- Reaction score
- 3,049
- Location
- Fort Myers, FL
100% this is not the crowd to need this information but it's an article I just published on LinkedIn. I'll be sending it out to my clients in a newsletter but I thought some of you would enjoy reading what many of you have helped me learn in the past many years. This is why I am still a member here. I read almost every new post, even if I don't "need" to know it, I just like learning and sometimes I pass info to my clients from what I read here. Reading and learning in our industry is so valuable to our businesses. That's why I decided to share here, some might get a nugget of info or something to explain in simple terms to a client. I deal with so many DNS related calls now and it was a baff to learn for me. What's next on my learning list? No idea but I'll figure out.
I'm not a DNS expert, but here is my story for today. Before I start, what you really need to know is at the end of the article. Feel free to read this article if you enjoy storytelling.
Most of us in IT have heard the joke: “It’s not DNS… it’s never DNS… oh wait, it’s DNS.” Most clients don’t get the joke, and honestly, they never needed to know about it. Until recently. Many of my clients are now “do it yourself” solo business owners. This is where the joke lands, clients don’t know about how fun it is to untangle a DNS problem. Thank you to the internet and the content creators for making do-it-yourself much easier. But DNS is something new for my clients to learn and frankly, not all online searches give you the right answers.
What is DNS? DNS is what tells the internet where your website and email live. Think of DNS like a set of signs posted outside your business. DNS used to be simple and managed by others (not us) and end users (you) didn't need to change any DNS records. Until technology changed and this little problem called "security and authentication" came into play. What changed? Email security rules did. Google and Yahoo forced the issue.
I learned the basics of DNS around 2009 and frankly, MX records were all I really needed to know back then. Until things changed. In the 2011 timeframe, Microsoft Office 365 Exchange started allowing anyone to purchase their services without a vendor giving end users the freedom to run their own accounts. As I helped my clients, I had to learn more. And I'm going to guess around 2020, the internet changed and scammers/hackers changed everything for us. SPF records were needing to be updated. I was not well versed in SPF record updating, so I had to find an expert to refer work to. Eventually I learned enough on my own but then came DMARC.
In the winter of 2023, Google and Yahoo decided to change the game and required a DMARC record update if you wanted to email their customers. And at this point, I had to yet learn again! Now this year, in the next round of "what else does Lisa need to learn" were DKIM records. These record requests are coming in and I think I figured them out after helping a few clients. Still not an expert but I can assist at least!
Now this is where you come in, and why this matters. DNS updating is a game. Propagation is what gets us, as well as wrong DNS records. Propagation means (in my opinion) "It can take time for the records to change" and we are not in control of that process, nor is anyone really. Some records might instantly update and you think you're winning, and some can take a few days or even longer. Sometimes a client will call in with a DNS issue that they updated that morning, it might take a few hours or however long for it to complete. MX, CNAME and SPF usually update quickly now and that's the best news, this is important for migrations to Microsoft Exchange. DKIM and DMARC are the ones that might take more time. And yes, it's like watching paint dry.
So, if you are a do-it-yourself end user, here are basic DNS records explained in simple terms: (I did ask AI to help on some of this, hard to explain!)
You can buy your domain at any domain registrar and have your DNS records managed by another company. I hope I'm saying this right, but this is the confusing part. This is usually the moment people realize why DNS feels so confusing, because ownership, hosting, and email can all live in different place. You can change the "nameservers" to be hosted elsewhere. Example: I bought my domain at XXX company. I chose to move the nameservers (where the DNS can be managed) to ZZZ company, where the website was going to be hosted. I made all these changes back in 2010 when my website was taken down by hackers. My email was still hosted by XXX company, so the records for MX had to be updated (before I moved to Microsoft Exchange). Confused now? Trust me, back in 2010 I was very confused!
I see this confusion often and this is when clients tend to call me. To figure out where the records need to be updated. Sometimes it's a game of cat and mouse but we usually figure it out.
If you are reading this and it feels overwhelming, that’s normal. DNS was never meant to be managed by normal end users; it was designed for engineers. If you’re unsure whether your records are set up correctly, or email suddenly stops working, that’s usually your sign to get help before it becomes a bigger issue.
I'm not a DNS expert, but here is my story for today. Before I start, what you really need to know is at the end of the article. Feel free to read this article if you enjoy storytelling.
Most of us in IT have heard the joke: “It’s not DNS… it’s never DNS… oh wait, it’s DNS.” Most clients don’t get the joke, and honestly, they never needed to know about it. Until recently. Many of my clients are now “do it yourself” solo business owners. This is where the joke lands, clients don’t know about how fun it is to untangle a DNS problem. Thank you to the internet and the content creators for making do-it-yourself much easier. But DNS is something new for my clients to learn and frankly, not all online searches give you the right answers.
What is DNS? DNS is what tells the internet where your website and email live. Think of DNS like a set of signs posted outside your business. DNS used to be simple and managed by others (not us) and end users (you) didn't need to change any DNS records. Until technology changed and this little problem called "security and authentication" came into play. What changed? Email security rules did. Google and Yahoo forced the issue.
I learned the basics of DNS around 2009 and frankly, MX records were all I really needed to know back then. Until things changed. In the 2011 timeframe, Microsoft Office 365 Exchange started allowing anyone to purchase their services without a vendor giving end users the freedom to run their own accounts. As I helped my clients, I had to learn more. And I'm going to guess around 2020, the internet changed and scammers/hackers changed everything for us. SPF records were needing to be updated. I was not well versed in SPF record updating, so I had to find an expert to refer work to. Eventually I learned enough on my own but then came DMARC.
In the winter of 2023, Google and Yahoo decided to change the game and required a DMARC record update if you wanted to email their customers. And at this point, I had to yet learn again! Now this year, in the next round of "what else does Lisa need to learn" were DKIM records. These record requests are coming in and I think I figured them out after helping a few clients. Still not an expert but I can assist at least!
Now this is where you come in, and why this matters. DNS updating is a game. Propagation is what gets us, as well as wrong DNS records. Propagation means (in my opinion) "It can take time for the records to change" and we are not in control of that process, nor is anyone really. Some records might instantly update and you think you're winning, and some can take a few days or even longer. Sometimes a client will call in with a DNS issue that they updated that morning, it might take a few hours or however long for it to complete. MX, CNAME and SPF usually update quickly now and that's the best news, this is important for migrations to Microsoft Exchange. DKIM and DMARC are the ones that might take more time. And yes, it's like watching paint dry.
So, if you are a do-it-yourself end user, here are basic DNS records explained in simple terms: (I did ask AI to help on some of this, hard to explain!)
- MX Record -MX stands for Mail Exchange. Think of this as the mailing address for your email. When someone sends you an email, the MX record tells the internet which mail server should receive it (Microsoft, Google, etc.). Required by any email host to have your mailbox up and running.
- CNAME Record - CNAME stands for Canonical Name. It’s used to point one service to another behind the scenes. For most clients, CNAME records are used to connect services like Microsoft 365 and Autodiscover, helping email and other features work properly. Autodiscover is required by Microsoft so your email program can automatically find and connect to your Exchange mailbox.
- SPF Record — “Who is allowed to send email for me?” SPF stands for Sender Policy Framework. This record is a guest list for your domain. It tells email systems which servers are allowed to send email using your domain name. If a server isn’t on the list, the email might: Go to spam, Be blocked completely. Required by Microsoft to connect your domain and get your Exchange mailbox up and running.
- DMARC Record “What should happen if something looks fake?” DMARC stands for Domain-based Message Authentication, Reporting & Conformance. This is the boss record. It tells email systems what to do if SPF or DKIM fails: Allow it, Send it to spam, Block it completely. DMARC also sends reports so you (or your IT person) can see who is trying to send email as you. This is required now if you are emailing Google and Yahoo users. If you are not having issues yet, just expect it to come at some point.
- DKIM Record “Did this email get changed?” DKIM stands for DomainKeys Identified Mail. This adds a digital signature to your outgoing emails. It proves the email: Really came from your domain, was not altered while being delivered. Think of it like a tamper-proof seal on the message. This is becoming required for some clients having issues emailing Google users.
- MX = where email goes
- SPF = who’s allowed to send
- DKIM = message wasn’t altered
- DMARC = what to do if something looks wrong
- CNAME = helper/alias record to make services work
You can buy your domain at any domain registrar and have your DNS records managed by another company. I hope I'm saying this right, but this is the confusing part. This is usually the moment people realize why DNS feels so confusing, because ownership, hosting, and email can all live in different place. You can change the "nameservers" to be hosted elsewhere. Example: I bought my domain at XXX company. I chose to move the nameservers (where the DNS can be managed) to ZZZ company, where the website was going to be hosted. I made all these changes back in 2010 when my website was taken down by hackers. My email was still hosted by XXX company, so the records for MX had to be updated (before I moved to Microsoft Exchange). Confused now? Trust me, back in 2010 I was very confused!
I see this confusion often and this is when clients tend to call me. To figure out where the records need to be updated. Sometimes it's a game of cat and mouse but we usually figure it out.
If you are reading this and it feels overwhelming, that’s normal. DNS was never meant to be managed by normal end users; it was designed for engineers. If you’re unsure whether your records are set up correctly, or email suddenly stops working, that’s usually your sign to get help before it becomes a bigger issue.
