DNS

On the Internet, to make life easier for users, a system has been created that maps a domain name (for example, wikipedia.org or prohacktive.io) to an IP address (for example, 134.119.176.28). It's kind of like a phone book that maps a person to a phone number.

The DNS (Domain Name System) will therefore play this role of "internet directory". So when a user opens his browser and types in a URL, it will have to be able to translate that name into an IP address and take the Internet user to the right server in order to display the desired page. This is called DNS resolution.

Four DNS servers involved in loading a page

The steps of a DNS search

1/ A user enters "www.wikipedia.org" in his browser. The request is sent via the Internet to the recursive DNS resolver.

2/ The resolver queries a DNS root name server.

3/ The latter will transmit the address of a TLD name server (like .com or .net). In our example "www.wikipedia.org", the request is directed to the TLD ".org".

4/ The resolver sends a request to the ".org" TLD.

5/ The TLD server answers with the IP address of the domain name server: "wikipedia.org".

6/ The resolver queries the DNS server "wikipedia.org".

7/ This one returns the IP address of the domain "www.wikipedia.org".

8/ The recursive DNS resolver receives the response and forwards it to the browser.

Once the browser receives the IP address, it will be able to build the HTTP request to send to the server and wait in return for a web page to display.

DNS iterations

What is the DNS cache?

To speed up DNS queries and reduce bandwidth, DNS cache servers are set up. These servers store the direct correspondence between the domain name and the IP address.

For more information

In reality, the notion of DNS is quite vast and a little more complex than what has been mentioned above. For more information, you can consult :

Potential attacks ?

DNS Tunneling

DNS Tunneling turns the DNS or Domain Name System into a hacking weapon. As we know, the DNS is the equivalent of a phone book for the Internet. DNS also has a simple protocol to allow administrators to query the database of a DNS server. So far, so good. Clever hackers realized that they could secretly communicate with a target computer by sneaking commands and data into the DNS protocol. This idea is at the heart of DNS Tunneling.

DNS Amplification

This is a volumetric, reflection-based DDoS (distributed denial of service) attack in which an attacker exploits the functionality of open DNS resolvers to overload a target server or network with an amplified amount of traffic in order to render the server and its surrounding infrastructure inaccessible.

DNS Flood Attack

DNS flooding attacks involve using the DNS protocol to perform a User Datagram Protocol (UDP) flood. The attackers deploy valid (but spoofed) DNS query packets at an extremely high packet rate, and then create a massive cluster of source IP addresses.

Since the queries appear valid, the target's DNS servers begin responding to them. The DNS server will be overwhelmed by the massive amount of queries. A DNS attack requires a large amount of network resources, which exhausts the targeted DNS infrastructure until it is taken offline. As a result, the target's Internet access also decreases.

DNS Spoofing

DNS spoofing, or DNS cache poisoning, involves using altered DNS records to redirect online traffic to a fraudulent site masquerading as the intended destination. Once users reach the fraudulent destination, they are prompted to log into their account.

How to protect ?

Some leads :