- learning
- dns
- #dns
DNS - Domain Name System
The Domain Name System (DNS) is the largest internet directory. It converts human-readable website names into IP addresses. Computers use IP addresses to communicate with each other, but it's difficult for humans to remember strings of numbers. That's where DNS comes in - by translating easy-to-remember domain names into numerical IP addresses, DNS allows us to surf the web without having to memorize complex strings of numbers.
How does DNS work?
The Domain Name System (DNS) translates human-friendly domain names like www.example.com into machine-friendly IP addresses like 192.0.2.1. DNS automatically converts the names we type in our web browsers to the numbers that computers use to connect to each other.
Most Internet users never need to know anything about DNS because it happens automatically behind the scenes, but understanding how DNS works can be helpful in troubleshooting certain kinds of problems with your Internet connection.
4 DNS server types
There are four main types of DNS servers.
- Recursive DNS servers are the most common type. They handle queries from clients and then send those queries to other DNS servers to get the answer.
- Authoritative DNS servers contain the actual DNS records for a domain. When a recursive DNS server gets a query for a domain, it will send a query to an authoritative DNS server to get the answer.
- Root DNS servers are at the top level of the DNS hierarchy. They don't contain any actual DNS records, but they can point you to the right authoritative DNS server for a domain.
- Forwarding DNS servers are used to forward queries to other DNS servers. They can be used to improve performance or to provide security by filtering which queries are allowed.
Public DNS and Private DNS
There are two types of Domain Name System (DNS) servers: public and private. Public DNS servers are operated by companies such as Google, Norton, or OpenDNS. Private DNS servers are operated by your Internet Service Provider (ISP), or corporate network, or you can run your own server.
Most people use public DNS servers because they are free and easy to use. However, there are some advantages to using a private DNS server. For example, a private DNS server can offer increased speed and security.
If you're concerned about privacy, you may want to consider using a private DNS server. Be aware that some ISPs track DNS queries and sell this information to marketing firms. If you use a public DNS server, your ISP may still be able to see which websites you're visiting. To avoid this, you can use a VPN or encrypt your DNS traffic.
All steps in a DNS lookup
As you already know, the Domain Name System is the yellow pages of the Internet. Humans access information online through domain names, like uploadcare.com or pixelhunter.com. Web browsers interact with domain names through the DNS system.
DNS resolution is the process of turning a domain name into an IP address, which is a unique string of numbers that identifies a computer on the Internet. When you type in a domain name, your computer contacts a DNS server and asks for the IP address associated with that domain. Once it has the IP address, your computer can then communicate with the website's server.
A DNS lookup involves four steps:
- Your computer contacts a DNS server and asks for the IP address associated with a domain name.
- The DNS server looks up the IP address and responds to your computer.
- Your computer connects to the website's server using the IP address.
- The server sends you the website's data.
Types of DNS Queries
There are four types of DNS queries: recursive, iterative, authoritative, and non-authoritative.
Recursive
Recursive queries are the most common type of query. They are used when a client wants to resolve a hostname to an IP address. The DNS server will recursively query other DNS servers on behalf of the client until it finds the answer or reaches a timeout. If the DNS server doesn't have the answer cached, it will usually start with a root name server.
Iterative
Iterative queries are used when a DNS server doesn't have the answer to a client's query and needs to ask another DNS server for help. The server will send the query to one of the root name servers, which will respond with the IP address of a DNS server that is closer to the desired hostname. The original DNS server will then send another iterative query to the new server until it either finds the answer or reaches a timeout.
Authoritative
Authoritative queries are used when a DNS server has been configured to be an authoritative source for a particular domain. Authoritative queries always return an answer, even if that answer is simply that the hostname doesn't exist.
Non-authoritative
Non-authoritative queries are used when the original file is not in the list for the domain you did a lookup on.
DNS Caching
The Domain Name System (DNS) is a key part of the Internet, providing a directory of IP addresses for computers, devices, and services. DNS caches can improve the performance of the DNS and reduce the load on DNS servers.
DNS caching stores records of recent DNS lookups on your computer or device. When you visit a website, your computer will first check its DNS cache to see if it has the IP address for that website. If it does, it will use that address and load the website faster. If the DNS cache doesn't have the address, it will query a DNS server for the address and then cache the result for future use.
DNS caching is used by almost all computers and devices that connect to the Internet. It can be particularly helpful if you frequently visit websites that are hosted on the same server. For example, if you regularly visit example1.com and example2.com, which are both hosted on the same server, your computer will only need to query the DNS server once for the IP address of that server. It will then cache that IP address and use it to load both websites faster in the future
If you're having trouble accessing a website, try clearing your DNS cache, or – in other words, flush your DNS cache.
DNS Vulnerabilities
The Domain Name System (DNS) is a critical component of the Internet, providing a directory of domain names and translating them into numerical IP addresses. DNS is vulnerable to a number of attacks that can disrupt its operation and allow attackers to redirect traffic to malicious sites, intercept communications, or launch denial-of-service attacks.
DNS cache poisoning is a type of attack that exploits vulnerabilities in the DNS server software to insert false information into the DNS cache. This can allow attackers to redirect traffic from legitimate websites to malicious sites that host malware or phishing content.
DNS spoofing is another type of attack that can be used to redirect traffic from legitimate websites to malicious sites. In this type of attack, an attacker creates a fake DNS server that responds to queries with incorrect IP addresses. This can cause users to be directed to malicious sites that host malware or phishing content.
DNS amplification attacks exploit the fact that DNS queries are often much larger than the responses they generate. In this type of attack, attackers send large numbers of DNS queries with forged source IP addresses to open DNS resolvers. The DNS resolvers then respond to these queries with even larger responses, amplifying the amount of traffic to the extent that the server and its surrounding infrastructure are unavailable.
How to prevent and mitigate a DNS attack
The good news is that there are mitigation options available. The first step to detecting any anomalies is by logging and monitoring DNS queries.
Tighten admin access to your DNS. Enable 2FA/MFA on domain registrars, and use registrar locks to ensure administrators can't change DNS settings without you being notified first. Last but not least, harden your recursive DNS servers by implementing DNSSEC, access controls, etc.