TXT records.

A domain name may have several TXT records.

QUERYING TXT RECORD

For example, you can use the nslookup command in Windows to access record TXT, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=TXT dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     text =

        "google-site-verification=NMkDYF4JGT5YCQTQKfHvfBTFeg_TOfsYjZIowHSpKFU"
dotroll.com     text =

        "yandex-verification: 66da9e054ee4bea9"
dotroll.com     text =

        "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"

Example of Linux based host query:

host -t TXT dotroll.com
dotroll.com descriptive text "v=spf1 mx a:staffmx.dotroll.com a:staffmx1.dotroll.com ip4:80.77.113.20 ip4:80.77.113.30 ip4:185.33.52.53 a:admin.dotroll.com a:online1.int.dotroll.com ~all"
dotroll.com descriptive text "google-site-verification=NMkDYF4JGT5YCQTQKfHvfBTFeg_TOfsYjZIowHSpKFU"
dotroll.com descriptive text "yandex-verification: 66da9e054ee4bea9"

TXT RECORD FORMAT

Fields name	Description
Name	this field contains the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
TXT record	contains the text

ADDING TXT RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select TXT from the next drop-down list.
- enter the text in the last field.
Then click Save Changes.

MX record

WHAT IS THE MX RECORD?

Using the MX record, you can enter a domain name by which server handles the mail. The MX record is the abbreviation for Mail eXcahnge.

The server address specified in the MX record can never be an IP address, it must always be a domain name. (for example, staffmx.dotroll.com) You must assign a priority to the MX record, which in the case of multiple records means the order in which the sending server attempts to send the message.

Incorrect setting of the MX record may result in no mail being sent to that domain name.

For a domain name, you can set multiple MX records to increase the probability that the mail will be delivered to ensure redundancy.

QUERYING MX RECORD

For example, you can use the nslookup command in Windows to access record MX, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=MX dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     MX preference = 10, mail exchanger = staffmx.dotroll.com

Example of Linux based host query:

host -t MX dotroll.com
dotroll.com mail is handled by 10 staffmx.dotroll.com.

MX RECORD FORMAT

Priorityif multiple MX records are specified for the domain then the email will be sent to the priority with a lower priority (server)

Fields name	Description
Name	this field contains the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
Priority	if multiple TXT records are specified for the domain then the email will be sent to the priority with a lower priority (server)
Mail server exchange target	contains the mail server address (`staffmx.dotroll.com`).

ADDING MX RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select MX from the next drop-down list.
- enter the priority IP address in the last field.
- enter the remote mail server address in the last field.
Then click Save Changes.

CNAME record

WHAT IS A CNAME RECORD?

CNAME stands for Canonical Name. CNAME records can be used to alias one name to another.

For example, if you have a server where you keep all of your documents online, it might normally be accessed through docs.example.com. You may also want to access it through documents.example.com. One way to make this possible is to add a CNAME record that points documents.example.com to docs.example.com. When someone visits documents.example.comthey will see the exact same content as docs.example.com.

ADD A CNAME RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select CNAME from the next drop-down list.
- enter the destination host name in the last field.
Then click Save Changes.

AAAA record

WHAT IS THE AAAA RECORD?

The AAAA record (also known as four-A records) determines the host’s IPv6 address. It works the same way as A record, the difference is the IP address type. Using AAAA records, IPv6 addresses for domain names can be used to identify computers. When you visit a webpage that can be tapped with an IPv6 record, you can use the client name resolution to find the IPv6 address for that domain name. Subsequently, the client sends the request to the IPv6 address specified in the AAAA record.

For example, you need to enter dotroll.com in the browser to access the DotRoll website. During the name resolution, the server for dotroll.com sends the record back to the name server, which in this case will be 2a00:c760:80:d07:2011:ffff:b921:3440, and the browser will forward the commands for retrieving the contents of the web page to the 2a00:c760:80:d07:2011:ffff:b921:3440 IPv6 address.

Records are the simplest DNS records and one of the primary records used in DNS servers.

In fact, more records can be given for a domain name, thus ensuring redundancy. Of course, several domain names may show the same IPv6 address.

QUERYING AAAA RECORD

For example, you can use the nslookup command in Windows to access record AAAA, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=AAAA dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    dotroll.com
Address:  2a00:c760:80:d07:2011:ffff:b921:3440

Example of Linux based host query:

host -t AAAA dotroll.com
dotroll.com has IPv6 address 2a00:c760:80:d07:2011:ffff:b921:3440

AAAA RECORD FORMAT

Fields name	Description
Name	this field contains the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
IPv6 Address	contains the colon-separated IPv6 address (`2a00:c760:80:d07:2011:ffff:b921:3440`).

Adding AAAA record

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select AAAA from the next drop-down list.
- enter the IPv6 address in the last field.
Then click Save Changes.

A record

WHAT IS THE A RECORD?

A records can be used to assign computers to domain names using IP addresses. A record is an abbreviation for Address. When you visit a web site or send an email, you can use the client name resolution to find the IP address for that domain name. Subsequently, the client sends the request to the IP address specified in record A.

For example, you need to enter dotroll.com in the browser to access the DotRoll website. During the name resolution, the server for dotroll.com sends the record back to the name server, which in this case will be 185.33.52.64, and the browser will forward the commands for retrieving the contents of the web page to the 185.33.52.64 IP address.

Records are the simplest DNS records and one of the primary records used in DNS servers.

In fact, more records can be given for a domain name, thus ensuring redundancy. Of course, several domain names may show the same IP address.

QUERYING A RECORD

For example, you can use the nslookup command in Windows to access record A, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=A dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    dotroll.com
Address:  185.33.52.64

Example of Linux based host query:

host -t A dotroll.com
dotroll.com has address 185.33.52.64

A RECORD FORMAT

Fields name	Description
Name	this field contains the domain or subdomain name.
TTL	this field contains record lifetime in seconds. This is the time until the entry is stored in the resolver.
IPv4 Address	this field contains an IPv4 address separated by dots (`185.33.52.64`).

ADDING A RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
At the bottom of the page, click Add.
- In the first field, you can enter a subdomain name, or leave blank
- the TTL value can be selected in the second field, but typically the default is 1 hour
- select A from the next drop-down list.
- enter the IP address in the last field.
Then click Save Changes.

SOA record

WHAT IS THE SOA RECORD?

The SOA (Service of Authority) record defines the domain parameters. Each domain name must have a SOA record from now on that the domain name has been registered.

For example, if the domain of dotroll.com is delegated to DotRoll naming servers, we need to provide a SOA record for the dotroll.com domain name in authorativ DNS records. This record is automatically added to the domain names registered at DotRoll.

QUERYING SOA RECORD

For example, you can use the nslookup command in Windows to access record SOA, while under Linux the host command.

Example of a Windows-based nslookup query:

nslookup -q=SOA dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com
        primary name server = ns1.dotroll.com
        responsible mail addr = hostmaster.dotroll.com
        serial  = 2018071701
        refresh = 86400 (1 day)
        retry   = 7200 (2 hours)
        expire  = 604800 (7 days)
        default TTL = 600 (10 mins)

Example of Linux based host query:

host -t SOA dotroll.com
dotroll.com has SOA record ns1.dotroll.com. hostmaster.dotroll.com. 2018071701 86400 7200 604800 600

SOA RECORD FORMAT

Fields name	Description
ns1.dotroll.com	Primary name server.
hostmaster.dotroll.com	Admin contact e-mail address. Replace the first dot with an @.
2018071701	Serial number. Increment this, if the domain has been modified.
86400	Refresh time. The secondary NS tries to download the zone every this many seconds.
7200	Retry time. The secondary NS retries to download the zone after this many seconds in case of failure.
604800	Expiry. The secondary NS forgets the zone after this time.
600	Minimum TTL. Negative cache time. The DNS resolver uses this time to cache negative responses.

EDITING SOA RECORD

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Manage DNS.
In the block at the top of the page, you can modify certain items in the SOA record.
- You can adjust the record TTL value, Refresh time, Retry, Maturity, and Minimum TTL.
Once you’ve made the settings, click the Save Changes buttonat the bottom of the page.

TTL

The TTL (Time To Live) is a general term in IT referring to the expiry of an item.

TTL in DNS records

TTL (DNS)

A DNS record’s TTL (Time To Live) sets the time the record may be cached. During this time, clients don’t ask the authoritative server for information. Frequent values vary from 1 hour to 1 day. Very small TTL values (below 300s) may be ignored by resolvers.

It is important to note, that TTL values are stored per-record, not per-zone (domain).

DNS UPDATES

A DNS entry will be resolved for the client by a DNS resolver. A DNS update can have the following effects:

- If the resolver was not asked the record before the update, it performs a recursion and returns the new value.
- If the resolver was asked the record before the update and the record did not exist at that time, the negative cache TTL is in effect. (This is the last parameter of the SOA record.) The client will be returned a servfail.
- If the resolver was asked the record before the update and the record did exist at that time, the record’s TTL value is in effect. The client will be returned to the old setting.

DNS resolver

A DNS resolver is the server doing a recursive lookup on behalf of a client. Most ISP’s (Internet Service Providers) have at least one.

DNSSEC

By default, DNS entries in domain names are not encrypted during a simple query, so they may be denied access to or change the response. DNSSEC uses a cryptographic procedure to sign the domain names zone to give you a credible response that a third party can not access, can not modify it.

Using the DNSSEC settings incorrectly for the domain name may result in the domain name being inoperable.

WHAT IS THE DNSSEC?

DNSSEC stands for the abbreviation of Domain Name System Security Extensions. Essentially, an extension of DNS that is intended to improve security vulnerabilities and vulnerabilities in the creation of DNS.

OPERATION OF DNSSEC

DNSSEC protects against data forgery by adding digital signatures to DNS records during queries. When querying domain names signed with DNSSEC, the digital signature stored in the name server set at the domain name is authenticated to ensure that the data stored in the zone during the period between the query and the response has not changed. Using DNSSEC, you can ensure that you actually query the web page that the visitor has typed into the browser’s address bar.

DNSSEC uses the public or secret key authentication. Public keys can be digitized in DNS as RRSIG type, these records can be retrieved the same way as any other type of record. The secret keys belonging to the domain names are stored by the name server and, during a query, they also send back the signed data with the secret key to the interviewee, who can unlock it using the public key. In case a third party interferes with the query and modifies the data sent in the response, it will not be possible to reverse it with the public key when decrypting it, but the recipient will know that it is fake.

DNSSEC does not encrypt data – in the absence of algorithms – but only ensures that the data you are querying is genuine. As a result, DNSSEC can not be used, for example, to prevent DDoS attack.

MANAGE DNSSEC KEYS

Naturally, like any cryptographic procedure, the private and open keys used for DNSSEC are also known and can be broken up over time. In order to make it easier to know the keys used and then to crack it, an additional key has been introduced. For DNSSEC, the KSK and ZSK keys are used. The KSK keys are relatively rarely changed, but the ZSK keys often, ensuring that a possible break is much more time consuming, and this makes it more difficult.

Key type	Key description
KSK	Use this to sign the zone signing key
ZSK	which means that each record is signed

TROUBLESHOOTING DNSSEC

Use the following pages to check the correct setting for DNSSEC:

Setup the domain redirect

When registering a domain name if you have not provided unique name servers or the domain name has not been added to the hosting service, our system will generate a default zone.

If you want to change a domain name’s name after you register your domain name, you can simply make it through the online interface.

Domain Name To modify your record, you must clear the current records in the zone file so that you fill in the domain name with only the new A record that you have set. Otherwise, if you enter the domain name in a browser, you will be randomly assigned either the parking page in the default zone file or the content uploaded under the IP address you have set.

SETUP A RECORD WITHOUT WWW SUBDOMAIN

Delete both your *.yourdomain.tld and your www.yourdomain.tld record using the Delete button at the end of each row.
Next, click the Add button at the bottom right. The field for recording a new record is displayed at the bottom of the page.
If you want to redirect only the blank without www, leave the first field empty.
In the second down list, you can set the TTL for that record. Here is generally a good baseline value of 1 hour.
You can select the type of record from the next drop-down list.
From the drop-down list, select Redirect, and then from the next drop-down list, select Redirect type.
In the next box, type the address where you want to control the domain name.

EDIT A WWW SUBDOMAIN AND REDIRECT

Setting the www subdomain name to a plain A record is similar.

Click the Add button at the bottom right. The field for recording a new record is displayed at the bottom of the page
Type in the first field www
In the second down list, you can set the TTL for that record. Here is generally a good baseline value of 1 hour.
You can select the type of record from the next drop-down list.
From the drop-down list, select Redirect, and then from the next drop-down list, select Redirect type.
In the next box, type the address where you want to control the domain name.

As a last step, click the Save Changes button.

Redirect

The domain name is set to a A record. This A record redirects us to the URL set on the web interface.

There are currently two types of redirects:

HTTP: In this case, the visitor to the page will be redirected to the specified address and the URL will be overwritten in the browser. So the address of the new web page will appear in the browser bar. (This is what we recommend because search engines like this kind of redirection)
FRAME: In that case, the page you are redirected will be loaded into an iFrame, leaving the original page title in the browser’s title bar. (We do not recommend this because iFrame is not popular with search engines and it is not sure that the page you are loading will work properly.)

Why can I only set an IP address in an A record

An A record is a generic pointer for your domain, which resolves a domain name to an IP address. If the DNS server supports it, you may add multiple A records to one domain for load balancing purposes. (The TTL must be set low in order for this to work.)

Can I use my free hosting plan, but use an other e-mail provider?

Yes, the domain name MX records can be configured independently of the storage settings.

CNAME at the root of the domain

The DNS administration interface doesn’t allow it to be added to the root of the domain because the CNAME (canonical name) is not only a redirection of the record A, but also the full domain name. If a CNAME record could be created for the domain, it would also move the NS and SOA records elsewhere, which would be equivalent to making the domain unusable.

Setup the hosting nameservers

You can modify the name servers of the domain name at https://admin.dotroll.com.

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Nameservers
Once the page has been loaded, select Use webhosting nameservers.
Click Change Nameservers button.

If you have a technical problem setting up the name server, it will indicate our page at the top of the page.

The set-up time will take up to 24 to 48 hours, so the domain name will only work properly.

Use own nameservers

To avoid the flapping due to the missing technical settings, please advise using the name servers provided by DotRoll.

After that, the name servers are freely changeable, but in the .hu domain endings the name server settings must comply with the technical check.

Modify nameservers

You can modify the name servers of the domain name at https://admin.dotroll.com.

Sign in with https://admin.dotroll.com with your username and password
In the top menu bar, click the Domains / My Domains menu.
Select the domain name for which you want to make the change and then click on it.
In the Manage box on the left, select Nameservers
Once the page has been loaded, select Use custom nameservers (enter below) and enter the new name servers.
Click Change Nameservers button.

If you have a technical problem setting up the name server, it will indicate our page at the top of the page.

The set-up time will take up to 24 to 48 hours, so the domain name will only work properly.

Modify DNS settings for domain names using the webhosting nameservers

If the affected domain name is set to cns1.dotroll.com and cns2.dotroll.com or ns1.webspacecontrol.com and ns2.webspacecontrol.com name servers, you can change the domain name’s DNS settings as described below.

If the affected domain name uses ns1.dotroll.com and ns2.dotroll.com name servers, you can modify the domain name DNS settings based on the Modify DNS settings for domain names using the default name server article.

QUERY NAME SERVERS

You can query the name names that are currently set for the domain name as follows:

You can use the nslookup command on Windows:

nslookup -q=NS webspacecontrol.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
webspacecontrol.com     nameserver = ns1.webspacecontrol.com
webspacecontrol.com     nameserver = ns2.webspacecontrol.com

Under Linux use the host command:

host -t NS webspacecontrol.com
webspacecontrol.com name server ns2.webspacecontrol.com.
webspacecontrol.com name server ns1.webspacecontrol.com.

MODIFY ZONE ON THE:

When you use a webhosting nameservers, you can change the DNS settings for that domain name in two ways:

CPANEL INTERFACE

1. Sign in with https://admin.dotroll.com with your username and password.
2. Then, in the top menu bar, click Services / My Services.
3. Select the hosting service that is assigned to your domain name as Addon domain or Alias and click on it.
4. On the page that appears, at the left of the One Click Login box, select cPanel.
5. Your browser will open a new tab in the cPanel interface. In the search box at the top of the page, type the word “zone”, and then click the item below.
6. On the page, select or locate the domain name that you want to change the DNS zone, then click Manage.
7. On the page you have the option:
  1. to modify an existing record or go to the new Add Record button.

ONLINE INTERFACE

1. Sign in with https://admin.dotroll.com with your username and password.
2. Then, in the top menu bar, click Domains / My Domains.
3. Select the domain name that you want to change and click on it.
4. On the left, in Manage box, select the Manage DNS element.
5. On the Manage DNSpage you can:
  1. to modify an existing record
  2. or you can add a new record. Use the Add button at the bottom of this page.
6. When you’ve made the settings, click Save Changes.

SUPPORTED DNS RECORDS

If you add a new record, the following record types are currently supported:

- 1. - A
    - AAAA
    - CNAME
    - MX
    - TXT
    - SRV
    - NS
    - CAA
    - DMARC
    - SPF
    - DKIM

Verify Google Domain ownership on the Search Console interface

Google has made Domain Property available in the Google Search Console, and the previously used Property Sets feature has been discontinued. Domain Property is similar to the former Property Sets, but with the new interface, multiple URLs can be managed as one, so the interface can be used to view the relevant domain name data on the Google Search Console. So, the protocols (http, https), and subdomain names like www or mobile subdomain will be accessible and viewable through a single interface.

If you have previously registered a domain name in the Google Search Console, it will migrate automatically. If you want to add a new domain name to the Google Search Console interface, you need to set up DNS-based authentication for the domain name. This essentially means that for the domain name concerned, a TXT record must be set in the name server currently used for the domain name.

You can find a detailed description of the TXT record setting in the following Knowledge Base article:

Adding TXT record

For more information about Google Domain Property, please see the following links:

Announcing domain-wide data in Search Console

Add a website property – Search Console Help

Modify DNS settings for domain names using the default name server

If the affected domain name is set to ns1.dotroll.com and ns2.dotroll.com name servers, you can change the domain name’s DNS settings as described below.

QUERY NAME SERVERS

You can query the name names that are currently set for the domain name as follows:

You can use the nslookup command on Windows:

nslookup -q=NS dotroll.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
dotroll.com     nameserver = ns1.dotroll.com
dotroll.com     nameserver = ns2.dotroll.com

Under Linux use the host command:

host -t NS dotroll.com
dotroll.com name server ns2.dotroll.com.
dotroll.com name server ns1.dotroll.com.

MODIFY ZONE

Sign in with https://admin.dotroll.com with your username and password.
Then, in the top menu bar, click Domains / My Domains.
Select the domain name that you want to change and click on it.
On the left, in Manage box, select the Manage DNS element.
On the Manage DNS page you can:
1. to modify an existing record
2. or you can add a new record. Use the Add button at the bottom of this page.
When you’ve made the settings, click Save Changes.