What is DNS - Domain Name System
The Domain Name System or DNS is a naming database that locates and translates Internet domain names like www.example.com into IP addresses.
An Internet Protocol (IP) address is a unique numerical label that serves to identify and locate a device on the internet or a local computer network. It makes it possible to differentiate between different computers, routers, and websites, allowing information to be sent between devices on a network.
DNS is in a way similar to a phone’s contacts list, matching names (in this case domain names) to phone numbers (IP Addresses).
Domain Name → IP Address
www.example.com → 220.127.116.11
Most internet activities rely on DNS to quickly locate an IP address in order to connect and access content.
The DNS directory is distributed around the world to account for the millions of domains listed and accessed every day.
But a domain name can correspond to more than one IP address because more than one person can search for the same website at the same time or it can even correspond to different IP addresses because DNS queries might be answered differently based on geographical location where they originate from.
For instance, if 100 people open www.example.com at once, each one of them might receive a unique IP address from different servers. If a domain name would only resolve to one server behind one IP address, those 100 people would all be directed to the same server and would likely overload it.
DNS can save IP addresses in its cache for a defined amount of time, which improves overall web performance. However, DNS is prone to vulnerabilities such as cache poisoning and malicious creation of misleading domain names for phishing attacks.
Types of DNS servers
DNS root servers
It is the central interface between users and content on the Internet. It is responsible for Top Level Domains (TLDs) and is queried only if the name server does not respond.
ICANN (Internet Corporation for Assigned Names and Numbers) oversees the work of the root name servers.
Authoritative name servers
These servers have authority for a specific zone (domain) and only answer queries from their area of responsibility with binding details. This server is the final checkpoint for the DNS query. The return necessary records to the recursive server to cache it closer to the client for future lookups.
There is one per domain, and each domain must have one. All the changes to the domain are made here. They update and synchronize secondary servers and are authoritative for their served domains.
These are backup DNS Servers, they obtain a copy of the domain data for all domains they serve. They receive updates from primary servers and are authoritative for their served domains. They provide load sharing for all the servers of the domain as well as redundancy if other servers become unavailable.
Non-authoritative name servers
These servers are not responsible for a specific DNS zone. Instead, they collect information on specific DNS zones using recursive or iterative DNS queries.
They temporarily store information from other name servers for a specific period of time. Configuration on multiple levels determines the duration of this storage.
Its only function is to forward DNS queries to another DNS server.
These are not authoritative DNS servers but perform name resolution, either locally in the computer, on a network router or on the corporate network.
How it works
This entire process takes only a fraction of a second and is usually imperceptible to the user and is done in the following steps:
- The user enters a web address (domain name) into a browser’s address bar.
- The browser sends a recursive DNS query to the network to find the corresponding IP or network address of the domain.
- The query goes to a recursive DNS server (DNS resolver) which can be managed by the internet service provider (ISP) or a company (e.g. Cloudflare DNS 18.104.22.168).
- If the resolver has the address, the address returns to the user, and the webpage loads. Otherwise, it queries a series of other servers: DNS root name servers, top-level domain (TLD) name servers and authoritative name servers.
- The recursive server caches the A record (or AAAA in case of IPv6) for the domain name, which contains the IP address. The next time it receives a request for that domain name, it can respond directly to the user instead of querying other servers.
- If a query reaches the authoritative server and it cannot find the information, it returns an error message.
DNS vulnerabilities are something that cannot and should not be ignored. Some of the common include:
DNS cache poisoning
False information is entered into a DNS cache, causing the DNS queries to return an incorrect response and users are directed to the wrong websites / false servers.
This is a common tool that cybercriminals have to steal user’s login credentials and other sensitive information.
Creation of misleading domain names
A character in a domain name is replaced with a similar looking character and a copy of the original website is created to fool users into selecting a false link. The goal is to get users to enter their valuable information, which can then be used by the hackers in the real website. This is commonly exploited with phishing attacks.
Check out out blog about DNS Configuration for E-mail to learn more about this topic!