Different types of DNS records

What Are DNS Records?

DNS (Domain Name System) records are entries in a domain’s DNS database that map domain names to specific resources, such as IP addresses. These records enable web browsers and other services to locate and communicate with websites, email servers, and other internet services.

• Name Server (NS) Record: Describes a name server for the domain that permits DNS lookups within several zones. Every primary as well as secondary name server must be reported via this record
• Mail Exchange (MX) Record: Permits mail to be sent to the right mail servers located in the domain. Other than IP addresses, MX records include fully-qualified domain names
• Address (A) Record: Used to map a host name to an IP address. Generally, A records are IP addresses. If a computer consists of multiple IP addresses, adapter cards, or both, it must possess multiple address records
• IPv6 (AAAA) record: The record that contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address)
• Canonical Name (CNAME) Record: Can be used to set an alias for the host name
• Text (TXT) Record: Permits the insertion of arbitrary text into a DNS record. These records add SPF records into a domain
• Time-to-Live (TTL) Record: Sets the period of data, which is ideal when a recursive DNS server queries the domain name information
• Start of Authority (SOA) Record: Declares the most authoritative host for the zone. Every zone file should include an SOA record, which is generated automatically when the user adds a zone
• Pointer (PTR) Record: Creates a pointer, which maps an IP address to the host name in order to do reverse lookups
• (SRV) record: Specifies a port for specific services
• (AFSDB) record: This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells
• (APL) record: The ‘address prefix list’ is an experiment record that specifies lists of address ranges
• (CAA) record: This is the ‘certification authority authorization’ record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains
• (DNSKEY) record: The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures
• (CDNSKEY) record: This is a child copy of the DNSKEY record, meant to be transferred to a parent
• (CERT) record: The ‘certificate record’ stores public key certificates
• (DCHID) record: The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks
• (DNAME) record: The ‘delegation name’ record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of ‘example.com’ bought the domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains
• (HIP) record: This record uses ‘Host identity protocol’, a way to separate the roles of an IP address; this record is used most often in mobile computing
• (IPSECKEY) record: The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP)
• (LOC) record: The ‘location’ record contains geographical information for a domain in the form of longitude and latitude coordinates
• (NAPTR) record: The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URI’s to point to based on a regular expression
• (NSEC) record: The ‘next secure record’ is part of DNSSEC, and it’s used to prove that a requested DNS resource record does not exist
• (RRSIG) record: The ‘resource record signature’ is a record to store digital signatures used to authenticate records in accordance with DNSSEC
• (RP) record: This is the ‘responsible person’ record and it stores the email address of the person responsible for the domain
• (SSHFP) record: This record stores the ‘SSH public key fingerprints’; SSH stands for Secure Shell and it’s a cryptographic networking protocol for secure communication over an unsecure network.

How to Check DNS Records

You can look up DNS records using:

• Online DNS lookup tools:

  • Google Dig
  • MXToolbox
  • NSLookup.io

• Command-line tools:

  • Linux/macOS Terminal:
    • dig hydrattack.com (basic lookup)
    • dig hydrattack.com ANY (retrieve all records)
    • dig MX hydrattack.com (get mail server records)
  • Windows Command Prompt:
    • nslookup -type=A hydrattack.com

    • nslookup -type=MX hydrattack.com