Information Series on DNS: Part 2

Abhijeet Modi/ September 8, 2021/ Blog

The following series of articles details information of DNS Records, we are covering each setting in the series, providing basic use and purpose.

What are APL Records, What are they used for, and how do they work?

APL record is another common type of DNS record that is used for the address prefix-list. The major application of the APL record is that it shows you the list of address ranges. Specified by RFC 3123, the APL record is an important component of the DNS records.

What are CAA Records, what are they used for, and how do they work?

CAA stands for Certificate Authority Authorization shows the list of the authorities that are given the authority to issue the certificate for different domains. The CAA is also authorized to send a notification should someone ask any unauthorized user to issue the certificate for the domain.

Without the CAA record, any user – whether authorized or unauthorized – can get the certificate for the particular domain issued. On the other hand, only the certified group of authorities will be allowed to issue the certificate for the particular domain if the CAA records are there. These records work for both the domains and subdomains. Note that it’s relatively quite new to the industry, which is why only a few tools support the CAA records. You could simply add, remove, and edit the CAA records using the DNS editor tools.

What are CDNSKEY Records, what are they used for, and how do they work?

The main application of the CDNSKEY records is for indicating any type of change in the DNSDSEC status. In fact, the CDNSKEY is mainly used to disable the DNDSEC records. When you remove or disable the DSNSDEC records from the specific zone, the CDNSKEY is automatically launched. Currently, there are not a lot of registries that back the CDNSKEY records.

You are required to complete the domain registration process through the registrars and establish the DS record for the domain and subdomain. It is assumed that the registries will start supporting the CDNSKEY records in the future, and this will further enable domain automation. Specified by RFC 7344, the CDNSKEY records can make domain management easier.

Share this Post