Introduction
The Domain Name System (DNS) is a hierarchical and distributed naming system that translates human-readable domain names (such as example.com) into IP addresses that computers use to communicate over the Internet. DNS is often referred to as the "phonebook of the Internet."
During the reconnaissance phase of an ethical hacking or penetration test, DNS enumeration helps identify an organization's infrastructure, internet-facing services, email configuration, cloud resources, and other valuable information. Understanding DNS records provides insight into how the target environment is structured and can reveal assets that should be included in the assessment.
Common DNS Record Types
1. A Record (Address Record)
Definition
An A (Address) Record maps a domain name or subdomain to an IPv4 address. It tells DNS resolvers which IPv4 address should be used to reach a specific hostname.
Purpose
Connects a domain name to an IPv4 address.
Directs web traffic to the correct server.
Supports website hosting and network services.
Example
example.com. IN A 93.184.216.34
Explanation
Field Value Description
Host example.com Domain name
Type A IPv4 Address Record
Address 93.184.216.34 IPv4 address of the server
Another Example
www.example.com A 192.168.10.25
When a user enters:
https://www.example.com
DNS resolves:
www.example.com
↓
192.168.10.25
The browser then connects to 192.168.10.25.
2. AAAA Record (IPv6 Address Record)
Definition
An AAAA Record maps a hostname to an IPv6 address.
It performs the same function as an A record but for IPv6 networks.
Purpose
Enables IPv6 connectivity.
Supports modern Internet infrastructure.
Provides larger address space.
Example
example.com. IN AAAA 2606:2800:220:1:248:1893:25c8:1946
Explanation
Field Value
Host example.com
Type AAAA
IPv6 Address 2606:2800:220:1:248:1893:25c8:1946
3. MX Record (Mail Exchange Record)
Definition
An MX Record specifies which mail server is responsible for receiving email for a domain.
Purpose
Routes incoming email.
Supports redundancy through priority values.
Identifies email providers.
Example
example.com. MX 10 mail.example.com.
example.com. MX 20 backup.example.com.
Explanation
Priority Mail Server
10 mail.example.com
20 backup.example.com
Mail is delivered to the lowest priority number first.
If:
mail.example.com
is unavailable,
email is delivered to
backup.example.com
4. TXT Record (Text Record)
Definition
A TXT Record stores arbitrary text associated with a domain.
Today, TXT records are commonly used for email authentication, domain verification, and security policies.
Common Uses
Domain ownership verification
SPF policies
DKIM public keys
DMARC configuration
Third-party service verification
Example
example.com. TXT "google-site-verification=abc123xyz"
Another example:
example.com. TXT "v=spf1 include:_spf.google.com -all"
Explanation
This TXT record verifies domain ownership for Google services and publishes an SPF policy.
5. CNAME Record (Canonical Name Record)
Definition
A CNAME Record creates an alias from one hostname to another hostname instead of directly pointing to an IP address.
Purpose
Simplifies DNS management.
Allows multiple hostnames to reference a single canonical hostname.
Commonly used with cloud services and CDNs.
Example
blog.example.com. CNAME websites.example.net.
Resolution
blog.example.com
↓
websites.example.net
↓
93.184.216.34
Instead of storing an IP address,
blog.example.com
points to another hostname.
6. SPF Record (Sender Policy Framework)
Definition
SPF (Sender Policy Framework) is an email authentication mechanism that specifies which mail servers are authorized to send email on behalf of a domain.
SPF information is published inside a TXT record.
Purpose
Prevent email spoofing.
Reduce phishing.
Improve email deliverability.
Example
example.com. TXT "v=spf1 ip4:203.0.113.10 include:_spf.google.com -all"
Explanation
v=spf1
SPF Version
ip4:203.0.113.10
Allow this IPv4 address.
include:_spf.google.com
Allow Google's mail servers.
-all
Reject all other senders.
7. DKIM Record (DomainKeys Identified Mail)
Definition
DKIM is an email authentication technology that allows outgoing email to be digitally signed.
The receiving mail server verifies the signature using a public key stored in DNS.
Purpose
Prevent email tampering.
Verify message authenticity.
Reduce phishing attacks.
Example
selector1._domainkey.example.com.
TXT
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."
Explanation
Parameter Meaning
v=DKIM1 DKIM version
k=rsa RSA encryption algorithm
p= Public key
When an email is sent:
Mail Server
↓
Signs Email
↓
Recipient Mail Server
↓
Queries DNS
↓
Downloads Public Key
↓
Verifies Signature
If the signature matches,
the email is considered authentic.
Example DNS Zone
example.com. A 93.184.216.34
www.example.com. CNAME example.com.
example.com. AAAA 2606:2800:220:1:248:1893:25c8:1946
example.com. MX 10 mail.example.com.
mail.example.com. A 93.184.216.50
example.com. TXT "google-site-verification=abc123"
example.com. TXT "v=spf1 include:_spf.google.com -all"
selector1._domainkey.example.com.
TXT
"v=DKIM1; k=rsa; p=MIIBIjANBgkqh..."
Summary Table
Record Type Purpose Example
A Maps a hostname to an IPv4 address example.com → 93.184.216.34
AAAA Maps a hostname to an IPv6 address example.com → 2606:2800:220:1:248:1893:25c8:1946
MX Specifies mail servers for receiving email example.com → mail.example.com
TXT Stores text for verification and security policies v=spf1 include:_spf.google.com -all
CNAME Creates an alias from one hostname to another blog.example.com → websites.example.net
SPF Lists authorized email senders (published in a TXT record) v=spf1 ip4:203.0.113.10 include:_spf.google.com -all
DKIM Publishes the public key used to verify digitally signed email v=DKIM1; k=rsa; p=...
Why DNS Information Matters in Ethical Hacking
DNS records help security professionals build an accurate picture of an organization's external infrastructure. They can reveal web servers, mail infrastructure, cloud-hosted services, third-party providers, and email authentication mechanisms. This information supports asset inventory, technology identification, and attack surface mapping during an authorized security assessment, making DNS enumeration an essential part of the reconnaissance phase.