DNS Resolution and record types (A Record, CNAME, MX, TXT)[edit | edit source]

What is DNS?[edit | edit source]

DNS (Domain Name System) is the protocol responsible for resolving human-readable domain names (e.g., `example.com`) into machine-readable IP addresses (e.g., `93.184.216.34`). DNS acts as the naming infrastructure of the internet.

DNS Lookup Flow[edit | edit source]

The process of DNS resolution involves multiple steps from your device to authoritative servers. The system is designed hierarchically and follows a strict delegation of responsibility.

Local DNS Cache[edit | edit source]

The resolver on the client machine first checks its local cache: - If the domain is found in memory and has not expired (TTL), the IP address is returned immediately. - If not, it proceeds to ask a configured recursive resolver.

Recursive Resolver[edit | edit source]

A recursive resolver (often provided by an ISP or manually configured) attempts to resolve the domain by checking: - Its own cache - If not cached, it performs a full DNS traversal starting from the root

Root Servers[edit | edit source]

Root servers do not contain specific domain records. They direct the resolver to the correct Top-Level Domain (TLD) servers, based on domain suffix (e.g., `.com`, `.org`, `.net`, `.no`).

Example:

TLD Servers[edit | edit source]

TLD servers maintain information about which authoritative name servers are responsible for domains under that TLD. For `.com`, the TLD server points to the name server managing `example.com`.

Authoritative Name Server[edit | edit source]

The authoritative server holds the definitive DNS records for the domain. This is the final step in the lookup process and returns the relevant DNS record type (A, MX, etc.).

DNS Record Types[edit | edit source]

DNS uses multiple record types to describe different functionalities. The table below outlines commonly used types:

Record Type	Description	Example
A	Maps domain to IPv4 address	`example.com → 93.184.216.34`
AAAA	Maps domain to IPv6 address	`example.com → 2606:2800:220:1:248:1893:25c8:1946`
CNAME	Canonical alias for another domain	`www.example.com → example.com`
MX	Mail exchange server	`example.com → mail.example.com (Priority: 10)`
TXT	Arbitrary text data (e.g. SPF, domain verification)	`v=spf1 include:_spf.example.com ~all`
NS	Name server for a domain	`example.com → ns1.dnsprovider.com`
SOA	Start of authority, metadata for domain	Contains zone serial, refresh, retry, etc.

TTL and Caching[edit | edit source]

All DNS responses include a TTL (Time to Live) value which determines how long a record can be cached. Lower TTLs allow rapid changes but increase lookup traffic. Higher TTLs reduce latency but delay propagation of updates.

Implications of TTL[edit | edit source]

- TTL = 3600 → Cache duration = 1 hour - Short TTLs recommended before DNS changes

Security Considerations[edit | edit source]

DNS responses can be manipulated in transit or via poisoned caches. While traditional DNS is unencrypted and unauthenticated, enhancements exist:

DNSSEC[edit | edit source]

DNSSEC (Domain Name System Security Extensions) signs DNS records with cryptographic signatures, ensuring authenticity.

- Detects forged responses - Requires client and server-side support

Encrypted DNS[edit | edit source]

Technologies like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protect DNS queries from being observed or modified in transit.

Diagnosing DNS[edit | edit source]

Use CLI tools to inspect and trace DNS resolution:

Tool	Usage Example	Description
dig	`dig example.com A`	Queries a specific DNS record
nslookup	`nslookup example.com`	Basic DNS query tool
host	`host example.com`	Returns A/AAAA/MX records
whois	`whois example.com`	Domain registration info

Misconfigurations and Abuse[edit | edit source]

Misconfigured DNS records can lead to service disruption, data leaks, or impersonation. Examples include: - Incorrect MX leading to failed mail delivery - Exposed internal TXT data - Open DNS resolvers used for reflection attacks