<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Forwarding your call: How do DNS and CNAME records work?

by Justin Frank Blog 19 Jan 2021

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

For example, think of an apartment building with letters attached to apartment numbers (e.g. 8A, 11B) – they are all in the same location, yet specific addresses vary depending on what – or who – you are looking for. This specific address would be the URL (Universal Resource Locator), a full set of directions containing detailed information on how to get to your destination.

Now, the internet works on a much larger scale, so let’s compare that to a phone book which registers all these specific addresses.

'The internet’s phone book' - Home of Domains

If the internet is like a phone book, and a web page is like a physical building, and a URL is the precise street address of that building, then the IP address would be like the car that helps the visitor travel to that destination. An IP address is formatted as a sequence of numerical instructions (e.g. to help a computer reach its destination. However, humans are less equipped to remember these long codes. The use of domains solves that problem by linking an easy-to-remember nickname to the exact location of the IP address. After all, it’s much easier to remember "www.example.com” instead of “”.

The addresses are registered and regulated in a ’listing of nicknames’, known as a DNS (Domain Name System) server. The DNS automatically assigns the alphabetical nicknames to a numerical IP address.

It is important to note that the domain name is generally segmented into three parts:

  • www.          - the subdomain prefix
  • .example.   - the subdomain
  • .com            - the top-level domain

Often, the top-level domain may point the visitor to the general geo-location of the address. Think for example of “.nl” for the Netherlands, “.de” for Germany, and “.com” as an international domain.

The subdomain – and subdomain prefix – help your website visitors to navigate through the different sections of your website. However, it becomes increasingly difficult for your visitors to navigate your website the more sections you add (e.g. ”store.example.com” or “blog.example.com” or “pki.example.com.s3.-website-us-east-1.example.com”).

“Hello, operator?” - Digital Switchboard

This problem is solved with the help of a CNAME (Canonical Name) record. The CNAME can be compared to an ‘automatic phone operator’ – or ‘switchboard’ – which helps you reach the right subdomain by telling the DNS server what you are initially looking for.

For example, by automatically resolving your visitors’ search for the domain “pki.example.com” to “pki.example.com.s3-website-us-east-1.example.com”. This guides your visitors to the exact subdomain they’re looking for without requiring them to memorise the full domain name.


“Sorry, wrong number” - Deadly (or Dark) Domains

Now that you have set up and decorated your digital property and its various sections, you don’t want any crooks vandalising or entering any part of your domain. Unfortunately, these ’subdomain takeovers’ still happen on a regular basis. This is when a malicious actor decides to exploit your CNAME's redirect to manipulate the visitors’ search of your (sub)domain, or even infiltrate your subdomain.

That can happen when you cancel a subscription to a subdomain name, but forget to unlink the CNAME record. In that case, anyone can re-register the subdomain to make it operational again. And once accomplished , they will be able to display their own content on your web page, leading to several risks such as defacement, domain squatting, brand abuse, or even the scamming of your visitors with fake login screens.


“Who you gonna call?” - Digital Footprint monitoring 

Keeping home intruders out, such as people pretending to be the postman (i.e. third-party risk), can be challenging without a dynamic, holistic overview of your doors and windows (i.e. your domains and subdomains configurations). Leveraging your floorplan - being your digital footprint - will make you stay one step ahead of threat actors and effectively prevent the risks of a subdomain takeover. 

To learn how your digital footprint can minimise the risks, read our whitepaper “Subdomain Takeover: How does it happen & how to prevent it”.

Download Whitepaper →

Justin Frank is an Information Security Officer at Cybersprint.
With a background in Safety & Security Management, he is responsible for aligning internal privacy and security policies. Justin is driven by an ambition to open the dialogue about cybersecurity in a wider societal context.


Securing critical infrastructure: new regulations mandate control

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

read more

Mandatory IT audits: risk scores don’t mean security

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

read more

Determining your cybersecurity maturity

How safe your organisation is from a cybersecurity point of view depends on a lot of factors. Not only should your private and confidential data be kept private and confidential through a plethora of technical defenses, there are also, among others, many processes such as for IT governance and incident response to consider. How your organisation deals with all these challenges determines its cybersecurity maturity. But why is determining this maturity level important?

read more

Do you have a question?

Our experts have the answers

Contact us