What is a DNS Record?23-09-2023 - Blogs
What is DNS?
Before trying to understand, “what is a DNS Record”, we need to understand “What is a DNS” – DNS is short for “Domain Name System,” a structure that enables users to connect to websites. It does this by translating easy-to-read domain names into a unique identifier, specific to the server storing the website.
Essentially, a DNS is like an enormous directory, cataloging names and numbers. However, in the context of the internet, these numbers are Internet Protocol (IP) addresses instead of phone numbers, and computers use them to communicate with one another. Instead of mapping names to phone numbers, it pairs domain names with their corresponding IP addresses. When a user inputs a domain name, the device uses the DNS to find the associated IP address and, in turn, the precise location where the website files are stored.
How does DNS work?
Understanding DNS or Domain Name System doesn’t have to be difficult. It functions as a guide when you enter a site’s URL into your web browser, linking the domain name of the website to its designated IP address. This procedure is known as Domain Name Resolution.
Let’s say you decide to stop by Google, so you type in “google.com” into your browser. You’re not linking directly to a service related to google.com. Rather, a DNS identifies the specific IP address where google.com resides. Next, your computer reaches out to that address through a dedicated service port, and voila, the Google page is loaded. This scrolling exchange of data is the beautiful crux of how DNS simplifies internet navigation.
Since this is a very simplified how a DNS works – we wrote a in depth explanation of this concept – a detailed blog about can be found at “What is DNS? & How DNS works”
What is a DNS Record?
A DNS record refers to data within a directory that aligns a URL with an a piece of information. Stored on DNS servers, DNS records serve as an essential bridge connecting websites to the broader online environment. When a specific URL gets entered and searched in the web browser, it is directed towards the DNS servers. These servers relay it to the appropriate web server. Subsequently, this web server redirects the user to their requested website, as depicted in the URL, or fx. channelizes them towards an email server tasked with managing incoming emails or some of the many other options.
Among the myriad of DNS record types, the most commonplace are NS (name server), A (address), MX (mail exchange), and TXT (text record).
The different DNS records explained
Different DNS records serve different purposes in managing and directing internet traffic. They are essential components of the Domain Name System (DNS), acting as information repositories that store various types of data related to domain names. These records play a crucial role in connecting domain names to IP addresses and ensuring smooth communication across the internet. There are around 90 different official DNS record, some of them more known and used than others.
The most common types of DNS records
The A record, also known as the address record, maps a domain name to the IP address (IPv4) of the computer hosting the domain. The A record is one of the most commonly used DNS records and is essential for the website’s visibility on the internet. It enables users to access a website using the domain name instead of the IP address.
For instance, when you type a website’s URL into your browser, an A record lookup is performed that retrieves the IP address associated with that domain name, making the website load into your browser.
The AAAA record, is similar to an A record, but instead of pointing a domain name to an IPv4 address (as an A record does), an AAAA record points a domain name to an IPv6 address. The name AAAA is derived from the fact it takes four times as many bytes to store an IPv6 address compared to an IPv4 address. AAAA records are becoming increasingly important as the Internet transitions from using IPv4 protocol to IPv6, to accommodate more unique IP addresses.
The CNAME, or the Canonical Name record, is a specific type of DNS record. It is used to map a subdomain or domain name to another hostname.
This is often used when you wish for multiple domain names to lead to the same location. Instead of having to update multiple records if something changes, you update the CNAME record and all associated domains will follow. Essentially, a CNAME record enables a domain or subdomain to point to another domain name, functioning as a kind of redirect.
The MX record, or the Mail Exchanger record, are specifically used for email routing. This record points to the server that receives the email for your domain. When someone sends an email to your domain, their email server will look up your domain’s MX records to determine where to deliver the email. These records often contain priorities, so if multiple records exist, the one with the lowest number is attempted first. This system ensures that your emails get to the right server, and is crucial for your email to function correctly.
The TXT record, or the Text record, are a type of DNS record that provide text information to sources outside your domain, that can be used for a variety of purposes. The text can be either human- or machine-readable and can include details on the domain, information about the organization, validation codes, etc.
One of the common uses of TXT records is to help prevent email spam. For instance, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are two methods that use TXT records to verify the sender of an email and check it wasn’t altered along the way.
The NS record, or the Name Server record, is used to indicate which DNS servers are authoritative for the domain it is listed under. It tells other computers on the internet where to find the DNS information for a specific domain. This record helps in finding the server or servers hosting the domain’s DNS records, leading to the right server when a user wants to access a particular web page within the domain. Every domain must have an NS record in its DNS zone.
The SOA record, or the Start of Authority record, is a type of record in the Domain Name System (DNS) that contains key information about a domain. It is the record that signals the start of the DNS zone, and it contains information about the zone’s properties. The SOA record includes the primary name server for the domain, the email of the domain administrator, the domain serial number, and several timers relating to the propagation of the domain’s records.
The SRV record, or the Service record, is a specification of data in the Domain Name System defining the location, i.e., the hostname and port number, of servers for specified services. It is used to establish connections to services without the need to know the exact location beforehand. This includes services like SIP (Session Initiation Protocol), XMPP (Extensible Messaging and Presence Protocol), FTP (File Transfer Protocol) and others. The SRV record makes it easier to manage certain services and applications in the DNS by allowing these services to run on any port regardless of the restrictions of firewalls and routers.
The PTR record, or the Pointer record, is essentially the opposite of an A or AAAA DNS record. While an A or AAAA record is used to convert a domain name or subdomain into an IP address, a PTR record is used to convert an IP address into a domain name. PTR records are often used for reverse DNS lookups, enabling the server to check if the IP address fits with the domain or subdomain name connected with it. This can be particularly useful for spam filters, as spammers often use invalid IP addresses, which will not match up to a domain in a reverse DNS lookup.
The less commonly used DNS records?
The AFSDB DNS record, or the Andrew File System Database record, is a type of DNS record that’s used to locate servers for the Andrew File System (AFS) protocol. AFS is a distributed file system that enables multiple machines to share files over a network. With AFSDB records, client machines can identify and connect to the appropriate AFS servers in order to access files in the network. This type of record is also used to identify Kerberos authentication servers for domain name resolution.
The APL record, or the Address Prefix List record, is a type of data record in the Domain Name System (DNS). It is used to store IP address ranges for a specific domain name and permits a granular definition of IP addressing information within DNS. This includes not only single addresses but also subnets in both IPv4 and IPv6 formats. It is not commonly used as major DNS software do not support it yet and it is considered experimental.
The CAA record, or the Certification Authority Authorization record, is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain. It helps to improve online Security. The CAA record contains the domain name, a flag to allow or disallow the specified CA, and an optional section for policy parameters. The overall aim is to prevent the issuance of unauthorized certificates for a domain, thus helping to prevent Man-in-the-Middle (MitM) attacks.
The DNSKEY DNS record is a data record used in the Domain Name System Security Extensions (DNSSEC) protocol. It is used to authenticate and verify the integrity of responses to DNS queries. Essentially, the DNSKEY record contains the public key that a resolver uses to verify digital signatures in the DNSSEC system. Each DNSKEY record is associated with one or more RRSIG, or resource record signatures, which are used to authenticate the records using cryptographic signatures.
The CDNSKEY record, or the Child DNSKEY record, is a part of the Domain Name System Security Extensions (DNSSEC) protocol which is used to support secure DNS lookup queries. This record is similar to DNSKEY, but is allocated for a child zone in DNS hierarchy. This record enables the child zone to publish its keys to the parent zone directly, assisting in maintaining secure delegation of DNSSEC, and thus playing a vital role in secure DNS communication. The CDNSKEY is crucial for a process known as automated DNSSEC provisioning.
The CERT record, or the Certificate record, is a type of resource record in the Domain Name System (DNS). This record allows for the association of certificates and related certificate revocation lists to a domain. Internally, it stores the certificate type, the key tag, the public key’s algorithm, and the certificate or CRL in the DNS database. It helps in secure verification of domains and to establish secure communications, commonly used with email encryption and sender verification systems.
The DNAME record, or the Delegation Name record, is a type of record in the Domain Name System (DNS) used to redirect a whole subtree of the DNS to another domain. It enables a domain to be reorganized without affecting the rest of the domain names in the subtree, unlike the CNAME record that redirects one specific name to another. The DNAME record basically provides aliases for all the subtrees of a particular domain, not for a single name.
The HIP DNS record, or the Host Identity Protocol record, is a type of resource record in the Domain Name System (DNS) that allows systems to map domain names to specific hosts based on cryptographic identifiers. This system provides the opportunity for more secure and efficient routing solutions. It addresses limitations around IP-based identity, mobility and multi-homing, without changing the underlying IP protocol. It also provides a way to establish secure communications over insecure networks, improving privacy and making systems more resistant to denial-of-service attacks.
The IPSECKEY Domain Name System record, is a type of resource record in the DNS used to hold public key information that can be utilized with the IPsec protocol suite for secure communications over IP networks. This record is used to support a method for securely exchanging IP network layer packets by providing encryption and data origin authentication. It allows a DNS domain name to be associated with a public key, so end hosts can retrieve the key and use it to establish secure communications.
The LOC DNS record, is a type of resource record in the Domain Name System (DNS) that allows geographical location information to be associated with a domain name. This record was originally designed to facilitate the use of DNS in various location-sensitive applications, such as emergency services or pinpointing the physical location of specific servers. The LOC record provides information like latitude, longitude, elevation, and the size of the area within which the server might be located. However, it’s not widely used and not all DNS servers are configured to return this type of record.
The NAPTR record, or the Naming Authority Pointer record, is a type of record in the Domain Name System that is used for several applications, including SIP (Session Initiation Protocol) and ENUM (telephone number mapping). It enables the DNS to provide information about services available for specific domains, such as email, VoIP, and web services. This record is also commonly utilized in regular expression based rewriting rules of domain names, supporting dynamic resolution of a domain’s protocol, port, and server. However, its implementation can be quite complex compared to other DNS records.
The NSEC record, or the Next Secure DNS record, is a type of DNSSEC record used to secure and authenticate the Domain Name System (DNS). This record provides cryptographic assurance that a specific DNS name does not exist. It’s a way to protect against DNS spoofing and other attacks by proving the nonexistence of a name or a type. It also lists all the record types that the owner name has. The NSEC record links to the next owner name in the zone which helps to prevent zone enumeration.
The RRSIG DNS record is a type of record in the Domain Name System (DNS) used for DNS Security Extensions (DNSSEC). This record stores the digital signature of another DNS record set. By verifying this signature, a DNS resolver can check the authenticity and integrity of the data in the corresponding DNS record set, ensuring that it hasn’t been tampered with. This mechanism is part of the DNSSEC protocol, which adds a layer of security to the DNS by offering authenticity and data integrity, but not confidentiality.
The RP record, or the Responsible Person Record, is a type of record that holds data that specifies an email point of contact for the domain. It also contains the hostname to a TXT DNS record (which commonly contains additional human-readable information about where to send information regarding the domain.) Using the RP record can be advantageous from a management perspective, as it provides another level of control and information regarding domain contacts.
The SSHFP record, or the Secure Shell Key FingerPrint record, is a type of record that holds SSH fingerprint data. It’s designed to help prevent man-in-the-middle attacks. It holds a cryptographic hash generated from a server’s public key, allowing SSH clients to verify the server’s identity before making a connection. This record only works for DNSSEC (Domain Name System Security Extensions) enabled domains as it relies on the additional security provided by DNSSEC for authenticating records.