Glossary of key terms

(RFC 3596) AAAA records function in the same way as A records, except that they map hostnames to an IPv6 address (ex. FE80::0202:B3FF:FE1E:8329). The limited number of permutations possible for IPv4 addresses has resulted in the recent growth in the number of IPv6 addresses being used.

An organized list of clients ordered based on specified attributes—such as their source or destination IP address, TSIG key, or GSS-TSIG identity. Each DNS view specifies one or more ACLs and zones to allow or deny the clients listed in the ACL access for queries, zone transfers, and updates.

(IPAM) An IP address that is in use (i.e., it has associated with it an active DHCP lease, a DHCP or static reservation, or a host record as part of IPAM/DNS glue).

Part of the NS1 Filter Chain, this filter passes along metadata as TXT records in the additional section of the DNS response. Typically, NS1 users associate metadata with DNS answers and apply Filter Chain configurations to implement traffic steering policies based on the answer metadata. However, using the Additional Metadata filter and metadata fields, you can include additional information (key-value pairs) to DNS answers and apply the filter so that this metadata is included in the DNS response as TXT records. This type of metadata is not used for traffic steering purposes — instead, it can be useful for system troubleshooting, organization, and more.

(RFC 1183) AFSDB records are used to connect domain names to Andrew File System (AFS) servers. AFS is similar to NFS, but better suited to handle the latency of wide-area networks (such as the internet) and locally caches files. The AFSDB record is key to this operation—providing the location to the file database. Note: This record is experimental and not recognized by all services, and not all nameservers recognize or implement it. The AFSDB record type is deprecated and has been replaced by the SRV record.

(NS1-specific record type) ALIAS is a pseudo-record that works like a CNAME record but can be used safely at the zone apex because it always resolves to A (or AAAA) record(s). Resolution to the target is a completely internal process—DNS recursors making the query will not be able to differentiate between an ALIAS record and a “real” A (or AAAA) record. When queried, an ALIAS record will always return one or more A or AAAA records. Since ALIAS is a pseudo-record, the query result will never contain ALIAS. There is no good reason to use an ALIAS record outside of the zone apex. Since it requires an extra external lookup, resolution can be slower than a CNAME or linked record. Refer to this article for more information.

An answer is the data associated with a DNS record that is the subject of a DNS query. Unlike traditional DNS software, NS1 treats answers as entities on their own, with all "potential" answers for a DNS record grouped under that record. This enables us to make complex decisions about which answers to return for a given record when we get a query for the record.

An answer group is a shared label allowing identifying metadata to be linked among a select number of possible this articleDNS IP address answers. In NS1’s Filter Chain technology, answer groups are used to accomplish advanced routing goals. Refer to this article for more information.

A set of data corresponding to an individual answer (i.e., endpoint) within a DNS record. This data is referenced by the NS1 Filter Chain to determine the best answer to return for each DNS query in real-time. You can connect a monitor or other data source to a particular metadata field to configure automatic updates as network conditions change.

(RFC 1035) The most common DNS record used, an A record maps a hostname to an IPv4 address (ex. 33.22.33.44). All zones must contain an A record in order for users to access a website or application using its hostname as opposed to memorizing the IPv4 address.

This is the standard RFC protocol for replicating DNS data between servers. For example, in a primary/secondary DNS configuration, a primary server can be configured to update a list of secondary servers at another provider with changes for a specific zone. AXFR is defined by RFC 5936.

(RFC 6844) Domain owners can use DNS Certification Authority Authorization (CAA) records to specify which certificate authorities (CAs) are allowed to issue SSL certificates for their domains. A single domain may contain multiple CAA records. The CAA record prevents an unauthorized CA from issuing an SSL certificate for your domain—in other words, only the CA(s) authorized in the CAA record can issue an SSL certificate for your domain. CAA records specify the following fields: CAA <flags> <tag> <value> where flags is an unsigned integer between 0 and 255, tag is a non-zero sequence of US-ASCII letters and numbers (lowercase), value is the <character-string> encoding the value field.

(RFC 4398, 6944) CERT resource records provide a space in the DNS for certificates and related certificate revocation lists (CRLs). These certificates verify the authenticity of the sending and receiving parties. The CRLs identify the certificates that are no longer valid.

A mechanism used for differentiating and classifying devices on your network based on specific configuration criteria. This classification allows you to assign DHCP addresses or options based on specific device characteristics or some network identifier.

A group of DDI-related services deployed in a single location. In Cloud-Managed DDI, the control services are hosted and managed by NS1.

(RFC 1034, 2181) A Canonical Name (CNAME) record maps one domain name (an alias) to another (the canonical name). There may be only one such canonical name for any one alias. That name should generally be a name that exists elsewhere in the DNS, though there are some rare applications for aliases with the accompanying canonical name undefined in the DNS. An alias name (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and KEY RRs, but may have no other data. Refer to this article for more information.

A single copy of a service component (i.e., a software module) running on a physical or virtual host.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter sorts or selects answers based on the lowest cost metadata value. Use this filter to always select the least expensive answer, or use it with the Pulsar Stabilize filter to always select the least expensive option as long as it is within the best performing option threshold you define. If you choose Select answers instead of sorting, only the answers with the lowest cost are selected.

(RFC 6672) As opposed to a CNAME record which maps only a single node, a DNAME record is used to redirect an entire subsection (or subtree) of the DNS namespace to another domain. Once implemented, all names that end with a particular suffix are redirected to another part of the DNS.

An object specifying a set of access control lists (ACLs) and a set of zones — used to determine to allow or deny the clients listed in the ACL access for queries, zone transfers, and updates. DNS views allow you to create a configuration in which the same query is resolved differently based on the requesting client. This configuration is sometimes referred to as split-horizon or split-view DNS.

A group of DDI-related services deployed across one or more edge nodes (i.e., physical or virtual hosts) which serve DNS and DHCP to local clients.

A category of filters (part of the NS1 Filter Chain) that allow you to steer DNS traffic to specific record answers using an autonomous system number (ASN), IP prefix, or location.

Refers to all edge nodes deployed within a Cloud-Managed DDI network.

The practice of deploying and maintaining the various edge nodes and their corresponding service components deployed within a Cloud-Managed DDI network.

One of NS1's "fencing" filters (part of the NS1 Filter Chain); This filter eliminates answers in which the country, subdivision, state, or province metadata does not match the requester’s location.

One of NS1's "fencing" filters (part of the NS1 Filter Chain); This filter eliminates answers from different geographical regions than the requester.

A category of filters (part of the NS1 Filter Chain) that are used to direct traffic based on geographic targets. Geotargeting filters help you create a prioritized list of answers that help clients reach their endpoints quickly without removing any option.

One of NS1's geographic filters (part of the NS1 Filter Chain); This filter sorts answers by the distance of the source IP address to the requested endpoint based on the country, subdivision, US state, or Canadian province.

One of NS1's geographic filters (part of the NS1 Filter Chain); This filter sorts answers by distance to the requester's IP address, using latitude and longitude coordinates.

One of NS1's geographic filters (part of the NS1 Filter Chain); This filter sorts answers based on the distance of the source IP address to the requested endpoint using the georegion metadata field and the GeoIP database.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); Ensures that the answer groups are always returned in the same order for an individual requester or subnet. Answers within the groups are returned in any order. Typically, this filter is used alongside the "Select First Group" filter to ensure the same requester is directed to the same group of answers.

A category of filters (part of the NS1 Filter Chain) that are used to eliminate answers that are currently down or experiencing higher traffic than the limits you define. There are two health check filters available for Filter Chain configuration: the Up and Shed Load filters.

(RFC 1035) Host information (HINFO) records are used to associate general information about a host’s CPU and OS with the host’s domain name. For example, if www.example.com was running Ubuntu 16.04 with a 3.2 GHz Intel CPU, this information can be made publicly available by creating a HINFO record with “PC-Intel-3200mhz” and “Ubuntu 16.04” in the CPU and OS fields, respectively. This information is used by services like FTP to determine the correct procedures for connecting to hosts based on their configuration.

A file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password); used to authenticate to various remote systems using Kerberos without entering a password.

Using a linked record avoids the timely and error-prone tasks of manually creating and maintaining identical configurations across multiple records. Linked records tell the NS1 authoritative server to use the full configuration from a target record that exists somewhere else on the NS1 platform. Note: The target record does not need to be in the same zone as the linked record. For example, a CDN using NS1 DNS services can instruct its customer (who is also using NS1) to use a linked record to point to the customer’s domain at the CDN, instead of a CNAME. This eliminates DNS round trips and (for A or AAAA records) allows direct resolution at the zone apex. A linked record can be any record type (A, MX, CNAME, etc.), but it must be the same type as a target or it will not resolve. Compared to a CNAME record, a linked record typically requires one less DNS lookup—often shortening the response time for the requesting resolver or user to receive the final answer. Linked records are specific to NS1, and their resolution is a completely internal process. During resolution, the full configuration from the target record (including advanced configuration options) is duplicated into the source record such that (other than the name of the record) they resolve identically. DNS recursors making the query will not be able to differentiate between a linked record and the “real” target to which it points. Linked records support all NS1 features and capabilities used by the target record—including real-time data feeds.

(RFC 1035, RFC 7505) Mail exchange (MX) records are used to direct emails sent to your domain. MX records, coupled with a mail server, provide organizations (employees, clients, etc.) with emails the organization's domain, such as support@ns1.com. If you have multiple mail servers configured, you can add multiple MX records with varying priorities.

(RFC 3403) Naming Authority Pointer (NAPTR) records are most commonly used with internet telephony (or VoIP) services. It can be used to map telephone numbers and email addresses for VoIP users to SIP servers via SRV records to initiate calls.

One of NS1's "fencing" filters (part of the NS1 Filter Chain); This filter eliminates answers whose ASN metadata value(s) do not match the autonomous system (AS) of the requester's IP address.

One of NS1's "fencing" filters (part of the NS1 Filter Chain); This filter eliminates answers in which the requester’s IP does not match the IP prefix list of the answer.

Devices or data points on a network. For example, in the context of NS1 Cloud-Managed DDI, various edge service components are deployed to customer-owned nodes distributed across the network topology.

NS1’s hybrid solution where NS1 manages central, cloud-based services while various services are deployed to customer-owned edge nodes running across a distributed network. You can manage all services, components, and nodes within the NS1 Connect platform using NS1’s Fleet and Service Management tools.

The unified delivery platform for NS1’s portfolio of application traffic automation and intelligence solutions. The cloud-based platform consolidates the deployment, configuration, and management of NS1 technologies for globally distributed, heterogenous application and network footprints.

NS1's Dedicated DNS solution enables fully redundant managed DNS services without the complexity and limitations of a multi-provider configuration. As an extension of our Managed DNS service, NS1 Dedicated DNS provides a physically and logically separated network with a single tenancy. It is delivered alongside NS1 Managed DNS on NS1 Connect, so you can configure and manage both networks from a unified cloud portal or API.

NS1's intelligent DNS query processing technology allows you to specify a set of rules within a DNS record to determine how each query is processed. Each Filter Chain configuration includes a sequence of filters that are applied in real-time to dynamically select the best answer for each DNS query.

NS1's global anycast managed DNS network which combines a resilient network, near-instant DNS propagation, and intelligent traffic steering to give enterprises modern controls over the user experience of internet-facing applications.

NS1's best-in-class China-specific DNS solution for global organizations enables traffic steering inside the territory. Managed DNS for China and name server acceleration to mitigate the performance impact of the “great firewall” for global or .cn domains, with a 2.5x improvement in DNS performance for users in China. NS1's Managed DNS for China shares a common management plane and API with NS1's global Managed DNS and Dedicated DNS networks.

(RFC 1035) Typically configured with your registrar, Name server (NS) records are used to delegate a domain or subdomain to a set of name servers. Name servers, such as NS1, hold all the other DNS records for your domain and tell all the other computers connected to the internet what records your domain holds. Therefore, setting the NS record is a critical step in getting your domains and servers online.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter orders all answers from highest (1) to lowest priority. Use this filter to always select a group of available answers or to implement failover in conjunction with filters like Up. If you select Select answers instead of sorting, only the answers with the highest priority are selected.

(RFC 1035) Pointer (PTR) records are usually described as the opposite of an A record. Whereas A records point the domain to an IP address, a PTR record points an IP to a domain (ex. reverse zone lookups). This is often used as spam verification with certain email programs to confirm a mail server is authorized to use the domain from which the email was sent. PTR records usually have to be defined by the owner of the IP address for your server—usually your server hosts. Many hosting companies will set this up for you when you set up a server.

NS1's intelligent traffic steering solution — ideal for live streaming, multi-CDN, cloud, and edge delivery that uses real-user monitoring and highly customizable routing logic to optimize performance and cost at scale.

A Domain Name System (DNS) record is used to map a URL to an IP address. They are stored in DNS servers and contain critical information that helps navigate DNS traffic. For example, when a user searches for a URL is in a web browser, the URL is forwarded to the DNS servers and then directed to a specific web server based on the information outlined in the DNS record. A record is a basic unit of information in the DNS—identified by a domain name, a type (such as A, AAAA, MX, NS, etc.) indicating the type of information contained in the record, control information (such as TTL), and associated answer data (such as server IP addresses, mail hosts, etc.) depending on the record type. The most common record types are A (address), CNAME (canonical name), MX (mail exchange), NS (name server), PTR (pointer), SOA (start of authority), and TXT (text record).

Resolvers are often formed in two parts: a stub resolver which is often merely a library on a user’s computer, and a recursive resolver that will perform queries against nameservers before returning the result to the user. When searching for a domain, the resolver will start at the end of the domain and work its way back to the beginning.

(RFC 1183) Typically, the "responsible person" record contains information about the person responsible for the domain. It is usually an email address where the "@" sign is replaced by a period (.).

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter selects answers that are only in the same region as the first answer. Use this filter with other filters like Group Sticky Shuffle to group answers by region.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter eliminates all but the first N answers from the list. Use this filter with filters like Shuffle or Weighted Shuffle to implement a round-robin or weighted round-robin approach to the number of responses that you return.

An API parameter that specifies the node(s) on which to update the running service component configuration. Enter a value of * to update all nodes or specify one or more tags (kvps) to push the update only to nodes containing those tags (e.g., selector: “pop=lga08”). Additionally, you can use the selector to define logical expressions (i.e., AND, OR, and NOT) to achieve a specific outcome based on your needs.

A logical grouping of capabilities delivered by the NS1 Connect platform. Services are deployed to edge nodes via their service components which are software modules representing specific capabilities related to that service.

A software module representing a specific capability or mode within service. Each type of service offers one or more service components that are deployed to edge nodes.

The practice of configuring services and their associated service components.

One of NS1's "health check" filters (part of the NS1 Filter Chain); This filter eliminates answers in which the load is higher than the defined limits, resulting in slow or stopped traffic to high-traffic or overloaded endpoints. You must select a metric type — load average, average connections, or active requests — and then define low and high watermark values for that metric. This filter is used often to configure automatic load shedding where users create a data feed to automatically update load metrics within the answer metadata.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter randomly sorts answers. Use this filter with other filters like Select First N to return a subset of the available answers at random.

(RFC 1035, 2038) The Start of Authority (SOA) resource record contains administrative information about the zone that controls the zone transfer. The format of the zone transfer includes MNAME - the domain name of the name server that was the original or primary source of data for this zone; RNAME - a domain name which specifies the email address of the person responsible for this zone; SERIAL - the unsigned 32-bit version number of the original copy of this zone. Zone transfers preserve this value; REFRESH - the amount of time before the zone should be refreshed; RETRY - the amount of time that should elapse before a failed refresh is retried; EXPIRE - the maximum amount of time that can elapse before the zone is no longer authoritative; MINIMUM - the amount of time used to cache negative responses (NXD)

(RFC 4408, 7208) Sender Policy Framework (SPF) records are used during email verification to prevent your domain name from being used by spammers or malicious users. Simply creating an SPF record on your main domain with the content: v=spf1 ip4:11.11.11.11 a -all (replacing 11.11.11.11 with your mail server’s IP address) will tell email receivers that your mail server is the only server allowed to send emails from your domain. All emails received from other servers are to be rejected or marked as spam. If you have multiple mail servers, you can add another ip4:x.x.x.x after the previous one to allow another IP address. Note: The SPF record is still supported, but shouldn’t be used in new configurations. Instead, making a TXT record with the same content is the more accepted practice today. Commonly, mail servers will define both an SPF and a TXT record for the most compatibility

(RFC 2782) Service locator (SRV) records are a way to use DNS to locate services for a specific domain. SRV records allow for built-in load balancing of multiple servers using the priority and weight values in the records. SRV record parameters include: service is the name of a service, such as SIP or XMPP (underscore required); proto is the protocol in use for the service. Normally either TCP or UDP (underscore required); domain name is the FQDN of the domain using the service; TTL is the time-to-live for the DNS record; priority is the priority of the target. A lower number indicates a higher preference; weight is the weight of the target. A higher number indicates a higher preference; target is the hostname of the server which is hosting the service.

A category of filters (part of the NS1 Filter Chain); Sticky filters aim to distribute traffic across multiple answers while ensuring DNS queries from the same source IP address are handled consistently over time.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter performs a shuffle to ensure that answers are always returned in the same order for an individual requester or subnet.

A category of filters (part of the NS1 Filter Chain); Traffic management filters help you shuffle, weight, prioritize, sort, and select answers based on the metadata and options that you define.

(RFC 1035) Text (TXT) records allow you to contain any text-based information on a domain or subdomain. Applications can use this to collect information about a service—typically, SPF records, DomainKeys, and DKIM (two other email verification processes). Usage with SPF can be read about above in the SPF Records section. TXT records may contain any information up to 255 characters per string. A zone may container multiple TXT records.

One of NS1's "health check" filters (part of the NS1 Filter Chain); This filter eliminates answers in which the "up" metadata value is not true or 1, or if it is not set.

URL forwarding (or URL redirecting) is a technique used to make a single web page available via multiple URLs. NS1 users can easily set up URL forwarding (HTTP redirects or masking) between zones. There are three types of URL redirects: Permanent (301), Temporary (302), or Masking. Permanent (301) redirects indicate to search engines that they should remove the old page from their database and replace it with the new target page (recommended for SEO). Temporary (302) redirects are less common—they indicate to search engines that they should keep the old domain or page indexed as the redirect is only temporary. While both pages might appear in the search results, a temporary redirect suggests to the search engine that it should prefer the new target page. Masking redirect preserves the redirected domain in the browser's address bar. This lets the user see the address they entered, even though the content displayed is coming from a different web page.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter reorders answers randomly based on the weight metadata value until all answers are randomly reordered. Answers with a higher weight value will be returned first more often. You can use this filter with the Select First N filter to return one or more answers with probability proportional to their weights.

One of NS1's "traffic management" filters (part of the NS1 Filter Chain); This filter combines Sticky Shuffle and Weighted Shuffle to randomly shuffle answers based on the weight metadata field, consistently across the same requester IP address. Changing a set of answers or their weight value results in a reshuffling. If you select "Apply stickiness by subnet (not by individual IP)", requests in the same IPv4 or IPv6 subnet receive the same output. Select this option to ensure that users balanced across multiple recursors get the same answer.

A DNS zone is simply a domain name (like yourdomain.com) and all subdomains associated with it (like www.yourdomain.com). In the DNS, you delegate "authority" for a zone to a DNS provider like NS1, which then serves as the database of records when lookups are done for information in your zone. You can also think of a zone as a collection of related DNS records.