Domain Expiration Status Actions 30 Days 38/1000
3.8% 30 Days 4/1000
0.4% 30 Days 3/1000
0.3% 30 Days 2/1000
0.2% 30 Days 1/1000
0.1% 30 Days 0/1000
0% 30 Days 1/1000
0.1% 30 Days 1/1000
0.1% 30 Days 6/1000

DNS Guidelines

The hostname and target address should only contain alphanumeric characters, as well as, periods, dashes and underscores. The A type DNS records if for pointing a hostname to an IPv4 address. The CNAME type DNS records if for making an alias for a hostname.

What is DNS?

Domain Name System (DNS) is a fundamental component of the internet infrastructure that translates human-readable domain names (e.g., into IP addresses (e.g., used by computers to identify each other on the network. DNS plays a vital role in enabling users to access websites, send emails, and use other internet services by allowing them to use easily-remembered domain names instead of having to memorize numerical IP addresses.

The concept of DNS was first introduced in the early 1980s by Paul Mockapetris in response to the growing number of computers connected to the internet. At that time, hosts were identified by a simple text file called the "hosts file," which mapped hostnames to IP addresses. However, as the number of hosts grew, maintaining and distributing this file became increasingly difficult, leading to the development of a more scalable and decentralized system - DNS.

DNS functions as a distributed and hierarchical database spread across millions of servers worldwide. This structure allows for efficient and accurate name resolution while maintaining a high degree of fault tolerance and redundancy.

At the top of the DNS hierarchy are the root servers, which maintain information about the Top-Level Domains (TLDs), such as .com, .org, and .net. Below the root servers are the TLD name servers, which contain information about the second-level domains, like or Further down the hierarchy are the authoritative name servers, which hold the actual DNS records for specific domains.

DNS resolution is the process of converting a domain name into an IP address. When a user requests a domain name, their computer sends a query to a recursive resolver, typically provided by an Internet Service Provider (ISP) or another DNS service provider. The recursive resolver will then traverse the DNS hierarchy, starting with the root servers, followed by TLD name servers, and eventually reaching the authoritative name servers for the requested domain. Once the IP address corresponding to the domain is retrieved, the resolver returns the address to the user's computer, which can then use it to establish a connection to the desired web server.

There are several types of DNS records used to store different types of information associated with a domain. Some common record types include:

  • A (Address) Records: These records map a domain name to an IPv4 address.
  • AAAA (Quad-A) Records: These records map a domain name to an IPv6 address.
  • CNAME (Canonical Name) Records: These records create an alias for another domain name, which is resolved to its corresponding IP address.
  • MX (Mail Exchange) Records: These records specify the mail servers responsible for handling email for a domain.
  • TXT (Text) Records: These records hold arbitrary text, often used for verification purposes or to provide additional information about a domain.
  • NS (Name Server) Records: These records delegate a DNS zone to a set of authoritative name servers.
  • PTR (Pointer) Records: These records create a reverse DNS mapping, associating an IP address with a domain name.

DNS operates over the User Datagram Protocol (UDP) by default, using port 53. However, it can also use Transmission Control Protocol (TCP) in specific situations, such as when the response data size exceeds 512 bytes or for tasks like zone transfers between DNS servers.

Despite its numerous advantages, DNS has faced several security challenges over the years. One of the most well-known attacks is the Distributed Denial of Service (DDoS) attack, in which attackers flood a target DNS server with a massive volume of requests, rendering it unable to respond to legitimate queries. Another common attack is DNS cache poisoning, wherein an attacker manipulates the DNS resolver's cache to redirect users to malicious websites.

To mitigate these security risks, several security measures have been implemented to improve the resilience and integrity of the DNS system. Some of these measures include:

  • DNS Security Extensions (DNSSEC): DNSSEC adds an additional layer of security by signing DNS data with cryptographic signatures. This helps ensure the authenticity and integrity of the DNS data, preventing attacks like cache poisoning and man-in-the-middle attacks. DNSSEC-enabled resolvers can validate these signatures, providing a higher level of trust in the DNS data.
  • Domain Name System Response Policy Zones (DNS RPZ): DNS RPZ is a mechanism that allows recursive DNS resolvers to block or redirect DNS queries based on policy rules. This can help protect users from accessing malicious domains or IP addresses, as well as prevent the exfiltration of data via DNS.
  • DNS over TLS (DoT) and DNS over HTTPS (DoH): These protocols encrypt DNS queries and responses, providing privacy and security benefits by preventing eavesdropping and tampering with DNS data. DoT uses the Transport Layer Security (TLS) protocol, while DoH uses the HyperText Transfer Protocol Secure (HTTPS) protocol to secure DNS communications.
  • Rate Limiting: Implementing rate limiting on DNS servers can help mitigate the impact of DDoS attacks by restricting the number of queries from a single source in a given time period. This can prevent attackers from overwhelming the server with a flood of requests.
  • Anycast: Anycast is a routing technique that allows multiple servers to share the same IP address. In the context of DNS, this can help distribute DNS queries across multiple servers, improving performance and mitigating the impact of DDoS attacks.
  • Monitoring and Logging: Regular monitoring and logging of DNS server activity can help identify unusual patterns or signs of an attack, allowing for timely response and mitigation.
  • Network Segmentation: Separating DNS servers from other critical network infrastructure can help limit the potential damage caused by a successful attack on the DNS system. By isolating DNS servers, an attacker's access to other parts of the network can be restricted.
  • Regular Patching and Updates: Keeping DNS server software up-to-date with the latest security patches and updates is crucial for maintaining a secure and stable DNS infrastructure. This helps to address any known vulnerabilities that could be exploited by attackers.

By implementing these security measures, the overall resilience and security of the DNS system can be significantly improved, ensuring that users can continue to rely on this critical component of the internet infrastructure for accessing websites, sending emails, and using other online services.