How sensitive is communicating DNS records?

I'm having problems setting up my DNS and would like to send a screenshot of my DNS settings to a support desk. Now I wonder how sensitive this DNS data is. Are all records public? Or should I be careful who I hand this information to?


All records are public if you make them public - is the server they're on publicly accessible? If you query the records from your home computer, can you get a response for the domain's records?

The other aspect to this is that enumeration of the records isn't generally possible for the public - so, even if someone knows you have www.example.com, doesn't mean they know about the name supersecret.example.com, or which IP address it points to. An AXFR zone transfer is the type of DNS request that would provide a full list of everything in the zone, and public DNS servers typically prevent these queries from being answered.

A full list of the zone may potentially provide interesting information to an attacker - but if it's a public zone with no entries that are 'hidden', then you're not exposing anything that someone can't get at with an internet connection and DNS client.


Generally speaking, it's reasonably easy to figure out what a site's IP range is, and then reverse to what amounts to a full zone dump. So if this is externally available zone data, it's likely not a huge issue. Internal stuff is perhaps more sensitive.

But really, they'll just need to know the general format, I would expect, so if you're concerned, redact the actual names to something you feel comfortable with:

IN MX 10 mailserver.yourdomain.com

might become

IN MX 10 mail.example.com

or similar.

Also, unless the issues revolve around particular records, you could probably truncate your zone files considerably, so long as they have all the relevant record types, SOA, values, etc.