DNS shi ne matakin da ba a gani wanda ke sa intanet ya yi aiki, amma yawancin masu mallakar domain suna hulɗa da shi ne kawai lokacin da wani abu ya lalace. Bayan sarrafa kayan aikin DNS na dubunnan domain a kan dandamalinmu, mun tattara wannan jagorar don cece ka daga hanyar gwaji-da-kuskure da ke ɓata awannin gyara matsaloli.
Bayanan A — Tushen Bayanan A yana haɗa sunan domain zuwa adireshin IPv4. Shi ne mafi sauƙin nau'in bayanan DNS kuma shi ne wanda browser ɗinka ke amfani da shi don nemo server na gidan yanar gizo. Idan ka buga example.com a cikin browser, mai warware DNS yana nemo bayanan A don nemo adireshin IP inda gidan yanar gizon yake. Za ka iya samun bayanan A da yawa don domain ɗaya don kunna daidaita nauyi na zagayawa. ``` example.com. IN A 203.0.113.50 example.com. IN A 203.0.113.51 ```
Bayanan AAAA — Daidai da IPv6 Iri ɗaya ne a cikin aiki da bayanan A, amma yana nuni zuwa adireshin IPv6 maimakon IPv4. Yayin da amfani da IPv6 ke ƙaruwa, samun bayanan A da AAAA biyu yana tabbatar da cewa za a iya isa domain ɗinka ba tare da la'akari da tsarin hanyar sadarwa ta mai ziyara ba. ``` example.com. IN AAAA 2001:db8::1 ```
Bayanan MX — Ginshiƙin Email Bayanan MX (Mail Exchange) suna da muhimmanci don isar da email. Suna gaya wa server na saƙonni masu aikawa inda za su isar da email don domain ɗinka. Lambar fifiko tana da muhimmanci — ƙananan ƙimomi suna nufin babban fifiko. Saita na yau da kullum tare da server na ajiya yana kama da haka: ``` example.com. IN MX 10 mail.example.com. example.com. IN MX 20 backup.example.com. ```
Lokacin da ka saita domain a cikin EvilMail, ana ƙirƙira bayanan MX kai-tsaye don jagorantar saƙonnin da ke shigowa zuwa server ɗinmu. Bayanan MX marasa daidai su ne babban dalilin saƙonnin da suka ɓata — koyaushe ka tabbatar da su bayan kowane canjin DNS.
Bayanan CNAME — Sunan Ƙarin Bayanan CNAME (Canonical Name) yana ƙirƙirar sunan ƙarin daga sunan domain ɗaya zuwa wani. Ana amfani da shi sosai don nuna subdomain zuwa sabis na waje. Misali, nuna subdomain na blog ɗinka zuwa dandamali da aka ɗauka: ``` blog.example.com. IN CNAME your-site.ghost.io. ```
Muhimmi: Bayanan CNAME ba za su iya kasancewa tare da wasu nau'ikan bayanai a sunan ɗaya ba. Ba za ka iya samun CNAME da bayanan MX don subdomain ɗaya ba. Wannan ƙa'idar ƙayyadaddun DNS ce, ba iyakancin kowane mai bada sabis ba.
Bayanan TXT — Tabbatarwa da Tsaro Bayanan TXT suna riƙe da bayanan rubutu na son rai kuma suna hidima da dalilai da yawa a cikin DNS na zamani. Amfani mafi yawa su ne tabbatar da domain (tabbatar da cewa ka mallaki domain ga Google, Microsoft, ko wasu sabis), bayanan SPF don tabbatar da email, da sa hannun DKIM. Bayanan SPF da ke ba EvilMail izinin aika email a madadinka zai kama da haka: ``` example.com. IN TXT "v=spf1 include:evilmail.pro ~all" ```
Bayanan NS — Miƙa Iko Bayanan NS (Name Server) suna bayyana waɗanne server na DNS ke da iko ga domain ɗinka. Lokacin da ka yi rajistar domain tare da EvilMail kuma ka nuna nameserver ɗinka zuwa kayan aikinmu, kana sabunta bayanan NS a mai rajistar ka don miƙa iko zuwa server ɗinmu: ``` example.com. IN NS storm.nesil.dev. example.com. IN NS void.nesil.dev. example.com. IN NS kraken.nesil.dev. example.com. IN NS pandora.nesil.dev. ```
Bayanan SRV — Wurin Sabis Bayanan SRV suna ƙayyade wurin takamaiman sabis. Ƙa'idoji kamar SIP, XMPP, da LDAP suna amfani da su. Tsarin ya haɗa da sunan sabis, ƙa'ida, fifiko, nauyi, port, da abin da aka nufa: ``` _sip._tcp.example.com. IN SRV 10 60 5060 sipserver.example.com. ```
Bayanan CAA — Izinin Hukumar Takaddun Shaida Bayanan CAA suna ƙayyade waɗanne Hukumomin Takaddun Shaida ne aka ba su izinin fitar da takaddun SSL don domain ɗinka. Wannan matakin tsaro ne da ke hana fitar da takaddun shaida ba tare da izini ba: ``` example.com. IN CAA 0 issue "letsencrypt.org" ```
TTL — Lokacin Rayuwa Kowane bayanan DNS yana da ƙimar TTL da ake auna a cikin daƙiƙa. Wannan yana gaya wa masu warware DNS tsawon lokacin da za su ajiye bayanan a cikin ɗakin ajiya kafin su sake tambayar server mai iko. Ƙananan ƙimomin TTL (daƙiƙa 300) suna nufin canje-canje suna yaɗuwa da sauri amma suna haifar da ƙarin tambayoyin DNS. Manyan ƙimomi (daƙiƙa 86400) suna rage nauyin tambayoyi amma suna jinkirta yaɗuwa. Kafin yin muhimman canje-canjen DNS, rage TTL ɗinka awanni 24 a gaba don tsoffin ƙimomin da aka ajiye su ƙare da sauri.
Gyaran Matsalolin DNS na Aiki Lokacin da wani abu bai yi aiki ba, duba bayananku daga hanyoyi da yawa. Yi amfani da dig don tabbatarwa ta layin umarni: ``` dig +short MX example.com dig +short A example.com dig +short TXT example.com ```
Idan bayanan suna da kyau amma email har yanzu bai yi aiki ba, ka tuna cewa yaɗuwar DNS ba nan take ba ce. Sabbin bayanai na iya ɗaukar har zuwa awanni 48 don a gan su a duk duniya, dangane da ƙimomin TTL da halin ɗakin ajiya na mai warwarewa. Haƙuri, a cikin sarrafa DNS, buƙata ce ta fasaha da gaske.