The Domain Name System (DNS) turns domain names into IP addresses, which browsers use to load internet pages. Every device connected to the internet has its own IP address, which is used by other devices to locate the device.
DNS servers make it possible for people to input normal words into their browsers, such as kcsfa.co.ke, without having to keep track of the IP address for every website
A DNS server is a computer with a database containing the public IP addresses associated with the names of the websites an IP address brings a user to. DNS acts like a phonebook for the internet.
Whenever people type domain names, like facebook.com or gmail.com, into the address bar of web browsers, the DNS finds the right IP address. The site’s IP address is what directs the device to go to the correct place to access the site’s data.
Once the DNS server finds the correct IP address, browsers take the address and use it to send data to content delivery network (CDN) edge servers or origin servers. Once this is done, the information on the website can be accessed by the user. The DNS server starts the process by finding the corresponding IP address for a website’s uniform resource locator (URL).
How does DNS actually work?
In a usual DNS query, the URL typed in by the user has to go through four servers for the IP address to be provided.
The four servers work with each other to get the correct IP address to the client, and they include:
- DNS recursor: The DNS recursor, which is also referred to as a DNS resolver, receives the query from the DNS client. Then it communicates with other DNS servers to find the right IP address.After the resolver retrieves the request from the client, the resolver acts like a client itself. As it does this, it makes queries that get sent to the other three DNS servers: root nameservers, top-level domain (TLD) nameservers, and authoritative nameservers
- Root nameservers: The root nameserver is designated for the internet’s DNS root zone. Its job is to answer requests sent to it for records in the root zone. It answers requests by sending back a list of the authoritative nameservers that go with the correct TLD
- TLD nameservers: A TLD nameserver keeps the IP address of the second-level domain contained within the TLD name. It then releases the website’s IP address and sends the query to the domain’s nameserver.
- Authoritative nameservers: An authoritative nameserver is what gives you the real answer to your DNS query. There are two types of authoritative nameservers: a master server or primary nameserver and a slave server or secondary nameserver.The master server keeps the original copies of the zone records, while the slave server is an exact copy of the master server. It shares the DNS server load and acts as a backup if the master server fails.
DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain.These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do.
Some common types of DNS record:
- A record – The record that holds the IP address of a domain.
- CNAME record – Forwards one domain or subdomain to another domain, does NOT provide an IP address
- MX record – Directs mail to an email server.
- TXT record – Lets an admin store text notes in the record
- NS record – Stores the name server for a DNS entry.
- SOA record – Stores admin information about a domain
- SRV record – Specifies a port for specific services
- PTR record – Provides a domain name in reverse-lookups
Some of the tools you can use to check dns records inlude:
Attacks against DNS
A DNS Attack is any attack targeting the availability or stability of a network’s DNS service. Attacks that leverage DNS as its mechanism as part of its overall attack strategy, such as cache poisoning, are also considered DNS attacks. Here are some of the common DNS attacks
- Denial of Service – an attack in which a malicious bot sends send more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.
- Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.
- DNS amplification – the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread his attack to other DNS servers.
- Cache/DNS poisoning – the attacker corrupts a DNS server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack.
- Software Vulnerability- Attackers can also leverage a specific vulnerability to the DNS server software or host operating system, to either bypass control measures to create rogue entries in the DNS database, or cause the DNS server to crash.
That was all for DNS. We hope you enjoyed and learned something from the blog. Be sure to subscribe to our blog and learn from our weekly updates on twitter and facebook