Understanding DNS Records Types and Their Security Importance
Complete guide to DNS records (A, MX, CNAME, TXT, NS). Learn how to configure them to protect your domain against phishing and spoofing.

The Domain Name System (DNS) is considered the backbone of the internet. However, its original design dates back to an era when cybersecurity was not a central concern. The initial standards defined in IETF RFC 1035 focused on availability and speed, leaving identity verification aside. Today, manipulating DNS records is one of the preferred techniques for cybercriminals to perform malicious redirections, phishing attacks, and data theft.
In this article, we analyze the main types of DNS records (A, MX, CNAME, TXT, NS), their functions, and how a proper and secure configuration of these records can shield your infrastructure from incidents.
What Are DNS Records and Which Are the Essential Types?
DNS records are configuration instructions stored on authoritative nameservers. They tell resolvers and web browsers how to handle queries related to a given domain.
1. A Record (Address) and AAAA Record (IPv6 Address)
The A record is the most basic and fundamental component. It maps a hostname (like tecnocrypter.com) to a physical 32-bit IPv4 address. Its counterpart for the new addressing architecture is the AAAA record, which points to a 128-bit IPv6 address.
- Security Importance: If an attacker compromises your registrar panel and alters the A record, they can redirect all your traffic to a malicious replica of your website (phishing) to capture your users' credentials.
2. CNAME Record (Canonical Name)
It works as an alias. Instead of pointing to a physical IP, a CNAME record points to another domain name. For example, you can configure www.tecnocrypter.com to point to tecnocrypter.com.
- Security Importance: It is crucial to audit old CNAME records. If a record points to a subdomain or cloud service you no longer use (like an AWS S3 bucket or a deleted GitHub Pages instance), an attacker could claim that resource with the provider and take control of your organization's subdomain, an attack known as Subdomain Takeover.
3. MX Record (Mail Exchanger)
Specifies the mail servers responsible for receiving messages on behalf of your domain. Each MX record includes a priority (lower numbers represent higher priority).
- Security Importance: Attackers may attempt to create fake MX records with lower priority to intercept or redirect your incoming emails.
4. NS Record (Name Server)
Indicates which nameservers are authoritative for managing the DNS zone of your domain.
- Security Importance: Changing NS records without authorization is equivalent to losing control of your entire network ecosystem.
5. TXT Record (Text)
Allows storing arbitrary, machine-readable text information in your DNS zone. Today, its use is strictly indispensable for email security.
Email Shielding Through TXT Records
Most phishing attacks rely on sender address spoofing (email spoofing). TXT records allow us to implement three authentication technologies that work together:
- SPF (Sender Policy Framework): Declares an authorized list of IPs and servers that can send emails on behalf of your domain. A receiving email client checks your SPF TXT record to validate if the message comes from an approved IP.
- DKIM (DomainKeys Identified Mail): Adds a cryptographic signature (public key) to your email headers. The recipient uses this signature to verify that the message was indeed sent by the domain owner and was not altered in transit.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): Establishes a policy telling the receiving server what to do if an email fails SPF or DKIM validations (e.g., reject it or send it to spam). It also provides detailed reports on potential spoofing attempts.
Comparative Table of DNS Records
| Record Type | Query Destination | Main Use Case | Cybersecurity Risk |
|---|---|---|---|
| A / AAAA | IP Address (IPv4 / IPv6) | Point domains to web servers | Redirecting traffic to cloned websites |
| CNAME | Domain Name (Alias) | Point subdomains to external services | Hijacking of abandoned subdomains (Subdomain Takeover) |
| MX | Mail Server + Priority | Routing incoming emails | Intercepting or diverting organization emails |
| TXT | Arbitrary text string | SPF, DKIM, DMARC authentication | Excessively revealing infrastructure or vulnerable keys |
| NS | Nameserver | Declare authority over the DNS zone | Absolute loss of domain control |
How to Audit and Verify Your DNS Records Safely
It is highly recommended to periodically audit your domain's DNS zones to detect obsolete records or unauthorized entries.
Local Command Line Audit
You can query your local or public DNS servers directly using tools integrated into your operating system:
# Query MX records to verify mail servers
dig tecnocrypter.com MX
# Query the SPF and DMARC TXT records of your domain
dig tecnocrypter.com TXT
Web Audit Tools
If you prefer a comprehensive, real-time analysis without using complex commands, you can use our DNS Propagation Checker. This tool allows you to query from multiple global locations simultaneously to check if the changes made to your DNS records are correct and have propagated to all authorized global resolvers.
Conclusion
Configuring your DNS records is not a one-time process. It requires ongoing monitoring and security best practices, such as activating two-factor authentication (2FA) at your domain registrar, auditing unused CNAME records, and rigorously implementing SPF, DKIM, and DMARC.
To dive deeper into DNS query behaviors, we advise reading about How DNS propagation works in real-time and learning about DNS Hijacking threats and how to defend against them.
Sources and Recommended Readings:
- RFC 1035 - Domain Names - Implementation and Specification — Base standard of the domain name system.
- Wikipedia - List of DNS record types — Technical details of all resource record types.
- TecnoCrypter Internal Tool: DNS Propagation Checker


