On the Internet, to make life easier for users, a system has been created that maps a domain name (for example, wikipedia.org or prohacktive.io) to an IP address (for example, 18.104.22.168). It's kind of like a phone book that maps a person to a phone number.
The DNS (Domain Name System) will therefore play this role of "internet directory". So when a user opens his browser and types in a URL, it will have to be able to translate that name into an IP address and take the Internet user to the right server in order to display the desired page. This is called DNS resolution.
Four DNS servers involved in loading a page
- Recursive DNS Resolver (Resolving Name Server)
- Root Name Server
- Name server TLD (top-level domain)
- Authoritative Name Server
The steps of a DNS search
1/ A user enters "www.wikipedia.org" in his browser. The request is sent via the Internet to the recursive DNS resolver.
2/ The resolver queries a DNS root name server.
3/ The latter will transmit the address of a TLD name server (like .com or .net). In our example "www.wikipedia.org", the request is directed to the TLD ".org".
4/ The resolver sends a request to the ".org" TLD.
5/ The TLD server answers with the IP address of the domain name server: "wikipedia.org".
6/ The resolver queries the DNS server "wikipedia.org".
7/ This one returns the IP address of the domain "www.wikipedia.org".
8/ The recursive DNS resolver receives the response and forwards it to the browser.
Once the browser receives the IP address, it will be able to build the HTTP request to send to the server and wait in return for a web page to display.
What is the DNS cache?
To speed up DNS queries and reduce bandwidth, DNS cache servers are set up. These servers store the direct correspondence between the domain name and the IP address.
For more information
In reality, the notion of DNS is quite vast and a little more complex than what has been mentioned above. For more information, you can consult :
Potential attacks ?
DNS Tunneling turns the DNS or Domain Name System into a hacking weapon. As we know, the DNS is the equivalent of a phone book for the Internet. DNS also has a simple protocol to allow administrators to query the database of a DNS server. So far, so good. Clever hackers realized that they could secretly communicate with a target computer by sneaking commands and data into the DNS protocol. This idea is at the heart of DNS Tunneling.
This is a volumetric, reflection-based DDoS (distributed denial of service) attack in which an attacker exploits the functionality of open DNS resolvers to overload a target server or network with an amplified amount of traffic in order to render the server and its surrounding infrastructure inaccessible.
DNS Flood Attack
DNS flooding attacks involve using the DNS protocol to perform a User Datagram Protocol (UDP) flood. The attackers deploy valid (but spoofed) DNS query packets at an extremely high packet rate, and then create a massive cluster of source IP addresses.
Since the queries appear valid, the target's DNS servers begin responding to them. The DNS server will be overwhelmed by the massive amount of queries. A DNS attack requires a large amount of network resources, which exhausts the targeted DNS infrastructure until it is taken offline. As a result, the target's Internet access also decreases.
DNS spoofing, or DNS cache poisoning, involves using altered DNS records to redirect online traffic to a fraudulent site masquerading as the intended destination. Once users reach the fraudulent destination, they are prompted to log into their account.
How to protect ?
Some leads :
- Prevent DDoS attacks: favor using a set of at least 3 authoritative DNS servers. They will need to be geographically separated (in terms of physical hosting) and distributed across distinct address blocks and extensions (TLDs).
- Preferring to use DNS Anycast: maximizes the availability of your domain names globally.
- Build on security: by implementing DNSSEC to enable validation of the integrity of DNS responses.
- Opt for a certified managed service: trust a reliable, professional and certified partner to ensure the highest DNS security standards (including ISO certification).
- Use certificates and digital signatures: setting up an authentication ("strong") and encryption policy for your data and communications.
- Implement backup measures: always important to have a backup in case of a crisis.