Domain naming service (DNS) is something that we use every day, and yet, most of us don’t even realize it. Even some seasoned IT pros don’t know the ins-and-outs of DNS, even if it’s a part of their job to make sure everything runs smoothly. To understand DNS, let’s rewind a bit. About three decades ago, when the Internet was in its infancy, accessing a web page was not easy as you had to type the entire IP address. For example, to go to Google, you would have to type something like 8.8.8.8 in the browser and not google.com as you do it now.
Imagine how difficult and arduous it would’ve been given the huge list of IP addresses that we would have to remember!
Well, to make life easy for us, the developers decided to create a table or a “phonebook” that would match the domain names with their IP addresses, so you type espn.com and not 45.63.254.129 to see the scores.
DNS is the phonebook that makes this possible for us today. When you type the URL, the browser immediately looks up the corresponding IP address and sends it to your browser, so it can communicate with that server. Remember, computers only use numbers for communication, and this is translated into words and letters for human ease of use.
Now that you have a basic idea of what DNS is let’s see how it works.
How does DNS work?
Every device on the Internet has a unique set of numbers to identify it, and that’s called its IP address. You can imagine it to be similar to an address that helps to find a particular house.
This IP address is a set of numbers that’s divided into four parts, and each part can be any number from 0 to 255. So, an IP address is 0-255:0-255:0-255:0-255, and a combination of these numbers makes the IP address unique.
At a basic level, you enter a URL, and the browser sends a message to the DNS server for a matching IP address and communicates with the server whose address matches the one given by the DNS server.
Now, this DNS server is not a single server, given the huge number of websites and IP addresses it has to match. Rather, it is a set of systems distributed across different parts of the world, much like your Internet. So, your browser has to scour through millions of addresses to find a match. This is where the power of a DNS setup comes into play, and to understand every step of the translation, let’s take a look at some of its components.
Components of a DNS
There are four components or types of servers involved in a DNS operation, and they are:
- DNS recursor
- Root nameserver
- TLD nameserver
- Authoritative nameserver
DNS recursor
The DNS recursor is responsible for sending messages to different DNS servers until it finds the exact match. You can imagine a DNS recursor to be a librarian who doesn’t give up until she finds the book you want.
Root nameserver
The root nameserver is the first step to translating the words to numbers as it points to a table or a set of servers where the browser should search. This is akin to a sign in a library that tells you the broad categories of books like science, fiction, kids’ books, etc. in a library.
TLD nameserver
TLD nameserver is the next level of servers that contain the last part of the domain, which is “.com,” “.org,” and more. It is similar to a shelf that contains science books starting from, say, letters A to D.
Authoritative nameserver
Authoritative nameserver is the final step in the search. This is the one that finds the exact match, provided a match is present in the DNS server. Once it finds the match, it returns the value to the browser.
In other words, this authoritative nameserver has the information you want, and it is also the one that communicates it to the browser. But to get to the right nameserver, you need the above components.
The best part is the entire lookup process happens in a few milliseconds. To give you a perspective, the involuntary blinking of your eye takes about 40 milliseconds.
It’s important to understand that more nameservers are added after the authoritative nameserver when there are more subdomains. For example, www.espn.com/nba has another nameserver added after the authoritative nameserver to identify the subdomain “NBA,” so your browser should navigate to another server from the authoritative nameserver.
What is DNS lookup?
So far, we have seen the different components and now, let’s drill down to the exact process that happens from the type you enter a URL to the time the page is displayed.
- You enter the URL, and that’s sent by your browser to a DNS recursor.
- This recursor checks if the DNS record for that domain is cached and, if so, gets it from the cache.
- If it is not cached, the recursor sends a message to the DNS root nameserver that gives the name of the TLD nameserver, depending on the domain.
- The resolver contacts the TLD nameserver, and it gives the IP address of the authoritative nameserver.
- Next, the resolver sends a message to the authoritative nameserver, and this responds with the corresponding IP address for that domain name.
- The resolver sends the IP address to the browser.
- Finally, the browser sends an HTTP request to the IP address and renders the content it receives from that IP address.
Thus, this is how the URL you entered is translated into the corresponding IP address, and the data from that IP server is displayed.
Is DNS efficient?
Now comes the question: Is DNS an efficient mechanism? For starters, it has been in use for the last 30 years, and it is fast, so from this, we can conclude that it is an efficient mechanism.
That said, security wasn’t built into this system probably because hackers weren’t so sophisticated three decades back.
But things are a lot different today, and there are a few ways that hackers use DNS to attack a network or system. Let’s look at a few such attacks.
Resource exhaustion
In this type of distributed denial of service (DDoS) attack, the hacker registers a domain and designates the target’s name server as the authoritative server for his domain. Next, using a botnet, the hacker sends a flood of requests to the recursive servers within that ISP’s network.
Every request is for a subdomain that doesn’t exist, so the DNS recursively keeps looking, and eventually, the DNS infrastructure fails because of the heavy load. As a result, users are unable to access the Internet.
A DDoS solution can proactively thwart this type of attack.
DNS hijacking
In this type of attack, the hacker overrides a computer’s TCP/IP settings and points it to a rogue DNS server maintained by the hacker. All requests from the compromised computer go to the hacker’s DNS and not to the ISP’s DNS resolver. With this power, hackers send malware or advertising content to your computer.
This type of attack happens mostly in home routers.
Unauthorized DNS tunneling
DNS tunneling, as the name suggests, creates a tunnel to send and receive DNS queries, particularly sensitive data that can’t be sent over traditional networks. These tunnels consist of a server that acts as an authoritative server and a client, and both of them together create a virtual point-to-point interface for traffic to pass through.
But the universal use of DNS makes it highly susceptible to unauthorized data that could be encoded in the DNS packets, thereby making it difficult for firewalls to detect.
Reflection attacks
In reflection attacks, the hacker can send high volumes of messages from the DNS recursor, which floods the client machine with unrequested data. Too much data can overwhelm the system and can crumble its resources.
Though DNS opens the possibility for such attacks, you can secure your system with the right anti-hacking solutions because avoiding DNS completely is never a solution given that it’s the plumbing system of the Internet.
We hope this gives you a comprehensive idea of what a DNS is and the possible problems that come with it.
Featured image: Shutterstock
