Tag Archives: DNS

DKIM record – Everything you need to know

DKIM record – What does it mean?

The DKIM record, or DomainKeys Identified Mail, is a security standard allowing domains to sign outgoing emails through cryptographic authentication. In this approach, domains can demonstrate that the emails arriving from their end are authentic. So they are trustworthy. The DKIM record also protects communications to stop tampering with them while in transit (sending server-recipient server).

How does it function?

In addition to collaborating with SPF and DMARC to create several layers of security for domains sending emails, DKIM is compatible with the current email infrastructure. When an email leaves the sender server, it is signed with a private key using public-key cryptography.

Then, in order to confirm the message’s origin and ensure that it was not altered in transit, recipient servers employ a public key that has been made available to a domain’s DNS. Finally, the email passes DKIM and is valid if the receiver server confirms the signature using the public key.

How to check DKIM record?

Advantages of utilizing DKIM record

  • DKIM is easily enabled. It is a self-certification mechanism. Therefore, three-party certification is not necessary for it to function.
  • It protects your users from forged emails. The DKIM record guards against forgery and modification of the emails you send from its email server. DKIM is an excellent tool for your business to build a trustworthy reputation by thwarting spoofing and phishing.
  • The bodies of emails remain unaffected. The header contains the information needed for validating and authenticating.
  • It works at the level of domain names. The DNS administrator signs all outgoing emails. Every user does not have to do that every time they send a message.
  • Additional security thanks to DMARC. More security tools are available that can help you become a better guard, such as the DMARC record. Additionally, the basis for it to function is a DKIM record.

Important DKIM TAGS

You will be able to use the following tags within the DKIM:

v – the DKIM’s version.

a – the employed signing algorithm is specified. It is compatible with RSA-SHA1 and RSA-SHA256.

b – a signature

bh – it stands for body hash.

c – Canonicalization of the message.

d – denotes the domain name.

h, header fields – this is a list of the signed header fields.

i – Unique identifier for the user or agent.

l – stands for body length.

q – DKIM’s default query method is DNS/TXT.

s – it denotes a selector.

t – is the signature timestamp.

x – the expiration date of the signature.

z – duplicated header fields.

Conclusion

Cybercriminals create spam and phishing campaigns by forging emails from reputable domains. So, hackers find it more challenging to impersonate businesses’ email domains, thanks to DKIM. Therefore, it’s crucial to comprehend and use this DNS record type. Best luck!

Easy guide for checking DNS propagation

You make some urgent modifications to your DNS records. An hour later, your boss calls you complaining because changes are not visible. There are two choices. You get very nervous, not understanding what’s wrong. Or you know perfectly what DNS propagation is, therefore you can totally confidently answer to your boss that he has to be patient and wait for this process to be completed.  

4 factors that affect the DNS propagation speed

For online business owners and administrators, DNS propagation can be a cause of constant headaches. Or not, if you learn its details. That’s why we prepared for you this easy guide for understanding and checking the DNS propagation process.

What is DNS propagation?

Your DNS infrastructure requires maintenance daily and changes every time you plan strategic moves for your business. To execute those tasks directly involves the addition, removal, or edition of different DNS records.

In that context, DNS propagation means the necessary process to update every single change and to spread it all across your DNS network.

Changes to DNS records will be made and stored directly on the authoritative DNS nameserver. But DNS networks involve not a single server but many more (DNS recursive), usually distributed globally. If they don’t have the last update, they will keep serving the previous one (stored in their cache memory) until DNS records’ time-to-live (TTL) values expire.

For all clients worldwide to get the newest update, the DNS update-spread process must reach every server on the whole network. Then DNS propagation will be completed. Remember that DNS recursive servers are the ones that take your clients’ requests to search for answers. Therefore, their work serving them can be affected if they are not up to date.

This is the answer for your impatient boss! Changes on DNS records will not necessarily be propagated with light speed. Actually, different factors can intervene, making the process faster or slower. A common reference of the time that can take to complete DNS propagation is up to 72 hours. It can be a lot less or even more.

And if your boss doesn’t believe you, no worries, you can get evidence to support your words. You can check how DNS propagation is going! 

Easy guide for checking DNS propagation.

Here you have three alternatives. Choose based on your operating system (OS) or preference.

Linux and macOS users, here you have:

Try the Dig command. 

First, open your Terminal, and then type: “dig domainname*.com*” command.

A lookup for A or AAAA will be triggered. As a result, you will be able to see the IPs of your website. Have they changed or not yet? If they changed, DNS propagation already succeeded. If they haven’t, it should still be on its way.

*Type your domain name and corresponding TLD instead of those in the example.

Windows 10 users.

Open the Command Prompt.

Once there, you can use Nslookup on your domain name. Only type: nslookup domainname*.com*

Again, the lookup result will point out if your website’s IP addresses have changed or not.

*Type your domain name and corresponding TLD instead of those in the example.

Online DNS propagation checkers.

There are online tools for performing DNS lookups to check information related to domains located in different countries. Through them, you can check if the DNS changes you made have been updated. 

Conclusion.

DNS propagation will be needed after every modification you try on DNS records. From routing the e-mail, changing TTL values on records, redirecting clients to subdomains, etc. Go deeper into how it works to learn how to influence it in your favor!