DNS

CNAME

  • CNAME records must always be pointed to another domain name, never to an IP address. MX and NS records must never point to a CNAME alias

  • For example, when an A record lookup for www.baidu.com is carried out, the resolver will see a CNAME record and restart the checking at www.a.shifen.com and then www.wshifen.com. Finially, it will then return 192.0.2.23.

  • We can see that “www.baidu.com" has a CNAME of “www.a.shifen.com"

    1
    2
    3
    4
    5
    6
    7
    8
    9
    $ dig @114.114.114.114 www.baidu.com +noall +answer

    ; <<>> DiG 9.10.3-P4-Raspbian <<>> @114.114.114.114 www.baidu.com +noall +answer
    ; (1 server found)
    ;; global options: +cmd
    www.baidu.com. 1000 IN CNAME www.a.shifen.com.
    www.a.shifen.com. 238 IN CNAME www.wshifen.com.
    www.wshifen.com. 239 IN A 104.193.88.123
    www.wshifen.com. 239 IN A 104.193.88.77
  • However, a root domain (e.g. baidu.com) normally can not be associated with a CNAME

    1
    2
    3
    4
    5
    6
    7
    $ dig @114.114.114.114 baidu.com +noall +answer

    ; <<>> DiG 9.10.3-P4-Raspbian <<>> @114.114.114.114 baidu.com +noall +answer
    ; (1 server found)
    ;; global options: +cmd
    baidu.com. 564 IN A 123.125.115.110
    baidu.com. 564 IN A 220.181.57.216
  • Domain Takeover Case

    挖洞经验 | 看我如何在前期踩点过程中发现价值$4500的漏洞

DNS Request Types Cheat Sheet

DNS Lookup Type Function Description
A IPv4 Address Record The A stands for IPv4 Address
AAAA IPv6 Address Record The A stands for IPv6 Address
NS Name Server Record An authoritative name server that is used to delegate a subdomain to a set of name servers
CNAME Canonical Name Record CNAME can be used to alias one name to another
MX Mail Exchange Record MX Records tell email delivery agents where they should deliver your email. You can have many MX records for a domain for redundancy
PTR Point Records (Reserver DNS) Map a network IP address to a host name.
SOA Start of Authority Record Specify authoritative information about a DNS zone, including the primary name server, administrator, domain serial number, and several timers relating to refreshing the zone
SRV Server Locator Used to help with server discovery (e.g. defining where a SIP service may be found in Internet Telephony)
TXT Text Record Carries extra data, sometimes human-readable, most of the time machine-readable such as opportunistic encryption, DomainKeys, etc.
ANY All cached Records ANY retrives all the available types for a given name