How does Linode DNS know I'm not lying about owning a domain?

So, I bought a domain name with Squarespace (mainly because my other domain name got transferred there from Google Domains without asking me, and I want them all in one place). I set my A and AAAA records to my Linode's IP, then I realized Linode also has DNS setup. I already had the server working, so I set the A and AAAA records in Linode's DNS, and the website works.
But that made me wonder how it worked, so I deleted my DNS records from Squarespace to test, and went to the site to see if it still connected to my server. It did still connect to my server with only Linode's DNS record.
So now I'm curious. How does anyone know that that domain actually belongs to the person setting up that DNS record, when the record was set with Linode and the name is registered by Squarespace, with no information passing between the two? Is Linode authenticating itself to Squarespace somehow? How is Squarespace verifying that the Linode is me?
If somebody else used Linode's DNS to set up the same A and AAAA records I did for my domain name, not theirs, would it work for them too?

2 Replies

NEVERMIND!

I was just too impatient for the DNS to update. My bad.

Hey KantaLoupe! Your question opened a interesting can of DNS worms, so I hope you're ready for me to over-explain the process a bit :)


Domain Registration::

For sake of ease, let's say that you've purchased registration for the domain example.com (congrats!) with Squarespace acting as the domain registrar. On the backend, they've submitted some forms and registration fees with ICANN to basically document that you are the owner of that domain allowing you the ability to create and distribute DNS records from that domain. This step is what legitimizes as random string of letters and numbers as a functioning domain name that can be tied to IP addresses.

You also own a server running an application and want to access it using a Fully Qualified Domain Name (FQDN) instead of memorizing that server's IP address, so you create an A and AAAA ("Quad-A") record through SquareSpace for IPv4 and IPv6, respectively. Now, when you or anyone else wants to access *www.example.com*, your computer attempts to reach out to a global network of resolvers to find the IP address connected to that domain name.


DNS Resolution:

This ServerFault post provides more detail about the resolution process (local resolver > root > TLD > authoritative nameservers) but essentially, your computer reaches out to a chain of servers which look to see where your domain is registered and what authoritative name servers host the A/AAAA records. In this intro example, SquareSpace's name servers then answer with the IP address(es) which are then recursively passed back to your computer.

What if (as you've described) you would instead want to host your domain records through Cloud Manager using us as your authoritative resolver? Easy; you would update your SquareSpace name servers to our own (ns1-ns5.linode.com) so that process described above, SquareSpace passes that final request to our name servers which then reply with the associated IP addresses. Importantly, in both examples, these resolvers will cache that information based on your individual DNS entry's Time To Live (TTL) which will ideally make future lookups faster.


DNS Propagation:

Since DNS propagation is not immediate and resolvers cache existing DNS entries for the amount of time defined by your TTL, this can lead to some interesting discrepancies if you are making changes to your records or swapping authoritative name servers (original question). If your original SquareSpace A/AAAA records point to the same IP address to which your Linode entries point, the cross-over is functionally unobservable. If they had differed though and had a long enough TTL, it is possible for different servers around the world to resolve different IPs as the newly elected authoritative name servers take over the resolution process.

You can check the propagation of these records on a global level by using tools like DNS Checker:


More Linode DNS Info:

For more information about hosting your records through Cloud Manager, these guides will also help:

All of this has been a much more long winded way to explain "DNS is basically magic" and that ICANN registration is what determines who can authoritatively serve DNS records.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct