Domain Names 101

This is a basic primer on Domain Names such as “smbservers.co.nz” and how to use them over the internet. AKA using your domain for email ([email protected]) or forwarding them to your website.

Not to be confused with using Domains (AAD or LDAP) within an intranet to manage systems (eg “Attaching a new Windows Computer to a Domain”). The word domain is related in both scenarios (name records forwarded around a network), but when talked about in that context people tend to be asking configuration questions rather than routing questions.

What is a Domain Name?

To put it simply, a domain name is a friendly text name that ties together a group of something and points where it can be found. It’s not too removed from street names and the postal system. Where the street name and number is the domain, and the co-ordinates on a map is your IP address, which goes to your front door. The person who opens the door (the router) then redirects it to one of the bedrooms where a person lives. That person reads the letter, writes a response, and sends it back through the chain.

For example, smbservers.co.nz represents our business, SMB Servers Limited, on the internet, things that belong to its group could include things like:

• www.smbservers.co.nz – the website (sort of, we actually use the second level and forward the www requests)
• [email protected] – our email (via mx records to the second level domain to filter requests)
• *.smbservers.co.nz – subdomains that could host various services

For most cases, a domain is made up of three main parts:

• top level domain (TLD)
  there’s actually a couple types of these, for example, .com (generic) and .co.nz (country) but on a basic level they’re all TLDs
• second level domain (SLD)
  this, combined with the TLD, is usually what you buy from a domain registrar, the SLD is the main description, free text part. EG in smbservers.co.nz, it’s the “smbservers” part
• subdomain
  subdomains are one place where you can split off your domain to nearly infinite divisions and are used for cutting up your domain into lots of smaller services, for example, “www” (www.smbservers.co.nz) was a common subdomain for a website albeit is these days out of favour when compared to the root purchased domain name.

When purchasing a domain from a registrar, you’ll purchase a custom SLD and a TLD from a list, and can then split it off to as many subdomains as you so please. Subdomains can be divided and subdivided as much as you want, but if they get too complicated then it defeats most of the purpose of having a domain in the first place (an easy to remember name).

A good example of a complicated subdomain is an AWS S3 bucket address:
https://DOC-EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/photos/puppy.jpg

Where amazonaws is the second level domain, and everything to the left of it after the slash, in bold, is subdomain, it’s generally good to understand at least this much as it’s a common trick of scammers to buy a similar domain to a legitimate one to pass themselves off as a real business (such as amazomaws.com, note the m instead of n).

When you buy a domain, it can generally be considered that every request using your name is originating from you, there’s a million caveats to this, but generally. So if a request comes from a large enterprise via email that says “click this link”, a quick scan over the source email address or hover over the link (to get the address) can eliminate a large number of scams if you know what a real domain is (eg if the link is accounts.amazomaws.com you can immediately write it off as a scam without even considering the content).

Where can I buy a Domain Name?

Domain Names are purchased from a Domain Name Registrar, basically they’re granted rights from a TLD owner to sell domains under that TLD, and you can purchase them for a length of time (usually starting from 1 year) for usually a nominal fixed fee ($1-$50/year).

So buying a domain can be as simple as finding a registrar, signing up for an account, then making a purchase with your credit card for an available domain. They’ll register it and you’ll have the access and rights to use it for the period you paid for.

It CAN be that simple, but three important things can make that a lot more difficult:

• Finding a good registrar, the buying will always be easy, but there’s several considerations you’ll want to think about when picking a registrar which I’ll go into in the next section.
• Finding an available domain name, there’s infinite possibilities but it’s first come first serve, so as well as people buying domains for their own use, you may have to contend with squatters who buy up common terms and sit on them for the purpose of flipping them at a high price
• Purchasing restrictions, these are uncommon but when you do encounter them it’s usually on a country TLD, you can make the purchase but they may ask for information and evidence on how you’re going to use the domain and how it’s related to their country.

Finding an available domain is both a luck and creativity problem, and so you don’t necessarily need to shop around or do research. And restrictions are just a “choose a relevant domain” problem, if your selection is relevant to your purpose its unlikely you’ll have a problem other than an extra work one.

How do I pick a good registrar?

But picking a good registrar is a much more difficult problem, and may require research and/or trial and error.

Things to consider when picking a registrar:

• Do they have the TLDs you want?
  Almost everyone will register .com, but if you want, say, a .co.nz then they need to be approved by the NZ DNC to sell NZ domains.
  
  So if you’re buying multiple domains, registrar X may have cheaper .com domains than registrar Y, but if they don’t sell the TLD you want you may find yourself having to register and maintain domains from multiple services, which is a hassle. I’d recommend limiting yourself to two registrars at most.
• Are they REALLY cheaper?
  A common scenario is that people will pick the cheapest, and domain registrars know that, so they’ll offer introductory offers which make them the cheapest for the short period of time, then when you’re embedded renewals cost a lot more. You CAN change domain registrar, but it’s a hassle to do so and people rarely bother. So ensure you check the real price, and not just the upfront cost.
• Do they restrict normal usage?
  To use a domain, you have to point it at something via “records” of varying types. Most common are A records (point domain at IP), CNAME (point domain at another address) and MX records (email), but there are many other types which are still important (especially for email). Many registrars will charge less for the domain registration, but then lock important record types behind a fee which makes the original domain more expensive than a competitor who doesn’t have any restrictions. CrazyDomains does this. This is most dangerous when buying domains for the first time as usually you’ll just use A records initially and not discover the paywall for other records until you’re established. So this should be factored into the real price. The most frustrating part is that you often can’t discover this until you’ve purchased a domain.
  
  One good thing, though, is that I haven’t seen a registrar (not to say they don’t exist, I just haven’t seen them) that restricts changing “name servers” behind a fee, so you can often change them to a free service and get the full array of record types.
• Do they offer the latest features?
  This one is often overlooked, and you could go without knowing, but new record types are more commonplace as the pace of web technology picks up. A new record type (and back end system) is DNSSEC which is basically HTTPS but for web addresses instead of just web data. It prevents middlemen (like ISPs) from seeing the web addresses you are visiting by encrypting them.
  
  Many domain registrars do not yet support this record type, despite it now being years since it came out. You may not necessarily need that one, but if they don’t support it, it’s probably a good indication that you’ll have to wait potentially years for new features to be available for the next record that IS important.
  
  This one is often difficult to determine upfront because registrars rarely keep a list of things they don’t support, that’s just bad marketing.
• Are they constantly trying to trick you into buying more stuff?
  This one is easy to spot when you finally go to purchase your first domain, they’ll add things to the cart for you, you’ll have to go through layers of saying “No I don’t want to buy this other thing” when trying to check out or they’ll give you “free” offers, such as a x month trial of domain privacy (then automatically charge your credit card a monthly fee when the period is up), or they’ll give you a “free” .store domain to match the one you bought, and turn autorenew on so you’ll forget and a year later quietly get charged for an expensive, useless domain.
  
  You can avoid spending more money, but it’s frustrating and usually means that vital features will be hidden behind an extra fee, such as Domain Privacy or less common record types. It’s a good early warning flag.

All of this can understandably quite daunting and all I can really do to help is suggest the registrars I use, and point out their flaws, and you can then collect more data on other potential registrars you’re looking at from other sources.

What do you use?

I use a combination of CloudFlare (strongly recommended) and CrazyDomains (not really recommended).

Why CloudFlare?

CloudFlare…I can’t even describe what they do anymore…, originally they were a CDN and now they do basically everything involved in internet data movements.

In line with that, they added domain registrations as another thing that they do and they’re cheap, reliable and extremely comprehensive. They register domains at cost (at least they say they do, and they are cheaper). I’ve been using their services for around 8 years now, and strongly recommend their DNS and domain registration services. Their DNS services are completely free, so if you sign up with a registrar that locks DNS services behind a fee, then it’s easy to push to them and use their DNS to get around that, which is exactly what I do with CrazyDomains. They also are happy to offer easy, free SSL Certificates that sit in front of your servers, and a proxy service to act as a level of protection against attacks.

DNSSEC is supported (and free) as is Domain Privacy.

So then why CrazyDomains?

Obviously it sounds weird that I’m still using CrazyDomains but the one thing they do well, is have country TLD options, CloudFlare doesn’t yet offer any of the country TLDs I use (NZ, AU and HK) else I would switch in a heartbeat.

So unfortunately I do still use CrazyDomains, but push the nameservers straight to CloudFlare. CrazyDomains do NOT support DNSSEC, and Domain Privacy carries a fee.

I’ve bought the Domain I want, now what?

Now the world is your oyster, you can forward your addresses to your endpoint.

Just kidding, you’re not reading this because you know how to do that.

Basically the domain registrar will offer two main configuration systems for your Domain Name to forward requests (people typing your domain into things, like a web browser).

• Name Servers
• DNS Records

Imagine someone has typed in your web address, smbservers.co.nz into their web browser. The request gets forwarded to the registrar and the configuration you’ve set (or the default config) tells it where to go.

DNS

In the case of DNS configuration, you may have an A Record set which has your Public IP Address, then your browser will be told, “smbservers.co.nz points to 123.123.123.123” and your computer will go off to that address, saving the “smbservers.co.nz” as a “header” and reach your network, and hit the router/modem you have plugged into your wall.

Your router then will have a similar rule (called port forwarding) that says, any port 80 or 443 requests should go off to this internal IP address, which is the IP address of your reverse proxy or web server which says, “if someone reaches me on port 443 with the header smbservers.co.nz, give them these files which make up the SMB Servers website”, and the user will then download the output of those files and display them as the website in the browser.

Name Server

Name Servers, on the other hand, are domains themselves which point to ANOTHER server where all the DNS records are kept. There’s a small performance penalty hopping around the place, but presumably the next place has better record keeping.

So a request comes in, and either

• gets fed a DNS record and goes to an IP, OR;
• it gets fed a Name Server record which goes to another server where it finds a DNS record and goes to an IP.

So in our set up, the domains we bought from CrazyDomains point to the CloudFlare Name Servers, but the domains we bought from CloudFlare go straight to DNS Records (since they’re already at the CloudFlare Name Servers).

In the original scenario, you have a web server set up in your business, and a plain jane consumer router with a fibre connection. If you type in the IP address of your web server on your local network (eg 192.168.1.5) into your browser, you get the website.

To make it then available to the internet, the simplest set up would be:

• Buy a Domain Name
• Set the A Record to point at your Public IP Address
  Quickest way to get this is to Google “show my IP”, but if you’re on consumer fibre your ISP may have a configuration called CGNAT which prevents you from being able to host services, not going to detail that.
• Login to your Router, and set up a Port Forwarding record that points 80 and 443 ports at the internal IP Address to your web server (or whatever Port the request is expected, and what port it should go down internally)

Then when you hop on your web browser and type in http://smbservers.co.nz

• your browser will go off to the registrar (the name server),
• which will see the A record and forward it to that IP Address
• it will reach your router, which will say requests on port 80 go to 192.168.32.5 and forward the request
• it will reach your web server, which will get the website files, process them, and return the HTML/CSS/Javascript as files
• your browser will download the output and render it as a website

And voila, you now have a public facing website through a domain.

It does get significantly more complicated than this, but I won’t cover that in this article.

Quick Considerations:

This is just a quick list of items that can expand on these concepts, that you’re welcome to Google, and can expand your capability far and wide.

• Reverse Proxy
• CGNAT
• MX/TXT Records (and other record types)
• Firewall
• Static/Dynamic IP
• DDNS
• DNSSEC
• Domain Privacy
• API (specifically CloudFlare API, for using Dynamic IPs with CloudFlare)
• Ports
• HTTPS
• SSL Certificates

Conclusions

People getting into web services are often told, “Buy a Domain” with little to clarify what that actually means.

This article is intended as a quick basic primer so you can understand what that entails and how to get started, it was really written because I intend on putting together some articles on cool services you can host (first one is your own streaming service) and instructions around how to host never detail the process of getting letting the internet onto your doorstep.

To summarise, buy a domain, point it at your public IP using a DNS record, tell your router to expect it, and where it should go internally, and it will then make it to your internal service. That’s an extremely simplified view, and there’s a mass of other functions, technologies and systems to learn and use, but that’s half the fun.