The biggest concern for people going online today is security. There are always people out there trying to get hold of our personal information and use it against us in the worst of ways. Any transaction we perform on the internet today be it financial or intellectual, is prone to attacks by hackers who are trying to intercept it thereby compromising the integrity of our entire web experience.
DNS security helps us safeguard against these attacks in a big way. It plays a significant role in ensuring that everything we do on the internet is being done in a safe and secure environment and our information does not fall into the wrong hands. DNS security his highly dependent on DNS records as it is the first step in ensuring that the authenticity of our web experience.
What are DNS Records?
As we know, DNS maps the domain name to the IP address of any given website. This ensures that we are sending our data packets to the server of the website we intend to visit and not some 3rd party server which may misuse that data. DNS records are basically tables containing mapping files which link each domain to its corresponding IP address and instructs the DNS server (router/external server) on how to react to the request sent to any domain. In a nutshell, DNS records can be thought of as an address directory which helps us connect to the right server related to the domain by correctly identifying the IP address corresponding to that particular domain.
Types of DNS Records
Though there are many types of DNS records, there are few common types which are used for majority of the activities on the internet.
- Start of Authority (SOA)
This record indicates the DNS server with the best source of information for that zone. This DNS server has the authority to make the most changes to the domain or respond to queries. The SOA also contains the email address of the administrator and the configuration information in regards to replication. It also contains the domain serial number which tells the other DNS zones which version of the DNS that server contains.
- Address Mapping Records (A or AAAA)
These are very basic and their function is to convert the domain names into the corresponding IP addresses. They are used for IPv4(A-type) and IPv6(AAAA-type) addresses.
- Canonical Name Record (CNAME)
These records allow the administrator to create an alias record called C Name or Canonical Name. This record points to an A record or AAAA record. So when we resolve a C Name, it returns the corresponding A or AAAA record. Its main use is when the DNS record is not dynamically updated. Moreover, with C Names, we can also change the destination, the C name is pointing to. Thus it saves us a lot of trouble in regards to reconfiguration when things change.
- Service Record (SRV)
These records allow the client to locate services on the network using DNS. They are used by active directory to allow a client to locate a domain controller which makes DNS invaluable in a Windows environment.
- Mail Exchange Record (MX)
These records come into play while sending emails. The email server reads the MX records for the domain to which the email is being sent. Each MX record has a priority. The lower priority MX records are tried first. The domain servers are contacted in order of increasing MX priority.
- Pointer Record (PTR)
This record maps an IP address to a domain name. These can be created automatically by Windows if there is an existing reverse look up zone created.
It is important to note that DNS records can be updated automatically using Dynamic DNS for which we require a DHCP client to work. This saves us the hassle of updating the DNS Records manually which can be very time consuming.
How DNS Records help eliminate false SSL Certificates?
We know that SSL Certificates are of utmost importance in determining the authenticity of a domain. A false SSL certificate would imply that the domain cannot be trusted and any information sent to that domain is not secure and can be used against us. It is, therefore, important to ensure that the SSL certificate of the domain we are visiting is authentic.DNS records help us to do that in a very big way.
In 2013, DNS registration in Certificate Authority Authorization was made standard. This meant that the DNS record would now contain the list of CAs authorized to certify domains with SSL certificates. This limits the 3rd party authorities from issuing false certificates and helps the DNS record to recognize whether the domain has been certified by a trusted authority or has been accidentally or purposely been issued a false certificate. Furthermore, in a few months, domain owners will be allowed to specify the authorities who are authorized to issue certificates for their domains. Publicly trusted authorities are required to follow a special DNS record for this purpose.
The importance of DNS records is paramount in ensuring that our experience on the web is safe and secure and the exchange of information can be done without any fear of it being used for malicious purposes. This creates confidence within the user to freely access the web.