DNS Acronyms
These acronyms and terms are frequently used when discussing securing DNS.
DNS: Domain Name System
This is a system that translates human-readable domain names (such as www.example.com) into numerical IP addresses that computers can use to communicate with each other.
DDOS: Distributed Denial of Service
This is a type of cyber attack that involves overwhelming a network or system with traffic from multiple sources in order to disrupt or disable services.
DDoS mitigation
This refers to measures taken to protect against DDoS attacks. These measures may include rate limiting, traffic filtering, and other techniques designed to prevent or minimize the impact of DDoS attacks.
CDN: Content Delivery Network
This is a distributed network of servers that delivers web content to users based on their geographic location. CDNs can help to improve the performance and reliability of websites by reducing the distance that data has to travel.
DNS filter
This is a security tool that analyzes DNS traffic and blocks requests that match patterns or rules associated with malicious activity. DNS filters are used to protect against a variety of cyber threats, including malware and phishing attacks.
DNS server
This is a computer or network of computers that stores and manages DNS records, and responds to DNS queries from clients.
DNS spoofing
This is a type of cyber attack in which an attacker modifies DNS records to redirect traffic to a malicious site. This can be used to steal sensitive information or to distribute malware.
DNS cache poisoning
This is a type of cyber attack in which an attacker injects malicious data into a DNS cache, causing the cache to return incorrect DNS results.
DNS tunneling
This is a technique that uses DNS queries and responses to transmit data between two points, often for the purpose of bypassing security measures or evading detection.
DNS amplification
This is a type of DDoS attack that uses DNS servers to amplify the volume of traffic directed at a target network or system.
DNS resolver
This is a client-side component of the DNS system that initiates DNS queries and receives responses from DNS servers.
DNS over HTTPS (DoH)
This is a protocol that encrypts DNS queries and responses using HTTPS, providing an additional layer of security for DNS traffic.
DNS over TLS (DoT)
This is a protocol that encrypts DNS queries and responses using TLS, providing an additional layer of security for DNS traffic.
EDNS0: Extension Mechanisms for DNS
This is an extension to the DNS protocol that allows for larger payloads and additional functionality.
IPSec: Internet Protocol Security
This is a protocol suite that provides security for Internet communications by authenticating and encrypting data packets.
NAPTR: Naming Authority Pointer
This is a DNS resource record that provides a mapping between a domain name and a Uniform Resource Identifier (URI).
SOA: Start of Authority
This is a DNS resource record that defines the authoritative information for a domain, including the primary name server and the contact information for the domain administrator.
AXFR: Zone Transfer
This is a mechanism for transferring a complete copy of a DNS zone from one server to another.
CNAME: Canonical Name
This is a type of DNS resource record that maps an alias or nickname to a real or "canonical" domain name.
FQDN: Fully Qualified Domain Name
This is a domain name that includes the complete hierarchy of the domain, including the top-level domain and all subdomains.
MX: Mail Exchange
This is a type of DNS resource record that specifies the mail servers responsible for a domain, and the priority of each server.
NS: Name Server
This is a type of DNS resource record that specifies the name servers responsible for a domain.
PTR: Pointer
This is a type of DNS resource record that maps an IP address to a domain name.
RDNS: Reverse DNS
This is a process that maps an IP address to a domain name, using PTR records.
RP: Responsible Person
This is a type of DNS resource record that specifies the contact information for a domain administrator or other responsible party.
SRV: Service
This is a type of DNS resource record that specifies the location of a specific service within a domain.
TXT: Text
This is a type of DNS resource record that can be used to store arbitrary text data, often for the purpose of providing additional information about a domain or service.
A: Address
This is a type of DNS resource record that maps a domain name to an IPv4 address.
AAAA: Quad-A
This is a type of DNS resource record that maps a domain name to an IPv6 address.
CAA: Certification Authority Authorization
This is a type of DNS resource record that specifies which certification authorities (CAs) are authorized to issue SSL/TLS certificates for a domain.
DNAME: Delegation Name
This is a type of DNS resource record that allows a subdomain to be an alias for a higher-level domain.
DS: Delegation Signer
This is a type of DNS resource record that is used to securely delegate a subdomain to another DNS server.
HINFO: Host Information
This is a type of DNS resource record that specifies the hardware and software configuration of a host.
LOC: Location
This is a type of DNS resource record that specifies the geographic location of a host.
NSAP: Network Service Access Point
This is a type of DNS resource record that maps a domain name to a Network Service Access Point (NSAP) address, which is used to identify nodes in the OSI networking model.
RRSIG: Resource Record Signature
This is a type of DNS resource record that contains a digital signature that can be used to verify the authenticity of other DNS resource records.
SSHFP: SSH Fingerprint
This is a type of DNS resource record that stores the fingerprint of a Secure Shell (SSH) public key, allowing it to be validated by clients.
NX: Non-Existent
This is a term used to describe a domain or resource that does not exist. In the context of DNS, an NX record is a type of resource record that is returned in response to a query for a non-existent domain or resource.
Updated 12 months ago