Which DNS record type is commonly used to publish security-related information such as DKIM keys and DMARC policies?

Prepare for the CCST Certification Exam in Cybersecurity. Access flashcards and multiple choice questions with hints and explanations. Excel in your certification journey!

Multiple Choice

Which DNS record type is commonly used to publish security-related information such as DKIM keys and DMARC policies?

Explanation:
DNS TXT records store arbitrary text in a domain’s DNS zone, which is ideal for security-related data like DKIM keys and DMARC policies. The DKIM public key is published as a TXT record under the selector (for example, selector._domainkey.example.com), and the DMARC policy is published as a TXT record at _dmarc.example.com with strings like v=DMARC1; p=reject; rua=mailto:…, since these need to carry long, structured text. Other record types—A records (addresses), CNAMEs (aliases), and MX records (mail exchangers)—serve addressing and routing roles and aren’t designed to hold policy strings or key material. So the appropriate record type for these purposes is TXT.

DNS TXT records store arbitrary text in a domain’s DNS zone, which is ideal for security-related data like DKIM keys and DMARC policies. The DKIM public key is published as a TXT record under the selector (for example, selector._domainkey.example.com), and the DMARC policy is published as a TXT record at _dmarc.example.com with strings like v=DMARC1; p=reject; rua=mailto:…, since these need to carry long, structured text. Other record types—A records (addresses), CNAMEs (aliases), and MX records (mail exchangers)—serve addressing and routing roles and aren’t designed to hold policy strings or key material. So the appropriate record type for these purposes is TXT.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy