What is DNS and How Does It Work
A Domain Name System, or DNS, takes a familiar and understandable website name like Hackread.com and turns it into an IP address. Whenever you enter Hackread.com or any other web address, your browser automatically does a DNS Query against a DNS server, which supplies the hostname.
Next, the DNS server grabs the hostname and turns it into a digit IP address, connecting the browser with the site. That’s what happens under the hood when you enter a web address, in a nutshell.
The unit called the DNS Resolver checks the hostname for availability via the local cache. If it’s unavailable, the resolver contacts several DNS Name Servers, until it gets the IP of the exact service that the user is attempting to find, and returns it to the browser. This whole DNS server jazz sounds like a long process, but it happens within a second.
Although you may have ignored their existence, DNS servers are vital in creating DNS records and provide information about a domain or hostname, more specifically its current IP address. Here are some common DNS records:
- The Address Mapping Record (A Record) – this is also known as a DNS host record. It stores a hostname and the IPv4 address which goes with it.
- The IP Version 6 Address Record (AAAA Record) – not hard to remember. This one stores the hostname and its IPv6 address.
- The Canonical Name Record (CNAME Record) – this record can be applied to a hostname to alias it to another hostname. Whenever a DNS client asks for a record that has the CNAME, the DNS resolution process repeats but with a brand new hostname.
- The Mail Exchanger Record (MX Record) – specifying an SMTP email server for the domain; it is employed to route outgoing emails to an email dedicated server.
- Name Server Records (NS Record) – specifying that a DNS Zone, like forexample.com, is commissioned to a specific ANS (Authoritative Name Server), and proved the address of that server.
- Reverse-lookup Pointer Records (PTR Record) – this allows the DNS resolver to give an IP address and get a hostname (mostly being DNS lookup but in reverse.)
- Text Record (TXT Record) – This carries data readable by a machine, like opportunistic encryption, sender policy framework, DMARC, DKIM, etc.
- The Start of Authority (SOA Record) – the record which can be found at the start of a DNS zone file, indicating the ANS (Authoritative Name Server) for the DNS zone, contact details for the administrator of the domain, the serial number of the domain, and info on how often DNS information for this zone should be reviewed and refreshed.
DNS records are very high maintenance. Inadequate care of these records will result in many vulnerabilities and exposures. Now with the knowledge of the frequent types of DNS records, we can view the vulnerabilities which come with poor management of DNS records.
A widespread vulnerability is domain hijacking. This is an attack directly on your DNS servers and domain registrar, which involves very unwelcome changes. Such as stealing and directing your traffic away from original servers, and to where the hacker needs. Domain hijacking is always caused by an exploitable vulnerability in the domain name registrar’s system. It can also be achieved at the DNS level when attackers gain control of your DNS records.
Scary stuff. Soon as the bad guys have your domain name, they can launch various malicious activities. Textbook examples are setting up fake pages of payment systems like PayPal, Visa, or any bank. Attackers create identical copies of bank websites or PayPal, and you do the rest by filling out your personal information (recently of NordVPN’s website). Email addresses, usernames, passwords, all belong to them. Fortunately, you can avoid this situation by monitoring your DNS records.
Finding DNS Records (or How to Find DNS Records)
After reading this, you probably want to check your DNS records right now, worrying about exposure to such attacks and vulnerabilities. This is a good cause for concern because most people barely pay attention to this and quickly get their info stolen. But the question is how to find DNS records?
The good news is that there are plenty of online tools to help you monitor your DNS records. A great example is a tool called DNStable. It is one of the primary tools in the Spyse ecosystem, which allows you to look up all the DNS records you need quickly and conveniently. Spyse does its best to open availability to users who have little technical knowledge, so you can protect your DNS records even if you have no idea what we’re talking about here.
Performing the DNS records lookup by IP, CIDR, Domain, or any other query will give you all the necessary records you need. Then you can enrich this information using different tools in the Spyse ecosystem. In addition to DNS records information, you can get other useful info to protect yourself from other sorts of attacks. Spyse gives out three free credits to newly registered users so you can test the service for yourself.