How to Read the DNS Tab
The DNS tab shows all records for your domain, enriched with IP geolocation, ASN, CDN detection, and DNSSEC status. Here is how to read it.
How to Read the DNS Tab
The DNS tab shows all DNS records for a domain as queried by ElasticDomain's DNS module, using Google (8.8.8.8) and Cloudflare (1.1.1.1) as resolvers. Records are organized by type and enriched with additional intelligence.
Record Types
A Records (IPv4)
Maps the domain to an IPv4 address. This is where your web server lives. Each A record shows:
- IP address — the resolved IPv4
- Country/City — geolocation of the IP
- ASN — Autonomous System Number and organization (tells you whose network the IP belongs to)
- Hosting Provider — inferred from ASN (e.g., AWS, DigitalOcean, OVH, Hetzner)
- CDN — whether the IP belongs to a known CDN (Cloudflare, Fastly, AWS CloudFront, etc.)
- TTL — how long resolvers cache this record
AAAA Records (IPv6)
Same as A records but for IPv6 addresses. Same enrichment applies.
MX Records (Mail Exchangers)
Controls where email for the domain is delivered. Each MX record shows:
- Priority — lower number = higher priority (mail tries lowest priority number first)
- Hostname — the mail server (e.g., aspmx.l.google.com = Google Workspace)
- Resolved IP — the IP behind the mail server hostname
Common MX patterns to recognize:
- aspmx.l.google.com — Google Workspace
- mail.protection.outlook.com — Microsoft 365
- mx1.mailgun.org — Mailgun
TXT Records
Text records used for domain verification and email authentication:
- SPF — starts with v=spf1, lists authorized mail senders
- DKIM — at selector._domainkey subdomain, contains public key for email signing
- DMARC — at _dmarc subdomain, policy for failed authentication
- Domain verification — google-site-verification, ms=..., etc.
NS Records (Nameservers)
The authoritative nameservers for the domain. Changes to NS records are critical — they transfer DNS control. The Nameserver Changed alert watches these.
CNAME Records
Aliases that point one hostname to another. Common pattern: www → root domain, or shop → mystore.shopify.com.
SOA Record (Start of Authority)
Zone metadata including primary nameserver, admin email, and the serial number. The serial number increments on every zone change — useful for tracking when the zone was last modified.
CAA Records (Certification Authority Authorization)
Specifies which Certificate Authorities are allowed to issue SSL certificates for the domain. A CAA record like 0 issue "letsencrypt.org" means only Let's Encrypt can issue certificates — any other CA attempting to issue one would fail CT log acceptance.
DNSSEC Section
Shows the DNSSEC validation status:
- Secure — DNSSEC enabled and all signatures valid
- Insecure — DNSSEC not configured
- Bogus — DNSSEC configured but validation fails (potential attack or misconfiguration)
Also shows key algorithm (ECDSA P-256 recommended, RSA/MD5 deprecated) and signature expiry.
Change History
Below the current records, the DNS tab shows a change history — every time a record was added, removed, or modified in value, with a timestamp of when the change was detected.
CDN Detection Logic
If an A record resolves to a Cloudflare, Fastly, AWS CloudFront, or other known CDN IP range, ElasticDomain marks it as CDN-proxied. This affects risk scoring (CDN IPs are shared by millions of domains — IP neighborhood analysis is not meaningful for CDN IPs).