<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Forwarding your call: How do DNS and CNAME records work?

by Justin Frank Blog 19 Jan 2021

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

For example, think of an apartment building with letters attached to apartment numbers (e.g. 8A, 11B) – they are all in the same location, yet specific addresses vary depending on what – or who – you are looking for. This specific address would be the URL (Universal Resource Locator), a full set of directions containing detailed information on how to get to your destination.

Now, the internet works on a much larger scale, so let’s compare that to a phone book which registers all these specific addresses.

'The internet’s phone book' - Home of Domains

If the internet is like a phone book, and a web page is like a physical building, and a URL is the precise street address of that building, then the IP address would be like the car that helps the visitor travel to that destination. An IP address is formatted as a sequence of numerical instructions (e.g. to help a computer reach its destination. However, humans are less equipped to remember these long codes. The use of domains solves that problem by linking an easy-to-remember nickname to the exact location of the IP address. After all, it’s much easier to remember "www.example.com” instead of “”.

The addresses are registered and regulated in a ’listing of nicknames’, known as a DNS (Domain Name System) server. The DNS automatically assigns the alphabetical nicknames to a numerical IP address.

It is important to note that the domain name is generally segmented into three parts:

  • www.          - the subdomain prefix
  • .example.   - the subdomain
  • .com            - the top-level domain

Often, the top-level domain may point the visitor to the general geo-location of the address. Think for example of “.nl” for the Netherlands, “.de” for Germany, and “.com” as an international domain.

The subdomain – and subdomain prefix – help your website visitors to navigate through the different sections of your website. However, it becomes increasingly difficult for your visitors to navigate your website the more sections you add (e.g. ”store.example.com” or “blog.example.com” or “pki.example.com.s3.-website-us-east-1.example.com”).

“Hello, operator?” - Digital Switchboard

This problem is solved with the help of a CNAME (Canonical Name) record. The CNAME can be compared to an ‘automatic phone operator’ – or ‘switchboard’ – which helps you reach the right subdomain by telling the DNS server what you are initially looking for.

For example, by automatically resolving your visitors’ search for the domain “pki.example.com” to “pki.example.com.s3-website-us-east-1.example.com”. This guides your visitors to the exact subdomain they’re looking for without requiring them to memorise the full domain name.


“Sorry, wrong number” - Deadly (or Dark) Domains

Now that you have set up and decorated your digital property and its various sections, you don’t want any crooks vandalising or entering any part of your domain. Unfortunately, these ’subdomain takeovers’ still happen on a regular basis. This is when a malicious actor decides to exploit your CNAME's redirect to manipulate the visitors’ search of your (sub)domain, or even infiltrate your subdomain.

That can happen when you cancel a subscription to a subdomain name, but forget to unlink the CNAME record. In that case, anyone can re-register the subdomain to make it operational again. And once accomplished , they will be able to display their own content on your web page, leading to several risks such as defacement, domain squatting, brand abuse, or even the scamming of your visitors with fake login screens.


“Who you gonna call?” - Digital Footprint monitoring 

Keeping home intruders out, such as people pretending to be the postman (i.e. third-party risk), can be challenging without a dynamic, holistic overview of your doors and windows (i.e. your domains and subdomains configurations). Leveraging your floorplan - being your digital footprint - will make you stay one step ahead of threat actors and effectively prevent the risks of a subdomain takeover. 

To learn how your digital footprint can minimise the risks, read our whitepaper “Subdomain Takeover: How does it happen & how to prevent it”.

Download Whitepaper →

Justin Frank is an Information Security Officer at Cybersprint.
With a background in Safety & Security Management, he is responsible for aligning internal privacy and security policies. Justin is driven by an ambition to open the dialogue about cybersecurity in a wider societal context.


What does effective attack surface management look like?

In recent blog posts we’ve discussed the need to understand how your attack surface affects your risk and highlighted three areas that regularly slip under the radar when trying to analyse the true extent of that attack surface. The answer to both these challenges is attack surface management, and in this blog we’re going to focus on what that looks like.

read more

3 Constantly Evolving Areas of Risk Your Organisation Could Be Overlooking

As we mentioned in our previous blog, your attack surface is a constantly evolving source of risks. This is compounded by the fact that most financial services companies can only see a portion of their attack surface – we believe they’re missing 30 to 50 percent.

read more

Understanding your organisation’s attack surface and why it poses a risk

Your attack surface is the sum of the exposed and internet-facing assets, and the associated risks a hacker can exploit to carry out a cyber-attack. Over the past decade or so, that attack surface has changed dramatically. Long gone are the days when the only things exposed to the outside world were your website and your mail server. Today, increased complexity means that many financial services organisations often have huge attack surfaces – in fact, we believe that the attack surface has grown by around 1000% in the past 10 years.

read more

Do you have a question?

Our experts have the answers

Contact us