The Domain Name System (DNS)

 Introduction


The Domain Name System (DNS) is a hierarchical and distributed naming system that translates human-readable domain names (such as example.com) into IP addresses that computers use to communicate over the Internet. DNS is often referred to as the "phonebook of the Internet."


During the reconnaissance phase of an ethical hacking or penetration test, DNS enumeration helps identify an organization's infrastructure, internet-facing services, email configuration, cloud resources, and other valuable information. Understanding DNS records provides insight into how the target environment is structured and can reveal assets that should be included in the assessment.


Common DNS Record Types

1. A Record (Address Record)

Definition


An A (Address) Record maps a domain name or subdomain to an IPv4 address. It tells DNS resolvers which IPv4 address should be used to reach a specific hostname.


Purpose

Connects a domain name to an IPv4 address.

Directs web traffic to the correct server.

Supports website hosting and network services.

Example

example.com.      IN    A      93.184.216.34

Explanation

Field Value Description

Host example.com Domain name

Type A IPv4 Address Record

Address 93.184.216.34 IPv4 address of the server

Another Example

www.example.com    A    192.168.10.25


When a user enters:


https://www.example.com


DNS resolves:


www.example.com


192.168.10.25


The browser then connects to 192.168.10.25.


2. AAAA Record (IPv6 Address Record)

Definition


An AAAA Record maps a hostname to an IPv6 address.


It performs the same function as an A record but for IPv6 networks.


Purpose

Enables IPv6 connectivity.

Supports modern Internet infrastructure.

Provides larger address space.

Example

example.com.   IN   AAAA   2606:2800:220:1:248:1893:25c8:1946

Explanation

Field Value

Host example.com

Type AAAA

IPv6 Address 2606:2800:220:1:248:1893:25c8:1946

3. MX Record (Mail Exchange Record)

Definition


An MX Record specifies which mail server is responsible for receiving email for a domain.


Purpose

Routes incoming email.

Supports redundancy through priority values.

Identifies email providers.

Example

example.com.     MX    10 mail.example.com.

example.com.     MX    20 backup.example.com.

Explanation

Priority Mail Server

10 mail.example.com

20 backup.example.com


Mail is delivered to the lowest priority number first.


If:


mail.example.com


is unavailable,


email is delivered to


backup.example.com

4. TXT Record (Text Record)

Definition


A TXT Record stores arbitrary text associated with a domain.


Today, TXT records are commonly used for email authentication, domain verification, and security policies.


Common Uses

Domain ownership verification

SPF policies

DKIM public keys

DMARC configuration

Third-party service verification

Example

example.com. TXT "google-site-verification=abc123xyz"


Another example:


example.com. TXT "v=spf1 include:_spf.google.com -all"

Explanation


This TXT record verifies domain ownership for Google services and publishes an SPF policy.


5. CNAME Record (Canonical Name Record)

Definition


A CNAME Record creates an alias from one hostname to another hostname instead of directly pointing to an IP address.


Purpose

Simplifies DNS management.

Allows multiple hostnames to reference a single canonical hostname.

Commonly used with cloud services and CDNs.

Example

blog.example.com.    CNAME    websites.example.net.

Resolution

blog.example.com


websites.example.net


93.184.216.34


Instead of storing an IP address,


blog.example.com


points to another hostname.


6. SPF Record (Sender Policy Framework)

Definition


SPF (Sender Policy Framework) is an email authentication mechanism that specifies which mail servers are authorized to send email on behalf of a domain.


SPF information is published inside a TXT record.


Purpose

Prevent email spoofing.

Reduce phishing.

Improve email deliverability.

Example

example.com. TXT "v=spf1 ip4:203.0.113.10 include:_spf.google.com -all"

Explanation

v=spf1


SPF Version


ip4:203.0.113.10


Allow this IPv4 address.


include:_spf.google.com


Allow Google's mail servers.


-all


Reject all other senders.


7. DKIM Record (DomainKeys Identified Mail)

Definition


DKIM is an email authentication technology that allows outgoing email to be digitally signed.


The receiving mail server verifies the signature using a public key stored in DNS.


Purpose

Prevent email tampering.

Verify message authenticity.

Reduce phishing attacks.

Example

selector1._domainkey.example.com.


TXT


"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."

Explanation

Parameter Meaning

v=DKIM1 DKIM version

k=rsa RSA encryption algorithm

p= Public key


When an email is sent:


Mail Server



Signs Email



Recipient Mail Server



Queries DNS



Downloads Public Key



Verifies Signature


If the signature matches,


the email is considered authentic.


Example DNS Zone

example.com.          A       93.184.216.34


www.example.com.      CNAME   example.com.


example.com.          AAAA    2606:2800:220:1:248:1893:25c8:1946


example.com.          MX      10 mail.example.com.


mail.example.com.     A       93.184.216.50


example.com.          TXT     "google-site-verification=abc123"


example.com.          TXT     "v=spf1 include:_spf.google.com -all"


selector1._domainkey.example.com.

TXT

"v=DKIM1; k=rsa; p=MIIBIjANBgkqh..."

Summary Table

Record Type Purpose Example

A Maps a hostname to an IPv4 address example.com → 93.184.216.34

AAAA Maps a hostname to an IPv6 address example.com → 2606:2800:220:1:248:1893:25c8:1946

MX Specifies mail servers for receiving email example.com → mail.example.com

TXT Stores text for verification and security policies v=spf1 include:_spf.google.com -all

CNAME Creates an alias from one hostname to another blog.example.com → websites.example.net

SPF Lists authorized email senders (published in a TXT record) v=spf1 ip4:203.0.113.10 include:_spf.google.com -all

DKIM Publishes the public key used to verify digitally signed email v=DKIM1; k=rsa; p=...

Why DNS Information Matters in Ethical Hacking


DNS records help security professionals build an accurate picture of an organization's external infrastructure. They can reveal web servers, mail infrastructure, cloud-hosted services, third-party providers, and email authentication mechanisms. This information supports asset inventory, technology identification, and attack surface mapping during an authorized security assessment, making DNS enumeration an essential part of the reconnaissance phase.

Previous Post Next Post