How to Manage DNS Records

﻿
Table of contents
Managing DNS Records
Domain Registered with Illevante Cloud & Using Our Nameservers:
Domain Not Registered with Us, but Using Our Nameservers:
Domain Registered Elsewhere & Using Other Nameservers:
Types of DNS Records You Can Manage
A-record
AAAA-record
SOA-record
NS-record
MX-record
TXT-record
SRV-record
CNAME-record
ALIAS-record
DNAME-record
PTR-record
CAA-record
DS-record
TLSA record
Managing DNS RecordsWhere and how you manage your DNS records depends on where your DNS is hosted and this determined by where your nameservers are pointing. Therefore you have three scenarios for how and where you can manage your DNS records as the following:
Domain Registered with Illevante Cloud & Using Our Nameservers:You can manage all DNS settings right from your Illevante Cloud  DNS management Portal  and manage your nameservers from the Illevante Cloud  Client's Portal .
Domain Not Registered with Us, but Using Our Nameservers:Even if your domain isn’t registered here, if you’re using our nameservers (for hosting or DNS hosting), you still manage DNS from your Illevante Cloud  DNS management Portal .
Domain Registered Elsewhere & Using Other Nameservers:In this case, DNS is managed through the provider of your nameservers, not Illevante Cloud.
Types of DNS Records You Can ManageA-recordAn A-record is used to map hostnames to an IPv4 address of the host. Enter the IP-address.
AAAA-recordAn AAAA-record is used to map hostnames to an IPv6 address of the host. Enter the IP-address.
SOA-recordThis record is generated automatically when creating a domain zone in  DNS management Portal  and contains its description. You cannot create or delete this record. 
NS-recordAn NS-record delegates a domain zone to use the given authoritative name servers. It can contain several servers, including the master one. Enter the Domains of the DNS server.
MX-recordAn MX-record maps a domain name to a list of message transfer agents for that domain and its priority. The MX-record is used for mail routing. Enter the Domain — a subdomain of the domain zone which is a mail gateway. Priority — enter a figure. The larger value means the lower priority. 
TXT-recordA TXT-record is a text string. TXT-records are used by some protocols. You can enter any information in Value.
SRV-recordAn SRV-record is a generalized service location record.  It allows using several servers for one domain. SRV-records are used only by some protocols, e.g. SIP and XMPP.
Enter a Domain associated with the resource record. 
Enter a Priority and Weight of the server. The larger the number, the higher the priority. The client first tries to connect to the server with the highest priority. If it is not accessible, it will try to connect to the next one, etc. If servers have the same priority, the request will be sent to the server with the largest weight. If only one server has a certain priority, its weight should be 0. 
Enter a Port of the server the request will be sent to.
CNAME-recordA CNAME-record defines an alias of one name to another. The DNS lookup will continue by retrying the lookup with the new name. Enter a Domain to which the request will be redirected. 
ALIAS-recordALIAS-records are used to redirect a request to another domain alias name. In this case, unlike a CNAME-record, an alias domain name can have other resource records. Enter a Domain to which the request will be redirected.
DNAME-recordA DNAME-record is used to map or rename an entire sub-tree of the DNS name space to another domain. Enter a Domain to which the request will be redirected. 
PTR-recordA PTR-record is used to map IP addresses to domain names. This record is mostly used to track where an e-mail message originated. Most mail servers check that a PTR-record exists and matches the domain name that the email was sent from. If the verification fails, the email is considered spam, therefore is the PTR-record is not present, emails from that IP may be blocked. Enter a Name and Domain that will be sent in the request for the PTR record of the domain name. 
CAA-recordA CAA-record defines Certification Authorities (CAs) authorized to issue certificates for that domain. The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means for indicating notification rules in case someone requests a certificate from a non-authorised certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CA listed in the record can issue certificates for that hostname.
Flags can be either 0 or 128. 128 is a critical property for CAs. If the CA doesn't know it, it is now allowed to issue certificates.
0 is a non-critical property. If the CAA doesn't understand the property, it still can issue a certificate.
Select a Tag:
issue — allows a domain owner specified in the record, to issue a certificate for the hostname;
issuewild — allows a domain owner specified in the record, to issue a wildcard certificate for the hostname;
iodef — allows specifying email or URL that can be used to report invalid certificate requests to the domain owner.
Enter a Value:
"issue" or "issuewild" in the Tag field: enter a CA domain name. You can enter additional parameters separated by the ";" symbol. E.g, " ca.example.net ; account=1", if the CA asks the client to specify the account number. Please note: specifying only the ";" symbol without an additional parameter in the CAA-record, all the CAs won't issue the certificate;
"iodef" in the Tag field: defines Email or URL of a feedback page, and cannot use additional parameters.
DS-recordDS-records are used to secure delegations.
This DS-record references a DNSKEY-record in the sub-delegated zone. For more information please refer to the article  ﻿ Enabling DNSSEC . ﻿
Enter a Key tag — a short numeric value which can help identify the KSK-key.
Select an Algorithm that was used to generate the KSK-key.
Select a Digest Type — the cryptographic hash algorithm used to create the Digest value. 
Digest — a cryptographic hash value of the KSK-key.
TLSA recordA TLSA record allows the domain owner to confirm the authenticity of a certificate or a digital signature using DNSSEC. With a TLSA record, you can save the fingerprint of a TLS or SSL certificate on your DNS server.
Example of TLSA record
_443._tcp.www.example.com IN TLSA 3 0 1 12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2
Comments to the example
﻿﻿﻿﻿443 — TLS server port﻿
﻿tcp — TLS server protocol used﻿
﻿ www.example.com  — TLS server domain name﻿
﻿3 — method of using the TLS server certificate﻿
﻿0 — which part of the certificate is used when comparing its contents with the TLSA value﻿
﻿1 — method for comparing certificate data with TLSA data﻿
﻿12B1B210D87C674F0C748E0E259CEB328C4A33A11F19467700EB2 — certificate data﻿
When adding a TLSA record, specify the following:
.1Record name in the format _port_.protocol or _port_.protocol.domain. For example, "_443 _.tcp" or "_443 _.tcp.www.example.com".
.2Method of using the TLS server certificate:
0 — CA limit — TLSA contains the information about the certificate of the Certification Authority (CA). The CA must be present in the validation chain when a TLS connection is established;
1 — certificate limit service — TLSA contains the information about the server certificate;
2 — trusted sources — TLSA contains the information about the root certificate;
3 — domain certificate — TLSA contains the information about the server certificate. This server must be the final certificate in the validation chain. This method allows using self-signed certificates.
.3Which part of the certificate is used when comparing its contents with the TLSA value:
0 — full certificate;
1 — open key.
.4Method for comparing certificate data with TLSA data:
0 — hash is not used — full perfect match;
1 — SHA-256 — SHA-256 hash function value match;
2 — SHA-512 — SHA-512 hash function value match.
.5Certificate data.