This text is an effective technical overview of DNS that may assist you forestall spoofing. This can be a cross-post from the EasyDMARC weblog, a brand new KnowBe4 Ventures portfolio firm.
What’s a DNS file?
A Area Identify System file is a database file used to translate domains to IP addresses. Also called a useful resource file or a DNS question sort, it consists of textual content information saved on DNS servers, which helps customers join their web site to the web.
Effectively, while you enter a website title in your browser, a DNS question is shipped out of your system to a DNS server to substantiate if the area title has an IP deal with.
DNS information additionally embody a number of syntaxes and instructions telling the server how one can deal with a consumer request. By realizing the widespread sorts of DNS information, you may higher perceive your community exercise.
So, what number of sorts of DNS information are there? Formally, there are about 90 distinctive varieties, every akin to a special process or request. If these are misconfigured or used incorrectly, it could negatively have an effect on your web site’s efficiency and even point out DNS spoofing.
Learn on to find the high 8 commonest sorts of DNS file.
A Document
An A file is among the commonest sorts of DNS information. Throughout an IP deal with lookup, an A file makes use of the area title to find the IPv4 deal with of the pc internet hosting the area title on the web. The “A” on this file stands for “Handle.” If you go to a website like easyDMARC.com, an A file factors to an IP deal with (Model 4).
This means {that a} request out of your browser to easyDMARC.com is directed to the corresponding IPV4 deal with. However an A file can do greater than hyperlink a website title to an IP deal with.
Utilizing a number of A information for a similar area offers fallbacks and redundancy. On this case, every area would have an A file directing customers to the identical IP deal with.
An A file conforms with the usual top-level format outlined in RFC 1035. Under is an instance of an A file format.
cybersecurity.com | Document sort: | Worth: | TTL |
@ | A | 192.168.10.1 | 14400 |
AAAA Document
An AAAA file is one other widespread DNS file sort, and it’s fairly just like an A file. Nonetheless, an AAAA file factors to the IPv6 deal with of the DNS server fairly than the IPv4.
This “Quad A” file permits the DNS consumer to study concerning the IP deal with of a website title after which connect with the web site. Though much less widespread, it’s experiencing elevated reputation because of the broad international adoption of IPv6 addresses.
IPv6 is the most recent model of the Web Protocol deal with, and it’s longer than model 4. Like an A file, a number of AAAA information also can present redundancy when used for a similar area.
cybersecurity.com | Document sort: | Worth: | TTL |
@ | AAAA | 2010:0ca8:89b3:0001:4010:8b2c:0450:7245. | 14400 |
CNAME Document
A Canonical Identify or CNAME file is a DNS file that factors an alias area title (a subdomain or totally different area) to the canonical or foremost area title. A CNAME file is usually used to map an alias area title to the primary area carrying the A or AAAA file.
For example, a Canonical Identify file can direct the net deal with www.easyDMARC.ca to the primary web site for the area, www.easyDMARC.com, offered each domains are owned by the identical firm or particular person
A CNAME file is right when your web site has a number of subdomains. Every subdomain factors to the basis area containing the A or AAAA file.
In case your IP deal with adjustments, there’s no must replace the CNAME file of your subdomains. Since all of them level to the identical root area, solely the AAAA or A file for the basis area have to be modified.
Under are a number of restrictions of utilizing a CNAME file.
- You’ll be able to’t place the CNAME file within the root area.
- A CNAME file should all the time level to a different area title and never an IP deal with.
- Pointing A CNAME file to a different CNAME file is feasible however not advisable.
- NS and MX information ought to by no means level to a CNAME file.
- A CNAME file shouldn’t have any different useful resource file with the identical title (A, MX, and many others.) apart from DNSSEC information like NSEC and RRSIG.
DNS PTR Document
The Pointer or PTR file specifies the area title related to a selected IP deal with. It’s the other of an A file, and it’s utilized in reverse DNS lookup.
A reverse DNS lookup is a course of that begins with the IP deal with and returns with the related area title. PTR information retailer IPv4 addresses with segments in reverse order and reversed order of hexadecimal digits for IPv6 addresses.
A DNS PTR file usually acts as a safety and anti-spam instrument.
If you ship an electronic mail, the receiving electronic mail server makes use of the PTR file within the message to examine if the sending mail server matches the IP deal with it claims, thereby verifying the host.
NS Document
An NS or Nameserver file is a DNS file sort that specifies the authoritative DNS server of a given area or subdomain. It might probably additionally point out which DNS server homes the entire precise zone information or DNS information of a selected area.
Typically, NS information inform the web of which explicit nameserver or DNS server has the IP deal with of the requested area. You gained’t have the ability to load your web site with no correctly configured NS file. Utilizing a number of nameservers also can improve reliability.
On this case, there’s one major nameserver and a number of secondary nameservers carrying related DNS information as the first server. So when the first nameserver is down, one of many secondary servers can attend to DNS queries. An NS file can by no means level to an alias area or CNAME file.
Right here is an instance of an NS file:
cybersecurity.com | Document sort: | Worth: | TTL |
@ | A | ns1.cybersecurity.com | 21600 |
MX Document
A Mail Alternate or MX file is a sort of DNS file used for electronic mail servers. It signifies the e-mail server of an electronic mail deal with area through the SMTP protocol. With out configuring the DNS MX file, you gained’t have the ability to obtain mail out of your area electronic mail deal with.
Whereas some mail suppliers solely have one server, others can have a number of servers. On this case, every server is assigned a precedence worth to inform the Area Identify System which sequence to contact the servers.
The e-mail server with the bottom worth has the very best precedence and would be the first level of contact. Servers with a better worth are solely contacted if the others are down. Nonetheless, the DNS balances the workload between electronic mail servers with the identical precedence quantity. Like NS information, MX information can by no means level to a CNAME file or alias area.
SOA Document
The Begin of Authority or SOA file is a typical sort of DNS file that shops essential details about your DNS zone or area. It’s used to supervise site visitors between major and secondary nameservers.
An SOA file is an important factor of zone transfers—the method of sharing DNS information between nameservers—and a DNS zone file is invalid with out it.
DNS zone information forestall failures when mirrored to secondary servers. Throughout a zone switch, the DNS depends on the SOA file to determine the supply of the zone information (AKA major nameserver) and for directions on how the switch should proceed.
As such, an SOA file has extra info fields, together with:
- MNAME – Major nameserver of the area or zone.
- RNAME – Nameserver administrator’s electronic mail deal with.
- REFRESH – DNS zone file refresh interval.
- SERIAL – Nameserver’s or zone’s serial quantity.
- RETRY – Refresh retry interval.
- EXPIRE – No response timeout.
TXT Document
A textual or TXT file is among the widespread sorts of DNS information that comprises descriptive, human-readable info. It’s usually utilized along with different DNS file varieties to offer extra info.
A single area can have a number of TXT information. Some use circumstances of TXT information are present in providers for Area-based Message Authentication, Reporting, and Conformance (DMARC), Sender Coverage Framework (SPF), and DomainKeys Recognized E mail (DKIM)functions. Total, a TXT file can be utilized to confirm area possession and stop spam.
Conclusion
DNS servers use DNS information to map a website title to its IP deal with. Though these processes occur within the background, DNS information are important to the sleek working of a website’s web site or electronic mail server.
The widespread sorts of DNS information all serve a novel objective however collectively, they assist customers maintain their web sites on-line with out efficiency points. If you wish to know exactly what DNS information your area makes use of, try our DNS Information Lookup instrument.