Domain Name System (DNS)

The Domain Name System (DNS) translates human-readable domain names into numerical IP addresses that computers and network devices use to communicate. For example, when sharing a website like wedos.academy, you can easily provide a domain name or link that is readable and recognizable. In contrast, numerical IP addresses, such as 46.28.105.2, are difficult to remember and impractical for everyday use. DNS bridges this gap, allowing users to access websites using familiar names while enabling networks to route traffic efficiently.

All domains require DNS to function correctly. DNS is a distributed system made up of multiple layers of servers and records that store routing instructions and other essential information.

DNS Servers

When a device looks up a domain name, the DNS query typically follows a defined resolution chain:

Root Name Server. Root name servers are authoritative for top-level domains (TLDs) such as .com. There are 13 root server clusters worldwide, distributed using Anycast and operated by different organizations. These servers are coordinated by ICANN through IANA and direct queries to the appropriate TLD name servers.
TLD Name Server. TLD name servers are operated by individual domain registries. They authoritatively resolve second-level domains, such as wedos.com, and, in some cases, specific third-level domains, such as wedos.com.ua. These servers direct queries to the authoritative name servers responsible for the domain.
Authoritative Name Server. Authoritative name servers store the DNS records for a domain and its subdomains. They are commonly operated by domain registrars, hosting providers, or specialized DNS providers, though organizations can also run their own. These servers provide the final answer to DNS queries.

DNS Resolution Example

Resolving the domain wedos.com would look like this:

1. If no cached record exists, the client asks a recursive DNS resolver to retrieve the information for wedos.com.

Client device queries recursive DNS resolver about wedos.com

2. The resolver queries a root name server for wedos.com, which responds with a referral to the .com TLD name servers operated by Verisign.

Resolver queries root DNS about wedos.com, which is delegated to Verisign

3. The resolver then queries a .com TLD name server, which responds with a referral to the authoritative name servers for wedos.com, operated by WEDOS.

Resolver queries Verisign DNS about wedos.com, which is delegated to WEDOS

4. The resolver queries a WEDOS authoritative name server for wedos.com, receives the requested DNS records, and returns the result to the original client.

Resolver queries WEDOS about wedos.com, receives a response and passes it to the original device

To improve availability and performance, authoritative name servers are often deployed globally using Anycast. WEDOS operates such a globally distributed DNS infrastructure under WEDOS.zone.

DNS Records

DNS records contain the information required for devices to communicate over the network. The most common record types include:

A and AAAA records, which map domain names to IPv4 and IPv6 addresses
MX records, which define mail servers
TXT records, which store text-based data for various purposes

Each DNS record name corresponds to a domain or subdomain. A record without a name applies to the main domain wedos.com, while a record named client applies to client.wedos.com. To handle unspecified subdomains, wildcard records are used. These records begin with the * character.

Below are sample DNS records for the wedos.com domain, which direct all queries for:

wedos.com to 46.28.105.2
client.wedos.com to 46.28.105.3
www.wedos.com and all other wedos.com subdomains to 46.28.105.2

Record Name    Type   TTL   Data
               A      300   46.28.105.2
client         A      300   46.28.105.3
*              A      300   46.28.105.2

CNAME

While setting up WEDOS.protection, you may encounter CNAME records. A CNAME record points one domain name to another domain name, which must itself resolve using A or AAAA records. As a result, the original domain resolves to the same IP address or addresses as the target domain.

WEDOS.protection uses CNAME records to allow seamless updates to backend server IP addresses when needed, without requiring manual DNS changes.

By default, CNAME records must be assigned to a specific subdomain or wildcard. Some DNS providers offer CNAME flattening, which allows you to use the CNAME record for the main/second-level domain, or they offer alternative records that allow similar behavior, commonly called ANAME or ALIAS records. WEDOS supports the ALIAS record type for this purpose.

Below are sample DNS records for the wedos.com domain, which direct all queries for:

wedos.com to xyz.wedos.global
www.wedos.com and all other wedos.com subdomains also to xyz.wedos.global

Record Name    Type   TTL   Data
               ALIAS  300   xyz.wedos.global
*              CNAME  300   xyz.wedos.global

DNS Providers

WEDOS.protection is compatible with any DNS provider; however, certain DNS features can significantly affect functionality and ease of management.

A and AAAA records. All DNS providers support A and AAAA record types. However, only WEDOS DNS can automatically update these records if the IP addresses of the WEDOS.protection proxy change, reducing the need for manual intervention.
CNAME records. By default, CNAME records can only be used for subdomains. DNS providers that do not extend this functionality—or offer an alternative record type for the main domain—must rely on A or AAAA records to point the main/second-level domain to the proxy. In this scenario, A and AAAA records must be maintained manually to ensure the domain continues to function correctly.

WEDOS.protection Basics

Curriculum