What is DNS and why is it the backbone of the internet?
DNS stands for Domain Name System, which is often referred to as the phonebook of the internet. Just as a phonebook helps you know the phone number of a person or organization, DNS also lets you know the IP address of a website. It’s complicated to remember the numeric and alphanumeric IP addresses of so many websites; that’s why you just type the name of the website in your browser’s search bar, and DNS steps in to retrieve the IP address corresponding to the website so that you land on the desired webpages.
DNS definition
DNS turns domain names into IP addresses, which browsers like Google and Yahoo use to load your desired websites and webpages on the internet. Every device on the internet has an IP address, which helps other devices find it. DNS servers let people type easy-to-remember names, like duocircle.com, into their browsers instead of remembering the IP addresses for each website.
History of DNS
Before DNS, the internet was mostly used by academic and research institutions, and developers manually matched hostnames to IP addresses using a simple text file called HOSTS.TXT. SRI International managed and distributed these files, but as the internet grew, this method became impractical.
To solve this, Paul Mockapetris invented the domain name system (DNS) in 1983. With help from other internet pioneers, they created the first specifications for DNS in documents called RFC 882 and RFC 883, which were later replaced by RFC 1034 and RFC 1035.
As DNS grew, its management moved to the Internet Assigned Numbers Authority (IANA) and then, in 1998, to the Internet Corporation for Assigned Names and Numbers (ICANN).
Types of DNS servers involved in loading a webpage
Researchers created the DNS with a hierarchical, distributed database structure that establishes a dynamic approach to domain name resolution. This strategically matches the speed with which the network of computers is expanding globally. To make it simpler to function, 4 types of DNS servers work with each other to get the correct IP address the client queried.
DNS recursor
DNS recursor, also called DNS resolver, receives queries from client machines through web browsers. It makes additional requests to help the client with their DNS query. After the DNS recursor receives the request, it becomes the client itself and makes queries that are sent to the other three DNS servers- root nameserver, TLD nameserver, and authoritative nameserver.
Root nameserver
The root nameserver is at the top of the DNS hierarchy and handles the central DNS database. It answers requests for records in the root zone by sending back a list of the authoritative nameservers that go with the correct TLD.
TLD nameserver
TLD is short for Top-level domain server. It handles the upper levels of the hierarchy, including top-level domains (gTLDs). TLD name servers send queries to the correct authoritative name servers for specific domains in their TLD. For example, the TLD name server for “.com” handles domains ending in “.com”, and the TLD name server for “.gov” handles domains ending in “.gov”.
Authoritative nameserver
An authoritative nameserver gives the actual answer to your DNS query. These are of two types- the master or primary server and the slave or secondary server. The master server holds the original DNS records, and the slave server has a copy of the master. The slave server helps handle traffic and acts as a backup if the master server goes down.
8 steps of a DNS lookup
The whole process typically unfolds in the following 8 steps-
- A client types brand.com in the web browser, and the query travels into the internet, which is then received by a DNS recursor.
- The resolver queries a DNS root nameserver (.).
- The root server gives the resolver the address of the TLD server (like .com or .net).
- The resolver asks the .com TLD server for the domain.
- The TLD server responds with the IP address of the domain’s nameserver (example.com).
- The resolver then asks the domain’s nameserver for the IP address.
- The domain’s nameserver returns the IP address to the resolver.
- Finally, the resolver gives the IP address to the web browser.
Once these 8 steps are complete, the browser makes an HTTP request to the IP address. Then, the server at the IP returns the webpage to be rendered in the browser.
Security risks associated with DNS
Contemporary DNS servers are quite secure, but with more sophisticated tools in the market, malicious actors have become more abled than ever before. This actually means that nothing is completely safe on the internet, including DNS, which is its backbone. The common attacks that a DNS is susceptible to are-
DNS spoofing
In DNS spoofing, a threat actor inserts false address records into a DNS resolver’s cache. This triggers it, causing it to return an incorrect IP address. Due to this incorrect IP address, clients land on a fake and spiteful webpage. These fake web pages usually look exactly like the original ones. So, when visitors are asked to enter their personal information (like banking details, medical reports, and Social Security Numbers), they do so without any hesitation as they believe the website is authentic and trustworthy.
DNS amplification attacks
It’s a type of DDoS attack in which a threat actor sends small queries to a DNS server, with the return address spoofed to the victim’s IP address. These attacks take advantage of DNS by turning small queries into much larger responses. This amplifies traffic, overwhelming the user’s resources and causing DNS to fail, ultimately shutting down the application.
Domain hijacking
In domain hijacking, a cybercriminal illegally accesses a domain registrar account and changes the domain’s registration. This redirects visitors to malicious webpages and can lead to malware installation. It can get worse and result in email interception and the user’s identity being taken over.
Final words
As stated above, DNS is the backbone of the internet. Its security can’t be overlooked, so businesses should not hesitate to implement DNSSEC and VPNs. Also, enforce rate limiting and practice regular DNS flushing to maintain the integrity of DNS records.
Another important factor contributing to DNS safety is staying informed about emerging threats and inculcating them in your team.