Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Static DNS

Training Camp • Cybersecurity Glossary

What is Static DNS?

A fixed DNS configuration where domain-to-IP mappings are manually set and unchanging—offering stable, predictable resolution versus dynamic DNS.

Glossary > Network Security > Static DNS

Static DNS — A fixed DNS configuration where domain-to-IP mappings are manually set and unchanging—offering stable

Understanding Static DNS

Static DNS is a DNS configuration in which IP addresses are manually assigned to domain names and remain fixed until an administrator changes them. This provides a consistent, predictable association between names and addresses, suitable for servers and services that require stable network settings.

In a static DNS setup, an administrator manually creates and maintains the resource records—such as A, AAAA, and CNAME records—on the authoritative DNS server, or configures fixed DNS resolver addresses on a client. The mappings do not update automatically; they persist exactly as entered. This contrasts with Dynamic DNS (DDNS), where records are updated automatically as IP addresses change, which is useful for devices on dynamically assigned (DHCP) addresses but introduces a moving, automated update process.

For security and reliability, static DNS offers predictability and a smaller automated attack surface: because records change only through deliberate administrative action, there is no automatic update mechanism for an attacker to abuse, and unexpected changes are easier to spot. The tradeoff is operational—manual records can become stale or misconfigured if infrastructure changes are not reflected, and large environments need disciplined change control. Static resolver settings on critical hosts also prevent attackers from silently redirecting a device to a rogue DNS server.

For example, an organization hosts a public web server whose IP address never changes. The administrator creates a static A record mapping www.example.com to that fixed address on the authoritative DNS server, ensuring users always reach the correct host. On internal critical servers, the team also hardcodes trusted internal DNS resolver addresses rather than relying on DHCP-supplied ones, so that a rogue DHCP server on the network cannot redirect those servers to a malicious resolver for DNS spoofing.

Learn More About Static DNS:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →