IBM NS1 Connect

IBM NS1 Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

IBM NS1 Connect announces support for new DNS Record types

By Claire ODonovan posted Fri March 07, 2025 07:00 AM

  

Why have we increased the number of DNS Resource Record types that we support? 

We are constantly looking to improve our product and as part of that we listen to you, our customers, the market and global organizations, such as the IETF, that develop and promote voluntary standards and protocols for the internet. We have been continuously gathering feedback from these sources to increase the number of DNS Record types that we support and that are available for implementation. 

 

There are 33 DNS Resource Record types already available to NS1 Connect customers, which will now be increased to 39. The majority of these new record types are not supported by alternative DNS providers yet.  

 

What new DNS Record types have been added? 

We have recently added the following DNS Record types: 

Security 

  1. OpenPGPKEY 

  1. SSHFP 

  1. IPSECKEY  

Location  

  1. GPOS  

General  

  1. APL  

  1. URI 

 

What are each of these DNS Record types? 

 

OpenPGPKEY 

OpenPGPKey was introduced by the IETF in RFC 7929. This DNS record type is used to store OpenPGP public keys in DNS. This provides a means for domain owners to make their OpenPGP keys publicly available, allowing other users or systems to easily retrieve them for encrypting or verifying messages. 

 

SSHFP 

This record stores the SSH Public Key Fingerprint for Secure Shell keys and is set out in RFC 4255. It was designed to improve security and usability in SSH connections. It allows the fingerprint of an SSH public key to be stored in DNS, making it easier and more secure for clients to verify the identity of a server they are connecting to. The acquisition of an SSHFP record must be secured with a mechanism such as DNSSEC to establish a chain of trust to authenticate the records, ensuring it isn't altered during transmission and to ensure that the record accurately reflects the SSH server's public key 

 

IPSECKEY 

IPSECKEY was defined by the IETF in RFC 4025 and it is used in conjunction with IPsec (Internet Protocol Security). It can be used for authenticating IPsec endpoints and for establishing and maintaining secure communication between two endpoints over the internet. 

 

GPOS 

GPOS is a Geographical Position record and is set out by the IETF in RFC 1712. GPOS stores the geographic location of a domain name or IP address. It is similar to a location (LOC) record, but lacks some of the precision and flexibility of LOC. 

 

APL

The APL record stands for Address Prefix List and it was introduced by the IETF in RFC 3123. This record type is used to store address prefix lists in DNS. It allows a domain to specify which IP address prefixes are valid for connecting to it. Prefixes are helpful in network routing and network security. APL can be particularly useful in IPv6 environments.  

 

URI 

URI stands for Uniform Resource Identifier and it was defined by the IETF in RFC 7553 and RFC 3986. It discloses the mapping of host names to URIs. A URI record provides a way to map a domain name to one or more protocols, so that clients can request a specific resource over a specific communication protocol. It can be useful for linking to services or information about a domain that might not be directly accessible via some traditional DNS records.  

 

How can you implement these DNS Resource Records in NS1 Connect? 

You can follow the steps outlined in this document to Create a DNS Record and in Reference: DNS record types - IBM Documentation. 


#TechnicalBlog
#ProductUpdates/Announcements


#automation-featured-area-2
#Featured-area-2-home
0 comments
37 views

Permalink