Networking / Beginners

DNS Fields

Different DNS fields can disclose information to attackers. For example, any host listed in the MX field runs a mail server on port 25/TCP. Similarly, hosts listed in the NS field run DNS servers. Although less common today, the HINFO field is intended to store host information. This may include operating system, architecture, or contact information. Finally, the TXT field is used for generic comments. This information may provide additional insight for an attacker.

Information Hiding

Each piece of DNS information is associated with a 2-byte type field. NS, MX, and TXT are three of the 65,536 possible values (they are 2, 15, and 16, respectively) [RFC1035]. Because new types may be defined in the future, many DNS servers permit caching unknown field types. These undefined fields can be used to store covert information-only clients that know to ask for the information will receive it.

[Previous] [Contents] [Next]