What do you know about DNS records? You might not even know they exist, or maybe you have come across them when starting to build your own website, or when having to move your site to a new host.
You might well be aware of them and you may have updated one or two, but that doesn’t mean to say you understand what they really are. So what exactly are DNS records? What is their purpose and why does it matter?
These records are a critical part of the internet communication. They sit behind every website, the ones you visit and the ones you don’t. They play a major role in how we navigate the online world, even if we don’t realize it. I’m going to dive into a bit of detail about what DNS records are, their function and different DNS record types. Let’s go!
What Are DNS Records?
DNS records, also known as resource records, are fundamental components of the Domain Name System (DNS). They provide instructions that guide internet navigation, telling servers how to respond to a DNS query. There are around 90 different types of DNS records, but don’t worry, we won’t cover all of them today. I’ll introduce you to the most common ones that you’re likely to encounter in website or mail server management, and some of the more interesting and obscure ones too.
To see how they fit into the bigger picture of what DNS is, read our ‘what is DNS’ guide here.
What Do They Do?
DNS records serve as a directory, connecting domain names to IP addresses. When you type a website address into your browser, DNS records (particularly A and AAAA records) are what allow your device to find the correct server and display the website you’re looking for. They’re like the internet’s version of a phone book, translating human-friendly domain names into machine-friendly IP addresses.
How Do They Work?
Here’s a simplified explanation of how DNS records work within the DNS process:
User Request: When you type a URL into your browser, your computer generates a DNS query to find the IP address associated with that domain name.
Query Forwarding: This query first goes to a DNS recursive resolver, which is usually provided by your internet service provider (ISP). The resolver checks its cache to see if it already knows the IP address for the domain. If it doesn’t, it begins a sequence of queries to find out.
Root Servers: The resolver first asks a DNS root server. The root server doesn’t know the IP address, but it knows where to find the TLD (Top-Level Domain) server for the extension (.com, .org, .net, etc.) of the requested domain.
TLD Servers: The TLD server, in turn, doesn’t know the IP address, but it knows where to find the authoritative name server for the specific domain.
Authoritative Name Servers: The authoritative name server holds the DNS records for the specific domain. It can respond with the IP address (found in an A or AAAA record) for the domain.
Response to User: The resolver sends the IP address back to your computer. Your computer then requests the webpage from the server at that IP address.
Webpage Display: The server sends the webpage data back to your computer, and your browser displays the webpage.
This entire process happens in just milliseconds. DNS records are updated and propagated across the internet as changes occur, ensuring that queries always find the most current information.
What Are The 9 Most Common DNS Records?
Different types of DNS records serve different purposes within this process. For example, A and AAAA records hold IP addresses for domains, CNAME records can redirect from one domain to another, MX records specify mail servers for a domain, and so on
Let’s take a closer look at the nine most common DNS records and their purposes:
|These are the most common type of DNS record. They map domain names to IPv4 addresses.
|These are similar to A records, but they map domain names to IPv6 addresses. As the internet transitions to IPv6, these records are becoming more common.
|Canonical Name records redirect one domain to another. This is useful when a company has multiple domains with similar names.
|Pointer records are the reverse of A and AAAA records. They map IP addresses back to domain names.
|Name Server records provide a list of the authoritative DNS servers responsible for a domain.
|Mail Exchanger records store the domain names of mail servers that receive emails for a domain.
|Start of Authority records contain important information about a DNS zone, such as the primary authoritative name server and the administrator’s email address.
|Text records can store any type of descriptive information in text format. They can be used for various purposes, including verifying domain ownership and ensuring email security.
|Service records provide information about available services under a specific domain.
How And When To Use Them
The use of these records depends largely on the specific needs of your network. In the most common case – when you’re setting up a new website – you will need to create new A or AAAA records to connect your domain name to your server’s IP address. If you’re setting up email, you’ll need MX records. If you need to verify domain ownership for a service like Google Workspace, you’ll use TXT records.
Most web hosts set up their own default DNS records when you register a domain. But if you plan to use a different host or mail server you need to enter the correct DNS record details for the ‘home’ in which your site or e-mail will be hosted.
10 Less Common DNS Records
While the above records are the most common, there are many other types of DNS records that serve specific purposes. In total there are around 90 types of record but I won’t run through them. Rather, here are some of the more interesting ones:
|Certification Authority Authorization records specify which certificate authorities can issue certificates for a domain.
|These are used in DNSSEC to store the public key that a DNS zone signs its records with.
|Delegation Signer records are used in DNSSEC to achieve a secure delegation of DNS zones.
|Naming Authority Pointer records are used in dynamic delegation of resources and service discovery.
|Responsible Person records store the email address of the person responsible for a domain or host.
|Host Information records store information about a host’s hardware and operating system.
|Location records store geographic location information for a domain.
|SSH Fingerprint records store fingerprints of SSH keys to help prevent man-in-the-middle attacks.
|TLSA records are used in DANE to associate a TLS server certificate or public key with a domain name.
|Uniform Resource Identifier records store information about where a specific service or resource is located.
When To Change DNS Records
DNS records should be updated or changed whenever there’s a change in your network configuration. This could be when you’re moving to a new server, adding a new subdomain, setting up email, or implementing security measures like DNSSEC.
More Questions About DNS? Check out these related guides!
What Are The Vulnerabilities Of DNS Records?
DNS records, while crucial for the functioning of the internet, are not without their vulnerabilities. Here are some of the most common security issues associated with DNS:
- DNS Spoofing (or DNS Cache Poisoning):
This is a form of hacking where the attacker introduces corrupt DNS data into the DNS resolver’s cache, causing the resolver to return an incorrect IP address and divert traffic to the attacker’s computer.
- DNS Amplification Attacks:
In this type of Distributed Denial of Service (DDoS) attack, the attacker will attempt to cripple a server by exploiting the fact that a small DNS query can generate lots of responses. The attacker sends a large number of queries with a spoofed IP address (the victim’s) to a DNS server, causing the server to overload the victim’s system with responses.
This can cause critical failure to a website, particularly a small site with limited resources. But they do have the ability to throttle large websites too. It’s a common form of attack.
- DNS Tunneling:
This is a method used to encode the data of other programs or protocols in DNS queries and responses. It can be used for legitimate purposes, but it can also be used by malicious actors that want to bypass network firewalls and exfiltrate data.
- Subdomain Takeover:
If a DNS record points to a service (like a cloud service) that has been deleted or expired, an attacker can take over this service and the traffic directed to it.
- Zone Transfers:
If not properly secured, an attacker can request a zone transfer from the DNS servers, which can provide them with a list of all the domains and IP addresses on the server.
- Information Exposure:
DNS records are public by nature, and anyone can query a DNS server to get information about the domain. This can expose sensitive information about the organization’s infrastructure.
To mitigate these vulnerabilities, it’s crucial to implement DNS security measures such as DNSSEC (DNS Security Extensions), which adds digital signatures to DNS data to verify its authenticity, and to regularly monitor DNS traffic for any anomalies.
How DNS Records Can Help To Identify Threats
DNS records can provide very valuable information when it comes to network security. By monitoring DNS queries and responses, they can help you to identify potential threats and anomalies. For example, a sudden increase in DNS queries for a particular domain could indicate a DDoS attack like the example we mentioned above. Similarly, a large number of NXDOMAIN responses could indicate a DNS tunnelling attempt.
Remember, DNS records are a crucial part of your network’s security. By understanding them and monitoring their usage, you can help keep your network safe and secure.