DNS Analysis Hub
The Domain Name System (DNS) directs global traffic. Analyze DNS zone records to ensure proper routing and validate security policies like SPF, DKIM, and DMARC that prevent phishing.
Domain Infrastructure Profiles
DNS Record Types Database
A Record
Maps a domain name to a 32-bit IPv4 address.
AAAA Record
Maps a domain name to a 128-bit IPv6 address.
MX Record
Specifies mail servers responsible for receiving email.
TXT Record
Hosts security policies (SPF, DMARC) and validation keys.
NS Record
Delegates DNS zones to authoritative name servers.
SOA Record
Stores administrative metadata and refresh intervals for a zone.
PTR Record
Enables reverse DNS lookup mapping an IP back to a domain.
CNAME Record
Maps an alias domain hostname to a canonical domain name.
Securing DNS Configurations
Without proper DNS hygiene, organizations are susceptible to traffic hijacking, subdomain takeovers, and email spoofing. Routine auditing of DNS zones is critical for maintaining corporate security postures.
Defensive Configurations
- Prevent Subdomain Takeovers: Ensure all CNAME records point to active resources. Dangling CNAMEs can be hijacked by unauthorized actors to host malicious content.
- Harden Email Infrastructure: Enforce strict SPF, DKIM, and DMARC policies in TXT records to cryptographically verify email senders and eliminate phishing.
- Protect Zone Transfers: Ensure authoritative nameservers do not permit anonymous AXFR zone transfers.