Overview
This article explains the DNS Request Types that can be collected and listed in a report. Each record type has its own purpose in the DNS infrastructure. When thinking DNS, the first record type that comes to mind is the A Record which is the IPv4 IP address belonging to the hostname of the domain.
Note:
This list is by no means exhaustive. A more complete list, including the relevant RFC for each record type can be found here: https://en.wikipedia.org/wiki/List_of_DNS_record_types
With regards to blocked security domains , please note that Cisco Umbrella blocks A, AAAA, ANY, CNAME, PTR, SRV, PRIVATE, SPF/DNS, NULL, SIG, and TXT records, so queries for other record types (MX, SOA, and NS) will be allowed, even though the category is blocked. However, requests for MX records of domains that have been categorized as "DNS Tunneling VPN" will be refused.
For content filtering categories, types other than AAAA, A records will not be blocked. Destination lists will also not block all record types, NS for example is not blocked.
To view the record type of a request in the Activity Search, toggle the "DNS Types" column.
If a domain is "blocked", queries for address record types A and AAAA will return IP addresses that belong to Umbrella block pages. Queries for DNS record types ANY, CNAME, PTR, SRV, SIG, or TXT will return "REFUSED". (Note: when querying for domains classified as Dynamic DNS, address record types A and AAAA will be blocked, but queries for other DNS record types will not return "REFUSED".) The full list of types we return "REFUSED" on are: 3-5,7-10, 12, 16, 30, 33, 38, 64, 65, 99, 245, 253, 255, 65280-65534.
Exception: DNS Tunneling domains will "block" all record types.
DNS Lookup Types & Functions
DNS Lookup Type |
Description |
Function |
| A | IPv4 address record |
Returns a 32-bit IP address, which typically maps a domain’s hostname to an IP address, but also used for DNSBLs and storing subnet masks |
| AAAA | IPv6 address record |
Returns a 128-bit IP address that maps a domain’s hostname to an IP address |
| ANY | All cached records |
If the domain is not blocked, Umbrella will return NOTIMP to requests for this type. |
| CNAME | Canonical name record |
Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name |
| MX | Mail exchange record |
Maps a domain name to a list of message transfer agents for that domain |
| NS | Name server record |
Delegates a DNS zone to use the specified authoritative name servers |
| PTR | Pointer record |
Pointer to a canonical name that returns the name only and is used for implementing reverse DNS lookups |
| SIG | Signature |
Signature record |
| SOA | Start of authority record |
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone |
| SRV | Service locator |
Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX |
| TXT | Text record |
Carries extra data, sometimes human-readable, most of the time machine-readable such as opportunistic encryption, DomainKeys, DNS-SD, etc. |
Comments
0 comments
Article is closed for comments.