Overview
This article explains the DNS Request Types that can be collected and listed in a report. Each record type has its own purpose in the DNS infrastructure. When thinking DNS, the first record type that comes to mind is the A Record which is the IPv4 IP address belonging to the hostname of the domain.
Note:
This list is by no means exhaustive. A more complete list, including the relevant RFC for each record type can be found here: https://en.wikipedia.org/wiki/List_of_DNS_record_types
With regards to blocked security domains , please note that Cisco Umbrella blocks A, AAAA, ANY, CNAME, PTR, SRV, PRIVATE, SPF/DNS, NULL, and TXT records, so queries for other record types (MX, NS and SIG) will be allowed, even though the category is blocked.
For content filtering categories, types other than AAAA, A records will not be blocked. Destination lists will also not block all record types, NS for example is not blocked.
To view the record type of a request in the Activity Search, toggle the "DNS Types" column.
If a domain is "blocked", queries for address record types A and AAAA will return IP addresses that belong to Umbrella block pages. Queries for DNS record types ANY, CNAME, PTR, SRV, or TXT will return "REFUSED". (Note: when querying for domains classified as Dynamic DNS, address record types A and AAAA will be blocked, but queries for other DNS record types will not return "REFUSED".) The full list of types we return "REFUSED" on are: 3-5,7-10, 12, 16, 30, 33, 38, 99, 245, 253, 255, 65280-65534.
DNS Lookup Types & Functions
DNS Lookup Type |
Description |
Function |
| A | IPv4 address record |
Returns a 32-bit IP address, which typically maps a domain’s hostname to an IP address, but also used for DNSBLs and storing subnet masks |
| AAAA | IPv6 address record |
Returns a 128-bit IP address that maps a domain’s hostname to an IP address |
| ANY | All cached records |
Returns all records of all types known to the name server |
| CNAME | Canonical name record |
Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name |
| MX | Mail exchange record |
Maps a domain name to a list of message transfer agents for that domain |
| NS | Name server record |
Delegates a DNS zone to use the specified authoritative name servers |
| PTR | Pointer record |
Pointer to a canonical name that returns the name only and is used for implementing reverse DNS lookups |
| SIG | Signature |
Signature record |
| SOA | Start of authority record |
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone |
| SRV | Service locator |
Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX |
| TXT | Text record |
Carries extra data, sometimes human-readable, most of the time machine-readable such as opportunistic encryption, DomainKeys, DNS-SD, etc. |
Comments
0 comments
Article is closed for comments.