What is DNS and how it makes our life easier

Image source – sutilweb.com

Have you ever wondered how you can open a website simply by entering its name in your web browser? Do you imagine how difficult it would be to do this and have to memorize sequences of numbers to be able to open each website?

Every website on the internet is referred to using a sequence of numbers called IP addresses, and remembering the IP address for every different website is quite tedious. It is where the DNS or Domain Name System comes into play to help improve our internet browsing experience.

In this article, I shall be explaining a DNS along with its function and how it helps in day-to-day life by making the user experience much better on the internet.

What is DNS and why is it useful

How do you use the internet? You open an internet browser such as Firefox, or Safari, enter the website you want to visit, and hit enter. Right?

You don't even need to enter the IP address of the website you want to access or any other complicated numbers. It is made possible by the Domain Name System, or DNS, that maps such website names to their respective IP addresses.

Image source – kinsta.com

Every resource on the internet, be it a website, a service, or servers, have a specific address known as an IP address. To access these resources, it is required for the user to remember such IP addresses, which is quite tedious taking into account the more signification number of websites and such on the internet.

The Domain Name System (DNS), makes it possible to access such internet resources by assigning domain names to them, easily memorized by a user.

The DNS system then translates the domain name into its IP address to access that resource through a process known as DNS lookup. The IP address is then used by the internet servers that hold the resource to allow access to them.

For example, if you enter www.facebok.com into your address bar in your web browser, the DNS then converts this into the IP address 69.63.176.13, which then takes you to the Facebook website.

DNS was introduced in 1983 by Paul Mockapetris as a replacement to the HOSTS.txt file, which is used for mapping between hostnames and addresses. In his paper, Paul points out various issues with the HOSTS.txt file for such mapping.

1. Costs for distributing the HOSTS.txt file to users was quite high
2. No centralized system for updating changes to the HOSTS.txt file
3. Increase in the HOSTS.txt file size with an increased number of hostnames

The DNS system is a globally distributed database that uses Domain Name Servers or DNS servers to map names to a network location. A hierarchical design and aggressive use of caching make DNS quite scalable compared to its predecessor, the HOSTS.txt file.

It allows updates to be distributed globally at a low cost and eliminates file size since it isn’t locally stored.

Types of DNS servers

• Recursive resolver
• Root nameserver
• TLD nameserver
• Authoritative nameserver

Image source – geeksforgeeks.org

Recursive resolver

A DNS recursive resolver is the first DNS server that a DNS lookup query is forwarded for resolution. The recursive resolver is usually a cache DNS server that stores frequently accessed domain names along with their IP address mapping in its cache.

A DNS recursive resolver server is usually managed by the user’s local Internet Service Provider or ISP. Any DNS queries in the network are automatically redirected to the recursive resolver.

Root nameserver

A root nameserver is the root of the DNS and stores direct references to other nameservers for forwarding queries. It also has a list of Top-Level Domain or TLD nameservers and authoritative nameservers that can use for different query resolution functions.

There are a total of 13 different root nameservers around the globe, starting from a.root-servers.net up to m.root-servers.net. Each type has multiple copies around the globe that are stored on different DNS servers.

TLD nameserver

The Top-Level Domain, or TLD nameserver, stores information regarding the addresses of a single type of top-level domains such as .com, .edu, .org, and so on. For example, the .com TLD nameserver will have information about websites ending with .com.

Authoritative nameserver

The authoritative DNS nameserver is, put, the source of all DNS records. It stores all the DNS resolution records for all the websites, mapping their domain names to the IP addresses.

The authoritative nameserver stores definitive versions of DNS records for the region, known as start-of-authority or SOA records. These SOA records are then used and cached by other DNS servers for the domain.

Working of a DNS server

A DNS or a DNS server, at its core, takes a domain name entered by a user and converts it into the corresponding IP address. Sound simple? However, there is much more that a DNS server does.

It includes storing databases with mapping functions for domain names to their IPs, handling caches to store frequently accessed resources, and segregating domain-specific information to different servers.

As an example, let us look at how a DNS server resolves a domain name into an IP address. The domain name used here is www.facebook.com, whose IP address is 69.63.176.13 that is needed to access the website.

Image source – appneta.com

The process for the domain name resolution is as described below:

1. The user enters the www.facebook.com into their web browser
2. The browser sends a DNS query to the network to fetch the IP address corresponding to www.facebook.com
3. The DNS query is received by the DNS recursive resolver that checks its cache for the IP address resolution of www.facebook.com
4. If it is found in the cache, the recursive resolver returns the IP address (69.63.176.13) to the web browser
5. Otherwise, the recursive resolver first queries the DNS root nameserver
6. The root nameserver receives the request from the recursive resolver with the domain name and returns the address for the TLD nameserver for that domain name (.com TLD server in this case)
7. Next, the recursive resolver queries the TLD nameserver with the domain name, which then points the resolver to the authoritative nameserver or that domain
8. Finally, containing SOA records for all domains in the region, the authoritative nameserver responds to the recursive resolver with the IP address corresponding to the domain www.facebook.com
9. The recursive resolver returns this IP address to the web browser, thereby successfully loading www.facebook.com for the user
10. The recursive resolver also caches the new domain address resolution for future use

DNS Security: DNSSEC

It is impossible to write an article about the DNS system without mentioning its security. It is designed without security in mind -the system does have a lot of flaws and limitations.

These vulnerabilities in the DNS system allow attackers to take advantage of the system to bring harm to and exploit various servers. A few common DNS attacks are listed below.

1. DNS spoofing – Also called cache poisoning, when the attacker poisons the recursive resolver cache with forged DNS resolution data leading to the false mapping of domain names to IP addresses.
   

   Image source – imperva.com

2. DNS hijacking – The attacker simply forwards all DNS queries to a different DNS server that might have been set up by the hacker for false mapping of domain names to IP addresses.
   

   Image source – paloaltonetworks.com

3. DNS tunneling – The attacker uses protocols such as HTTP, SSH, TCP, etc. create a tunnel and pass malware into the DNS queries without detection
4. Random subdomain attack – The attacker initiates countless DNS queries to non-existent subdomains, keeping the nameservers occupied and thereby creating a Denial-of-Service attack.
5. Botnet-based CPE attack – An attacker compromises CPEs (Customer Premise Equipment) to use them as part of a botnet to mount a random subdomain attack.
   

   Image source – github.com

Such attacks are why we need a DNS security system, which is where DNSSEC or Domain Name System Security Extensions, is introduced. The DNSSEC is a set of protocols or rules that add various cryptographic authentications to the DNS server communication.

DNSSEC has already been adopted by many higher-level organizations for the top-level DNS servers, such as authoritative nameservers and most TLD nameservers. The adoption into local recursive resolvers is still in progress and has quite a lot of ground to cover.

Image source – efficientip.com

The DNSSEC uses public-key cryptography algorithms to create a digital signature for each server involved in the DNS lookup process. If I can confirm that the response I received from the recursive resolver or nameserver is authentic, I can be sure that no attacker has interfered with my access to the internet.

Furthermore, there are also DNS firewalls that can work as rate limiters to prevent any forms of DOS attacks as well. The combination of DNSSEC and such DNS firewalls effectively prevents all DNS attacks making the entire system more secure.

Conclusion

The DNS is a critical system for all purposes of resource access on the internet, whether to access a website or remotely connect to an internet-enabled device that you own. Without a DNS in place, every user would be required to memorize the IP addresses of all these resources.

In this article, we explored the question “What is a DNS” and looked at its working, concluding with the security of a DNS system.

If you enjoyed reading this article, or have any suggestions, consider leaving a comment below to let us know!

Author

Rakesh Naik

Freelance Cyber Security Analyst and Writer practicing in Infosec Assessment.