<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us

Forwarding your call: How do DNS and CNAME records work?

by Justin Frank Blog 19 Jan 2021

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

For example, think of an apartment building with letters attached to apartment numbers (e.g. 8A, 11B) – they are all in the same location, yet specific addresses vary depending on what – or who – you are looking for. This specific address would be the URL (Universal Resource Locator), a full set of directions containing detailed information on how to get to your destination.

Now, the internet works on a much larger scale, so let’s compare that to a phone book which registers all these specific addresses.

'The internet’s phone book' - Home of Domains

If the internet is like a phone book, and a web page is like a physical building, and a URL is the precise street address of that building, then the IP address would be like the car that helps the visitor travel to that destination. An IP address is formatted as a sequence of numerical instructions (e.g. to help a computer reach its destination. However, humans are less equipped to remember these long codes. The use of domains solves that problem by linking an easy-to-remember nickname to the exact location of the IP address. After all, it’s much easier to remember "www.example.com” instead of “”.

The addresses are registered and regulated in a ’listing of nicknames’, known as a DNS (Domain Name System) server. The DNS automatically assigns the alphabetical nicknames to a numerical IP address.

It is important to note that the domain name is generally segmented into three parts:

  • www.          - the subdomain prefix
  • .example.   - the subdomain
  • .com            - the top-level domain

Often, the top-level domain may point the visitor to the general geo-location of the address. Think for example of “.nl” for the Netherlands, “.de” for Germany, and “.com” as an international domain.

The subdomain – and subdomain prefix – help your website visitors to navigate through the different sections of your website. However, it becomes increasingly difficult for your visitors to navigate your website the more sections you add (e.g. ”store.example.com” or “blog.example.com” or “pki.example.com.s3.-website-us-east-1.example.com”).

“Hello, operator?” - Digital Switchboard

This problem is solved with the help of a CNAME (Canonical Name) record. The CNAME can be compared to an ‘automatic phone operator’ – or ‘switchboard’ – which helps you reach the right subdomain by telling the DNS server what you are initially looking for.

For example, by automatically resolving your visitors’ search for the domain “pki.example.com” to “pki.example.com.s3-website-us-east-1.example.com”. This guides your visitors to the exact subdomain they’re looking for without requiring them to memorise the full domain name.


“Sorry, wrong number” - Deadly (or Dark) Domains

Now that you have set up and decorated your digital property and its various sections, you don’t want any crooks vandalising or entering any part of your domain. Unfortunately, these ’subdomain takeovers’ still happen on a regular basis. This is when a malicious actor decides to exploit your CNAME's redirect to manipulate the visitors’ search of your (sub)domain, or even infiltrate your subdomain.

That can happen when you cancel a subscription to a subdomain name, but forget to unlink the CNAME record. In that case, anyone can re-register the subdomain to make it operational again. And once accomplished , they will be able to display their own content on your web page, leading to several risks such as defacement, domain squatting, brand abuse, or even the scamming of your visitors with fake login screens.


“Who you gonna call?” - Digital Footprint monitoring 

Keeping home intruders out, such as people pretending to be the postman (i.e. third-party risk), can be challenging without a dynamic, holistic overview of your doors and windows (i.e. your domains and subdomains configurations). Leveraging your floorplan - being your digital footprint - will make you stay one step ahead of threat actors and effectively prevent the risks of a subdomain takeover. 

To learn how your digital footprint can minimise the risks, read our whitepaper “Subdomain Takeover: How does it happen & how to prevent it”.

Download Whitepaper →

Justin Frank is an Information Security Officer at Cybersprint.
With a background in Safety & Security Management, he is responsible for aligning internal privacy and security policies. Justin is driven by an ambition to open the dialogue about cybersecurity in a wider societal context.


Digital Footprint compared to 5 security technologies

In this blog, we'll cover our Digital Footprint approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with Digital Footprint. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how Digital Footprint is positioned with regards to External Threat Intelligence.

read more

Digital Footprint in External Threat Intelligence

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

read more

CEO insights: 3 trends for 2021's cybersecurity

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working. But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

read more

Do you have a question?

Our experts have the answers

Contact us