What is DNS Server?
DNS stand for Domain Name System is one of the foundations of the modern internet. The Domain Name System (DNS) is the phonebook of the Internet. DNS server translates between human-readable domain names and the underlying Internet Protocol (IP) addresses that connected devices use to talk to each other. When we write some websites name or domain like Facebook.com, apple.com etc in our web browser, Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain/website names to IP addresses so browsers can load Internet resources.
Without DNS, for web surfing we need to memorize the IP addresses of websites, remember the IP addresses of all websites are complex for human, DNS eliminate the need for humans to memorize IP addresses such as 172.168.10.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2036:1::c139:d7v2 (in IPv6).
How DNS Server Work (DNS Lookup Process)?
- A user enters a domain name (e.g., Batman.com) into their web browser, and the browser sends the query via their internet service provider (ISP) to a DNS recursive resolver.
- The DNS resolver forwards the request for www.batman.com to a DNS root name server.
- The root server returns to the DNS resolver the address of the top-level domain(TLD). Examples of a top level domain(TLD) includes “.com”, “.org”, and “.net”. which stores the information for its domains. When searching for batman.com, user request is pointed toward the .com TLD.
- DNS Resolver then sends the information request to the Top-Level Domain server (In this case, the “.com” TLD nameserver).
- The TLD server then responds with the IP address of the domain’s nameserver (which is basically DNS Authoritative nameserver), batman.com.
- The DNS resolver sends the query to the domain’s DNS server.
- The domain’s DNS server then returns the IP address to the DNS resolver for the requested domain (e.g., “batman.com”).
- DNS resolver then responds to the web browser with the IP address of the domain requested initially.
Once the 8 steps of the DNS lookup have returned the IP address for batman.com, the browser is able to make the http request for the web page: - The browser makes a HTTP request to the IP address.
- The web server returns the web page for www.batman.com to the web browser, and the web browser displays the page.
Types of DNS Service
There are two primary types of services that DNS servers provide: Authoritative DNS and Recursive DNS. Both are integral part of the DNS infrastructure, but each serves a different purpose during a DNS query or request.
- DNS Recursor: Sometimes known as recursive resolver, the DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. responds if a hit is available in cache, or reaches out to a nameserver further up the chain. Recursors are often run by Internet Service Providers (ISP).
- Authoritative DNS Server: The authoritative name server is the final stop for any DNS query/request. This server is the highest authority for a given domain. Not all DNS queries make it up to the authoritative nameserver, some DNS queries resolved initially. The authoritative DNS server is the server that actually holds and maintains the record for the requested domain. The authoritative DNS server also has an updated mechanism, allowing administrators to manage their public DNS names. Authoritative DNS has the final authority over a domain and is responsible for providing answers to recursive DNS servers with the IP address information.
What is DNS Caching?
A DNS cache (also known as DNS resolver cache) is a temporary database, maintained by a computer’s web browser, that contains records of all the recent visits and attempted visits to websites and other internet domains. Modern web browsers are designed by default to cache DNS records for a set amount of time. The purpose of DNS caching is improvements in performance and reliability for data requests.
Chances are that you use facebook.com several times a day. Instead of your computer querying the DNS name server for the IP address of facebook.com every time, that information is saved on your computer so it doesn’t have to access a DNS server to resolve the name with its IP address.
Types of DNS Server Attacks
1. DNS Server Poisoning
Also known as DNS Spoofing, In which attacker corrupts a DNS server by replacing a legitimate IP address in the server’s cache with that of a rogue IP address to redirect traffic to a malicious website, collect information or initiate another attack. Sometimes called man-in-the-middle attack.
2. DNS Amplification
A DNS amplification (sometimes DNS reflection) is a distributed denial-of-service (DDoS ) attack, in which the attacker manipulates DNS servers. In this attack, attacker first uses a spoofed IP address to send massive DNS requests to DNS resolver. The DNS server then replies to the request, creating an attack on the target victim. The size of these attacks is larger than the spoofed request, resulting in large amounts of traffic going to the victim server and result denial of service occur.
3. DNS Tunneling
DNS is a simple protocol used for lookup and communication between a client and a server. But in DNS tunneling attackers tunnel other protocols like FTP, SSH through DNS that they can transfer files through DNS request and make command & control (C2) and it can data exfiltration.
4. DNS NXDOMAIN attack
The DNS NXDOMAIN attack is also a distributed denial-of-service (DDoS) attack, in this attacker attempts to make servers disappear from the Internet by making it impossible for clients to access, the attacker floods the DNS server with requests for invalid or nonexistent records. The DNS waste its time searching for something that even doesn’t exist instead of serving legitimate requests.
5. Domain Name Kiting
In this attack, attacker exploits a process in the registration process for a domain name that keeps the domain name in limbo and cannot be registered by a legitimated buyer.
Hi bro, Can you explain little bit more about domain name kiting.