Internet infrastructure glossary

A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.

a.k.a. Quad-A Record

A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.

An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.

a.k.a. Certification Authority Authorization

A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.

a.k.a. Canonical Name Record

A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.

a.k.a. Domain Name System

The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.

DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.

DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.

DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.

a.k.a. DNS Security Extensions

DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.

a.k.a. DNS over HTTPS

DNS over HTTPS (DoH) encrypts DNS queries and responses inside HTTPS traffic, preventing on-path observers from seeing or tampering with DNS lookups.

a.k.a. DNS over TLS

DNS over TLS (DoT) encrypts DNS queries and responses using Transport Layer Security on a dedicated port 853, preventing eavesdropping and tampering.

a.k.a. GeoDNS, Geographic DNS

Geo DNS is an authoritative DNS configuration that returns different resource records based on the geographic location of the requesting client, enabling traffic routing to nearby servers.

A type of DNS record (A or AAAA) placed in a parent zone to give resolvers the IP address of a nameserver whose name is inside the child zone, breaking the circular dependency that would otherwise prevent resolution.

a.k.a. Mail Exchange Record

A DNS resource record that delegates email delivery to one or more mail servers for a domain, using numeric priority values to indicate preference.

a.k.a. Name Server Record

An NS (Name Server) record in DNS specifies the authoritative name servers for a domain, directing queries to the servers that hold the zone's resource records.

a.k.a. Pointer Record

A PTR record maps an IP address to a hostname in the reverse DNS tree, used for reverse lookups under in-addr.arpa (IPv4) or ip6.arpa (IPv6).

a.k.a. Resolver

A recursive DNS resolver is a server that accepts queries from clients and performs the full iterative lookup process, starting at the DNS root zone and following referrals until it reaches an authoritative answer or fails.

a.k.a. DNS Root

The Root Zone is the top-level delegation layer of the DNS hierarchy, containing the authoritative records for all top-level domains and served by 13 logical root server systems coordinated by ICANN.

a.k.a. Start of Authority Record

A DNS resource record that specifies authoritative information about a DNS zone, including the primary nameserver, responsible party's email, and timing parameters for zone replication.

a.k.a. Service Record

An SRV record is a DNS resource record that defines the hostname and port number for a specific service, enabling clients to discover services like SIP or XMPP.

a.k.a. Time To Live

A timestamp or counter in a DNS resource record that limits how long a resolver or cache can reuse a cached answer before querying the authoritative server again.

A DNS resource record (type 16) that stores free-form text data, commonly used for email authentication (SPF, DKIM, DMARC) and domain ownership verification tokens.

A wildcard DNS record, written as *.example.com, answers DNS queries for any nonexistent subdomain of a parent domain with a single configured result.

A zone file is a plain-text file that contains all DNS resource records for a single domain zone, following the master file format defined in RFC 1035.