Domain Name System (DNS)

This article explains the basics of the Domain Name System (DNS), an often-overlooked component of the Web's architecture that is critical for practically every networked application. Many attacks, such as fast-flux and DNS applications, take advantage of DNS design flaws that prioritize efficiency over security. Later sections will expand on the basic knowledge presented in this section by discussing some DNS-abusing attacks.

The Domain Name System (DNS) is a hierarchical and decentralized system that translates human-readable Domain names (such as example.com) into IP addresses (such as 192.168.2.1 or the more extended IPv6 addresses) that computers use to communicate with each other. DNS makes using Internet applications, such as the World Wide Web, easy. 

Remember The Internet Protocol is the core protocol used by the Internet. Each computer that has Internet connectivity has an IP address that other computers can use to send traffic to it. Each IP address is made up of four integers ranging from 0 to 255 separated by periods, such as 192.168.5.1. These numbers are ideal for computers that constantly deal with bits and bytes but are difficult for people to memorize. To remedy this issue, the DNS was created in 1983 to generate easy-to-remember names corresponding to IP addresses.

How DNS works?

DNS is a fundamental component of the Internet's architecture. Understanding how the DNS works are required to comprehend how attacks on the system can affect the entire Internet and how criminal infrastructure can exploit it. 

Let's have a look at an example to illustrate how DNS works:

1. Request Initiation: Suppose a user wants to visit the website "www.example.com" by typing it into their web browser.

2. Local DNS Cache: The user's device checks its local DNS cache for a previously resolved IP address for "www.example.com". If the domain name is found and has not expired, the corresponding IP address is retrieved from the cache.

3. Recursive DNS Servers: If the IP address is not found in the local DNS cache, the user's device contacts a recursive DNS server. This server may be provided by the Internet Service Provider (ISP) or configured manually.

4. Root DNS Servers: The recursive DNS server starts the resolution process by contacting a root DNS server. The server is asked, "Do you know the IP address for 'www.example.com'?"

5. Top-Level Domain (TLD) Servers: The root DNS server responds to the recursive DNS server with the IP address of the TLD server responsible for the ".com" domain. The recursive DNS server then contacts the ".com" TLD server with the same query.

6. Authoritative DNS Servers: The ".com" TLD server provides the IP address of the authoritative DNS server responsible for the "example.com" domain to the recursive DNS server. The recursive DNS server queries the authoritative DNS server.

7. DNS Response: The authoritative DNS server for "example.com" responds to the recursive DNS server with the IP address associated with "www.example.com". The recursive DNS server receives the response.

8. Caching: The recursive DNS server caches the IP address received from the authoritative DNS server for a specified period. This caching helps expedite future requests for the same domain name.

9. Application Communication: The recursive DNS server sends the IP address of "www.example.com" back to the user's device. The device can now establish a connection to the web server associated with that IP address, allowing the user to access the website.

This DNS resolution procedure often takes a fraction of a second, allowing users to browse websites and networked apps using familiar domain names while the underlying DNS infrastructure executes the IP address translation behind the scenes.

Overview of Concepts in DNS 

The primary goal that the designers of the DNS had in mind was scalability. This goal grew from the failure of the previous solution that required each user to download a multi-thousand-line file named hosts.txt from a single server. To create a truly scalable system, the designers chose to create a hierarchy of “domains.”

The hierarchical nature of the DNS is also important in the resolving process. The process of mapping a domain to an IP address is known as resolution, and resolvers are the programs that carry out this operation. Because of the nature of the resolution process, resolvers are classified as recursive or nonrecursive. 

The Domain Name System (DNS) features a hierarchical structure that divides domain names into tiers, resulting in a hierarchical naming scheme. Let us break down the hierarchy from the top to the bottom:

The hierarchical structure of the domain name system (DNS)

1. Root: The root is at the top of the DNS hierarchy. It is denoted by a dot (.) and is the starting point for all DNS inquiries. The root is the topmost level in the hierarchy and does not correspond to any specific domain name.

2. Top-Level Domains (TLDs): Below the root, we have the TLDs. These are the domain extensions that represent different categories or types of domains. Examples of TLDs include .com, .org, .net, .edu, .gov, .mil, .int, etc. TLDs are managed by various organizations, such as ICANN (Internet Corporation for Assigned Names and Numbers).

3. Second-Level Domains (SLDs): Below the TLDs, we have the second-level domains. These are the main sections of a domain name and are often used to represent organizations, businesses, or other entities. For example, in the domain name "example.com," "example" is the second-level domain.

4. Subdomains: Below the second-level domains, we have subdomains. Subdomains are used to further divide a domain name into more specific sections or to denote different services or areas within an organization. They are separated from the second-level domain by additional labels or names, followed by a dot. For example, in the domain name "subdomain.example.com," "subdomain" is a subdomain of "example.com."

5. Hostnames: At the lowest level of the DNS hierarchy are hostnames. Hostnames are specific names assigned to individual machines or devices within a domain or subdomain. They are typically used to identify specific resources like web servers, mail servers, or other networked devices. For example, in the domain name "www.example.com," "www" is a hostname.

The hierarchical nature that defines the DNS is also a key to the resolution process. Resolution is the process of mapping a domain to an IP address, and resolvers are the programs that perform this function. Due to the nature of the resolution process, resolvers fall into two categories: recursive and nonrecursive.