Editing DNS Resolution (section)

= DNS Resolution and record types (A Record, CNAME, MX, TXT) =

== What is DNS? ==

DNS (Domain Name System) is the protocol responsible for resolving human-readable domain names (e.g., `example.com`) into machine-readable IP addresses (e.g., `93.184.216.34`). DNS acts as the naming infrastructure of the internet.

== DNS Lookup Flow ==

The process of DNS resolution involves multiple steps from your device to authoritative servers. The system is designed hierarchically and follows a strict delegation of responsibility.

=== Local DNS Cache ===

The resolver on the client machine first checks its local cache:
- If the domain is found in memory and has not expired (TTL), the IP address is returned immediately.
- If not, it proceeds to ask a configured recursive resolver.

=== Recursive Resolver ===

A recursive resolver (often provided by an ISP or manually configured) attempts to resolve the domain by checking:
- Its own cache
- If not cached, it performs a full DNS traversal starting from the root

=== Root Servers ===

Root servers do not contain specific domain records. They direct the resolver to the correct Top-Level Domain (TLD) servers, based on domain suffix (e.g., `.com`, `.org`, `.net`, `.no`).

Example:


=== TLD Servers ===

TLD servers maintain information about which authoritative name servers are responsible for domains under that TLD. For `.com`, the TLD server points to the name server managing `example.com`.

=== Authoritative Name Server ===

The authoritative server holds the definitive DNS records for the domain. This is the final step in the lookup process and returns the relevant DNS record type (A, MX, etc.).

== DNS Record Types ==

DNS uses multiple record types to describe different functionalities. The table below outlines commonly used types:

{| class="wikitable"
! Record Type !! Description !! Example
|-
| A || Maps domain to IPv4 address || `example.com → 93.184.216.34`
|-
| AAAA || Maps domain to IPv6 address || `example.com → 2606:2800:220:1:248:1893:25c8:1946`
|-
| CNAME || Canonical alias for another domain || `www.example.com → example.com`
|-
| MX || Mail exchange server || `example.com → mail.example.com (Priority: 10)`
|-
| TXT || Arbitrary text data (e.g. SPF, domain verification) || `v=spf1 include:_spf.example.com ~all`
|-
| NS || Name server for a domain || `example.com → ns1.dnsprovider.com`
|-
| SOA || Start of authority, metadata for domain || Contains zone serial, refresh, retry, etc.
|}

== TTL and Caching ==

All DNS responses include a TTL (Time to Live) value which determines how long a record can be cached. Lower TTLs allow rapid changes but increase lookup traffic. Higher TTLs reduce latency but delay propagation of updates.

=== Implications of TTL ===
- TTL = 3600 → Cache duration = 1 hour
- Short TTLs recommended before DNS changes

== Security Considerations ==

DNS responses can be manipulated in transit or via poisoned caches. While traditional DNS is unencrypted and unauthenticated, enhancements exist:

=== DNSSEC ===

DNSSEC (Domain Name System Security Extensions) signs DNS records with cryptographic signatures, ensuring authenticity.

- Detects forged responses
- Requires client and server-side support

=== Encrypted DNS ===

Technologies like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protect DNS queries from being observed or modified in transit.


== Diagnosing DNS ==

Use CLI tools to inspect and trace DNS resolution:

{| class="wikitable"
! Tool !! Usage Example !! Description
|-
| [[dig|dig]] || `dig example.com A` || Queries a specific DNS record
|-
| [[nslookup|nslookup]] || `nslookup example.com` || Basic DNS query tool
|-
| [[host|host]] || `host example.com` || Returns A/AAAA/MX records
|-
| [[whois|whois]] || `whois example.com` || Domain registration info
|}

== Misconfigurations and Abuse ==

Misconfigured DNS records can lead to service disruption, data leaks, or impersonation. Examples include:
- Incorrect MX leading to failed mail delivery
- Exposed internal TXT data
- Open DNS resolvers used for reflection attacks