DNS Cheat Sheet

Here’s a cheat sheet for DNS (Domain Name System), which is used to translate human-readable domain names into IP addresses:

Basic DNS Components

Domain Name: Human-readable name, e.g., www.example.com.

IP Address: Numeric address identifying a device on the Internet.

DNS Records

  • A Record (Address Record):
    • Maps a domain to an IPv4 address.
    • Example: example.com IN A 192.168.1.1
  • AAAA Record (IPv6 Address Record):
    • Maps a domain to an IPv6 address.
    • Example: example.com IN AAAA 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • CNAME Record (Canonical Name):
    • Alias of one domain to another.
    • Example: www IN CNAME example.com
  • MX Record (Mail Exchange):
    • Specifies mail servers for the domain.
    • Example: example.com IN MX 10 mail.example.com
  • TXT Record (Text Record):
    • Holds human-readable text.
    • Used for various purposes like SPF (Sender Policy Framework).
    • Example: example.com IN TXT "v=spf1 include:_spf.example.com ~all"
  • NS Record (Name Server):
    • Specifies authoritative DNS servers for the domain.
    • Example: example.com IN NS ns1.example.com

DNS Query Types

  • A Query:
    • Resolves a domain name to an IPv4 address.
    • Example: nslookup example.com
  • AAAA Query:
    • Resolves a domain name to an IPv6 address.
    • Example: nslookup -query=AAAA example.com
  • MX Query:
    • Retrieves mail servers for a domain.
    • Example: nslookup -query=MX example.com

DNS Tools and Commands

  • nslookup:
    • Interactive DNS query tool.
    • Example: nslookup example.com
  • dig (Domain Information Groper):
    • Flexible DNS query tool.
    • Example: dig example.com
  • host:
    • DNS lookup utility.
    • Example: host example.com
  • DNS Cache Flushing:
    • Flush DNS cache on various operating systems:
      • Windows: ipconfig /flushdns
      • Linux (systemd): sudo systemd-resolve --flush-caches
      • MacOS: sudo dscacheutil -flushcache

DNS Security

  • DNSSEC (DNS Security Extensions):
    • Adds cryptographic signatures to DNS data.
    • Enhances security against DNS spoofing.
  • DoT (DNS over TLS):
    • Encrypts DNS queries over TLS for privacy.
    • Uses port 853.
  • DoH (DNS over HTTPS):
    • Encrypts DNS queries over HTTPS for privacy.
    • Uses port 443.

This cheat sheet covers fundamental concepts and commands related to DNS. Adjust commands based on the specific tools available in your environment.