The Top 8 Most Common Types of DNS Records



easydmarc-logoThis article is a good technical overview of DNS that can help you prevent spoofing. This is a cross-post from the EasyDMARC blog, a new KnowBe4 Ventures portfolio company. 

What is a DNS record? 

A Domain Name System record is a database record used to translate domain names to IP addresses. Also known as a resource record or a DNS query type, it consists of text files stored on DNS servers, which helps users connect their website to the internet. 

What is a DNS Lookup?

Well, when you enter a domain name in your browser, a DNS query is sent from your device to a DNS server to confirm if the domain name has an IP address. 

DNS records also encompass several syntaxes and commands telling the server how to handle a client request. By knowing the common types of DNS records, you can better understand your network activity. 

So, how many types of DNS records are there? Officially, there are about 90 unique types, each corresponding to a different task or request. If these are misconfigured or used incorrectly, it can negatively affect your website’s performance or even indicate DNS spoofing

Read on to discover the  top 8 most common types of DNS record.

A Record

An A record is one of the most common types of DNS records. During an IP address lookup, an A record uses the domain name to locate the IPv4 address of the computer hosting the domain name on the internet. The “A” in this record stands for “Address.” When you visit a site like easyDMARC.com, an A record points to an IP address (Version 4). 

This implies that a request from your browser to easyDMARC.com is directed to the corresponding IPV4 address. But an A record can do more than link a domain name to an IP address. 

Using multiple A records for the same domain provides fallbacks and redundancy. In this case, each domain would have an A record directing users to the same IP address.

An A record conforms with the standard top-level format defined in RFC 1035. Below is an example of an A record format. 

cybersecurity.com Record type: Value: TTL
@ A 192.168.10.1 14400

 

AAAA Record

An AAAA record is another common DNS record type, and it’s quite similar to an A record. However, an AAAA record points to the IPv6 address of the DNS server rather than the IPv4. 

This “Quad A” record allows the DNS client to learn about the IP address of a domain name and then connect to the website. Although  less common, it’s experiencing increased popularity due to the wide global adoption of IPv6 addresses. 

IPv6 is the latest version of the Internet Protocol address, and it’s longer than version 4. Like an A record, multiple AAAA records can also provide redundancy when used for the same domain.

cybersecurity.com Record type: Value: TTL
@ AAAA 2010:0ca8:89b3:0001:4010:8b2c:0450:7245. 14400

 

CNAME Record

A Canonical Name or CNAME record is a DNS record that points an alias domain name (a subdomain or different domain) to the canonical or main domain name. A CNAME record is often used to map an alias domain name to the main domain carrying the A or AAAA record.

For instance, a Canonical Name record can direct the web address www.easyDMARC.ca to the main website for the domain, www.easyDMARC.com, provided both domains are owned by the same company or individual 

A CNAME record is ideal when your website has multiple subdomains. Each subdomain points to the root domain containing the A or AAAA record. 

If your IP address changes, there’s no need to update the CNAME record of your subdomains. Since they all point to the same root domain, only the AAAA or A record for the root domain must be changed.

Below are a few restrictions of using a CNAME record.

  • You can’t place the CNAME record in the root domain.
  • A CNAME record must always point to another domain name and not an IP address.
  • Pointing A CNAME record to another CNAME record is possible but not recommended.
  • NS and MX records should never point to a CNAME record.
  • A CNAME record should have no other resource record with the same name (A, MX, etc.) except for DNSSEC records like NSEC and RRSIG.

     

DNS PTR Record

The Pointer or PTR record specifies the domain name associated with a specific IP address. It’s the opposite of an A record, and it’s used in reverse DNS lookup. 

A reverse DNS lookup is a process that starts with the IP address and returns with the associated domain name. PTR records store IPv4 addresses with segments in reverse order and reversed order of hexadecimal digits for IPv6 addresses.

DNS PTR record typically acts as a security and anti-spam tool. 

When you send an email, the receiving email server uses the PTR record in the message to check if the sending mail server matches the IP address it claims, thereby verifying the host.

NS Record

An NS or Nameserver record is a DNS record type that specifies the authoritative DNS server of a given domain or subdomain. It can also indicate which DNS server houses all of the actual zone files or DNS records of a specific domain. 

Generally, NS records inform the internet of which particular nameserver or DNS server has the IP address of the requested domain. You won’t be able to load your website without a properly configured NS record. Using multiple nameservers can also increase reliability. 

In this case, there’s one primary nameserver and multiple secondary nameservers carrying similar DNS records as the primary server. So when the primary nameserver is down, one of the secondary servers can attend to DNS queries. An NS record can never point to an alias domain or CNAME record.

Here is an example of an NS record:

cybersecurity.com Record type: Value: TTL
@ A ns1.cybersecurity.com 21600

 

MX Record

A Mail Exchange or MX record is a type of DNS record used for email servers. It indicates the email server of an email address domain via the SMTP protocol. Without configuring the DNS MX record, you won’t be able to receive mail from your domain email address. 

While some mail providers only have one server, others can have multiple servers. In this case, each server is assigned a priority value to tell the Domain Name System which sequence to contact the servers. 

The email server with the lowest value has the highest priority and will be the first point of contact. Servers with a higher value are only contacted if the others are down. However, the DNS balances the workload between email servers with the same priority number. Like NS records, MX records can never point to a CNAME record or alias domain.

 

SOA Record

The Start of Authority or SOA record is a common type of DNS record that stores crucial information about your DNS zone or domain. It’s used to oversee traffic between primary and secondary nameservers. 

An SOA record is an essential element of zone transfers—the process of sharing DNS records between nameservers—and a DNS zone file is invalid without it.

DNS zone files prevent failures when mirrored to secondary servers. During a zone transfer, the DNS relies on the SOA record to identify the source of the zone files (AKA primary nameserver) and for instructions on how the transfer must proceed.

As such, an SOA record has additional information fields, including:

  • MNAME – Primary nameserver of the domain or zone.
  • RNAME – Nameserver administrator’s email address.
  • REFRESH – DNS zone file refresh interval.
  • SERIAL –  Nameserver’s or zone’s serial number.
  • RETRY – Refresh retry interval.
  • EXPIRE – No response timeout.

     

TXT Record

A textual or TXT record is one of the common types of DNS records that contains descriptive, human-readable information. It’s often utilized together with other DNS record types to provide additional information.

A single domain can have multiple TXT records. Some use cases of TXT records are found in services for Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Email (DKIM)purposes. Overall, a TXT record can be used to verify domain ownership and prevent spam.

 

Conclusion

DNS servers use DNS records to map a domain name to its IP address. Although these processes happen in the background, DNS records are essential to the smooth running of a domain’s website or email server.

The common types of DNS records all serve a unique purpose but collectively, they help users keep their websites online without performance issues. If you want to know precisely what DNS records your domain uses, check out the EasyDMARC DNS Records Lookup tool.


Do you know what's getting through your mail filters?

KnowBe4’s  Mailserver Security Assessment (MSA) helps you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules. With email still the #1 attack vector used by threat actors, you want to see what types of messages may make it through your filters from the outside.

MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.

msa-screen3Here's how MSA works:

  • 100% non-malicious packages sent
  • Select from 30+ automated email message types to test against
  • Saves you time! No more manual testing of individual email messages using MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mail server is configured correctly, many are not!

Test My Mailserver!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

knowbe4.com/mailserver-security-assessment

Subscribe To Our Blog


Cybersecurity Awareness Month 2022 Free Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews