The DNS or Domain Name System is one of the main foundations of the internet. Sadly, many people are not affiliated with networking technicalities and know little about Domain Name Systems even though they use it daily on their jobs.
A necessary explanation of what a DNS is: it’s a directory of names that match up with numbers. These numbers are IP addresses, which allow computers to communicate with each other. Lots of people describe DNS as a digital phone book (except people under 30 have probably never held a phone book before).
What Are DNS Records
Let’s get more in detail about what DNS records are. If you own a domain, your web host stores its information within the DNS records, serving it up whenever the domain is entered.
The process is simple. All you do is identify the name server your domain must point to. Whenever a user enters your domain name, it triggers the DNS records to find the IP address and then send data back from the server.
There are several types of DNS records that you can alter or modify at your domain registrar. All you must do is update your nameserver. However, familiarizing yourself with different types of DNS records will significantly simplify the process and help you monitor them with ease down the line.
The most common DNS records are:
- A Record
⁃ The A record essentially maps a domain name to the IP address (IPv4) of the computer which hosts the domain. An A record is typically used to find the IP of a computer that is connected to the internet from a name.
- AAAA Record
⁃ The AAAA record maps a domain to the IP address (IPv6) of the computer which hosts the domain. Like the A record, the AAAA record is also used to find the IP address of a computer that is connected to the internet from a name.
⁃ CNAME, or Canonical Name, are records used to alias one name to another.
⁃ MX, or Mail eXchange, tell the email delivery agents exactly where your email should be delivered. You can have several MX records for a domain. They ensure that your email is always delivered where it needs to go.
⁃ NS records delegate a specific subdomain to a set of name servers. TLD authorities place NS records for your domain in the TLD name servers, which point to us. This happens each time you delegate any domain to DNSimple.
- TXT Records
⁃ The TXT record can be viewed as a resource record. It is used to associate text with a zone. This record allows the domain administrator to insert text content into DNS records. There are multiple uses for these records.
As we have said before, the people who work daily with DNS records barely know what they are and what they do. This creates a plethora of vulnerabilities and openings for malicious attacks. That’s why it is crucial to understand how DNS records function, the common types of attacks, and how you can prevent them.
DNS Cache Poisoning
One of the most common attacks is DNS cache poisoning. If your DNS cache is poisoned, you get diverted to malicious Web sites posing as your all familiar PayPal or online bank. This happens the following way: Attackers insert false address records into your DNS, so whenever you request an address resolution for a poisoned site, the DNS gives you an IP address for a copycat site controlled by the attacker. It looks like PayPal; it acts like PayPal, but do not be fooled – it’s not. When you enter your account information on this copycat site, the attacker promptly steals it.
Another common type of attack is the subdomain takeover. This happens when an attacker registers a non-existing domain name to gain control over another domain. Here’s how that works:
- The Domain Name (like sub.forexample.com) uses a CNAME record to another domain (like sub.forexample.com CNAME otherdomain.com)
- Time passes and otherdomain.com goes expired, and anybody can register it.
- Because the CNAME record is not deleted from the forexample.com DNS zone, anybody registering otherdomain.com has total control over sub.forexample.com while the DNS record is still present.
Taking over subdomains is an ugly business and has significant implications. Attackers can easily send phishing emails from the real, legitimate domain, and perform cross-site scripting (XSS). In this way, they can heavily damage the reputation of the brand whose domain they hijacked.
Preventing Attacks and Vulnerabilities
If your company has a website, software, or deals with anything web-related (basically if you don’t live under a rock), then cybersecurity should be a top concern for you. DNS attacks are prevalent, and monitoring your DNS records is going to help prevent attacks and vulnerabilities. One of the adequate ways of doing it is using online tools like DNStable.
DNStable is one of the six tools made by Spyse for system administrators, security engineers, pen-testers, and other specialists to help deal with the online security of your company. It works on in-house developed internet scanning technologies which allow you to receive extended DNS data on every type of record within seconds. You can blend this information with other data from Spyse tools to get a full birds-eye-view of your company infrastructure. This data can also be stored and accessed online. Test it out for yourself — Spyse fives three free credits for newly registered users to try their service.
Find the tools which work best for you, remember to monitor your DNS records and keep safe on the web.