Global WKS (Well Known Service) Lookup
The WKS (Well Known Service) record is a heavily deprecated, highly rigid DNS record type introduced during the initial drafting of the Domain Name System in RFC 1035. Its primary engineering objective was to publicly map a specific IP address to a defined list of supported internet protocols—specifically TCP or UDP—and publicly declare their respective open ports. For instance, an administrator could use a WKS record to broadcast that a server located at 192.168.1.100 actively supported SMTP on port 25 and FTP on port 21.
Pre-Connection Resource Optimization
In the early days of networked computing, establishing a TCP handshake over limited-bandwidth, high-latency ARPANET connections was computationally expensive and incredibly slow. The WKS record was designed as an efficiency hack. It allowed a client application to query the lightweight, UDP-based DNS layer to verify if a remote server actually supported a specific service before attempting to route traffic to it. If a user tried to initiate a Telnet session, but the domain's WKS record did not explicitly list Port 23 in its bitmap, the local client application could abort the connection attempt immediately. This prevented the client from hanging while waiting for a network timeout, saving valuable bandwidth across transatlantic links.
The Bitmap Bottleneck
The fatal flaw of the WKS record was its underlying data structure. The payload was encoded as a highly rigid binary bitmap, where each bit corresponded to a specific port number defined by the Internet Assigned Numbers Authority (IANA). This format became incredibly unwieldy and almost impossible for human administrators to maintain manually as internet services exploded in complexity. Every time a sysadmin installed a new service or closed a port, they had to regenerate the bitmap, update the zone serial, and wait for global DNS propagation just to reflect the accurate state of the server. The administrative overhead drastically outweighed the bandwidth savings.
Security Exposure and Replacement by SRV
Much like the HINFO record, the WKS protocol was completely blind to network security. Publishing a comprehensive, plain-text list of every open port on a server directly into the public DNS layer gave hackers a pre-scanned, comprehensive reconnaissance map. It entirely bypassed the need for noisy, easily detectable port scanners like Nmap. Recognizing these critical architectural and security flaws, the IETF officially declared the WKS record obsolete with the publication of RFC 1123. The requirement to map specific services and ports to domain names was later entirely shifted to the SRV (Service) record. SRV records provided infinitely more flexibility, allowing for dynamic port assignment, load-balancing weights, and priority failovers without exposing the entire underlying port profile of the target machine. Modern DNS software like BIND9 or CoreDNS will completely ignore WKS formatting.