Cyber Security Student and researcher.
Almost everybody feels itself quite comfortable when it goes about HTTP, but DNS explanation can be more tricky, and you will find it here.
We all know that each computer, each server and even each network device have IP addresses associated/allocated to each of them; so, imagine you have to remember the IP addresses of over 50 servers. For the majority of us without photographic memories and the fact that we aren’t even robots, that could be a very hard task to accomplish. Hence, the advent of a DNS server.
This article provides a step-by-step explanation of what a DNS server is, how it works and what it is used for.
Table of Contents
Domain Name System Server, popularly known as DNS server, is the foundation and backbone on which the internet was built. We are all aware that every server, whether it be a web server, database server or even a file server, all have an IP address attached to them. You can also find your IP address and location using our what is my IP service.
Does that mean I have to remember the IP address each time I want to make a request? Back in college, I had a research assignment on encryption methodologies, and the report was meant to be an extensive one. Are you really telling me that I have to remember the IP address of every site I visit?
This is where the Domain Name System (DNS) server comes into play. DNS is like the phone book of the internet. You are already thinking about your phone, right? Your thoughts are in the right direction. Imagine having to cram all the phone numbers of your family members, friends and acquittances. Is that even possible?
The phonebook helps to save the phone number alongside a name of your choice, making calling easier and faster. This is what the DNS server does. It saves you the stress of having to remember countless number of IP addresses.
All you need is the name of the site you want to visit, and voila, it is right in front of you.
We all know that the primary goal of a Domain Name System (DNS) is for domain name resolution i.e. from cooltechzone.com to 172.67.160.129; resolving hostnames to IP addresses. What your system/DNS client performs is called a DNS query/lookup. Pick up your favourite browser and type the URL cooltechzone.com.
What happens is that the DNS client queries a DNS server using UDP port 53 for a response, and sometimes, it is immediately given. Other times, the DNS server queries other DNS servers in search for a response. When this process is completed, the responses are stored in a cache for a particular amount of time so that upon future requests, the query processes are not repeated again.
Surprisingly, despite these number of steps, these processes are completed within a twinkle of an eye.
Usually, the DNS server hosts zone files i.e. text database files that contain records of the IP addresses. Some of these zone files or records are as follows:
Others include mail exchange (MX) records and start of authority (SOA) records.
There are basically 4 types of DNS serves, namely: Recursive resolvers, root nameservers, Top Level Domain (TLD) nameservers and authoritative nameservers. These servers work hand in hand to make DNS queries as seamless as possible. Let's talk more about these servers.
Let's say you want to visit coolteczone.com. The query is escalated to the .com TLD nameserver, which then points to the authoritative nameserver. Various countries have their unique TLD nameservers. For example, Nigeria's TLD is .ng, United Kingdom’s TLD is .uk, United States of America's TLD is .us e.t.c
A public and free DNS server is one that is available to the general public, and it comes from either your internet service provider or a dedicated DNS provider. Below, you will find the IP addresses of different public DNS servers.
|
DNS provider
|
Ip address
|
|
Google
|
8.8.8.8
|
|
Cloud fare
|
1.1.1.1
|
|
OpenDNS
|
208.67.222.222
|
|
Qaud9
|
9.9.9.9
|
|
UltraRecursive
|
156.154.70.1
|
On some occasions, you might try to visit a website, and you are greeted with an error message "DNS server not responding”. Your DNS server not responding to queries could be a result of different issues. Luckily, these issues can be fixed by following these troubleshooting steps.
Step 1: Browser Issue
In other to rule out browser issues, we have to troubleshoot. If you were using google chrome before and it brought up that error message, try switching to other browsers like Safari, Mozilla. Brave, Edge etc. It could be an update issue, and sometimes, it could even be solved by uninstalling and installing the preferred browser all over again.
Step 2: Firewall
Even after changing browsers, reinstalling them and the problem still persists, it could then be a firewall issue. The firewall might be dropping the response from the DNS server or preventing you from making a query. If, after temporarily turning OFF the firewall, the issue isn’t yet resolved, we can strike that off the bucket list.
Step 3: Change the DNS server
This is the final and probably the method that will resolve all your issues with unresponsive DNS. Below are steps on changing my DNS server on a Windows system.
Step I: Search for network connections using the windows search button and double-click.
Step II: Right click on your wi-fi.
Step III: Right-click on TCP/IPv4, view properties, then fill in your preferred DNS server.
DNS security should be taken with utmost importance because it is an avenue for bad attackers to wreak havoc. One risk that comes with DNS is DNS cache poisoning. This is when an attacker modifies the DNS cache with a false IP address in an attempt to send every request the DNS client makes to that bogus IP address instead of the correct IP address.
Take, for instance, you want to visit your bank's website in an attempt to make online transactions, and the correct IP address to that website is 172.165.124.21. If the attacker is successful with the DNS cache poisoning, the IP address of the bank's website in the DNS cache could be changed to a false one leading the victim to a bogus website where his credit card details are stolen.
Another attack that could affect a DNS server is a DDoS attack (Distributed Denial of Service). Back in October 2016, Dyn, a major DNS service provider, was attacked with DDoS. This attack was recorded as the largest DDoS attack in history. Sites like Amazon, Netflix, PayPal, CNN, Reddit, Spotify and many more couldn’t be accessed.
More than half of the internet was down. The attack was performed using commands in the form of DNS queries with 10s of millions of infected IoT devices. It was called a Mirai attack perpetrated using a botnet.
One primary way of preventing these attacks is with DNSSEC (Domain Name System Security Extensions). DNSSEC adds digital security to every record, providing non-repudiation and maintaining integrity. It helps provides validation for DNS responses.
We can clearly understand now why the whole idea of a phone book is used in describing what a DNS server is and how it works. We also saw how important a DNS server is to our internet usage and why it is necessary for them to be protected and secured with DNSSEC.
Lest we forget, Sys Admins also normally employ command-line tools like nslookup (name server lookup) and dig (domain information groper) to troubleshoot DNS servers to verify that they can resolve hostnames and fully qualified domain names (FQDN) to IP addresses.
If you are interested in knowing more about DNS servers or have questions to ask, please let me know by leaving a comment below.
Leave a comment
