The DNS or Domain Name System is one of the main foundations of the internet. Sadly, many people are not affiliated with networking technicalities and know little about Domain Name Systems even though they use it daily on their jobs.
A necessary explanation of what a DNS is: it’s a directory of names that match up with numbers. These numbers are IP addresses, which allow computers to communicate with each other. Lots of people describe DNS as a digital phone book (except people under 30 have probably never held a phone book before).
Let’s get more in detail about what DNS records are. If you own a domain, your web host stores its information within the DNS records, serving it up whenever the domain is entered.
The process is simple. All you do is identify the name server your domain must point to. Whenever a user enters your domain name, it triggers the DNS records to find the IP address and then send data back from the server.
There are several types of DNS records that you can alter or modify at your domain registrar. All you must do is update your nameserver. However, familiarizing yourself with different types of DNS records will significantly simplify the process and help you monitor them with ease down the line.
The most common DNS records are:
- A Record
⁃ The A record essentially maps a domain name to the IP address (IPv4) of the computer which hosts the domain. An A record is typically used to find the IP of a computer that is connected to the internet from a name.
- AAAA Record
⁃ The AAAA record maps a domain to the IP address (IPv6) of the computer which hosts the domain. Like the A record, the AAAA record is also used to find the IP address of a computer that is connected to the internet from a name.
⁃ CNAME, or Canonical Name, are records used to alias one name to another.
⁃ MX, or Mail eXchange, tell the email delivery agents exactly where your email should be delivered. You can have several MX records for a domain. They ensure that your email is always delivered where it needs to go.
⁃ NS records delegate a specific subdomain to a set of name servers. TLD authorities place NS records for your domain in the TLD name servers, which point to us. This happens each time you delegate any domain to DNSimple.
- TXT Records
⁃ The TXT record can be viewed as a resource record. It is used to associate text with a zone. This record allows the domain administrator to insert text content into DNS records. There are multiple uses for these records.
As we have said before, the people who work daily with DNS records barely know what they are and what they do. This creates a plethora of vulnerabilities and openings for malicious attacks. That’s why it is crucial to understand how DNS records function, the common types of attacks, and how you can prevent them.
DNS Cache Poisoning
One of the most common attacks is DNS cache poisoning. If your DNS cache is poisoned, you get diverted to malicious Web sites posing as your all familiar PayPal or online bank. This happens the following way: Attackers insert false address records into your DNS, so whenever you request an address resolution for a poisoned site, the DNS gives you an IP address for a copycat site controlled by the attacker. It looks like PayPal; it acts like PayPal, but do not be fooled – it’s not. When you enter your account information on this copycat site, the attacker promptly steals it.
Another common type of attack is the subdomain takeover. This happens when an attacker registers a non-existing domain name to gain control over another domain. Here’s how that works:
- The Domain Name (like sub.forexample.com) uses a CNAME record to another domain (like sub.forexample.com CNAME otherdomain.com)
- Time passes and otherdomain.com goes expired, and anybody can register it.
- Because the CNAME record is not deleted from the forexample.com DNS zone, anybody registering otherdomain.com has total control over sub.forexample.com while the DNS record is still present.