Hey there! Through my learning days, I came across many people talking about the DNS and its functions. I noticed many people often getting confused with these terms and what they mean?! So, it led me to finally write this article.
Concept Of Domain Name System (DNS) Server
The internet uses DNS (Domain Name System) records to translate host names into IP addresses (in this case 126.96.36.199) and in some cases vice versa too.
When you type the DNS of a website into your browser (which I would hope is Chrome, Firefox or Opera, and not IE) it begins looking up the host.
To do this, it sends a packet of data to one of 13 pre-programmed root name servers. Surprisingly, there are only 13 root name servers in the world! Some are government operated (e.g. NASA, DISA) and some are run by large companies such as VeriSign and Cogent.
Just in case you think “oh, that seems easy to attack”, it’s not – they run load distribution systems that can repel more than a 5TB/s DDoS with little more than a slight slowdown in service. The purpose of these name servers is to tell clients (e.g. your web browser) where the name server is for the host you are requesting, so that it can go ask that server for more information. These requests are made using UDP (User Data-gram Protocol) port 53. Sometimes this process is recursive, propagating down multiple levels of DNS servers before you get an authoritative response.
Here’s an example:
1) Your web browser asks a root name-server about www.hackapc.com
2) It replies: The name-server ns01.one.com has that information.
3) Your web browser asks ns01.one.com about www.hackapc.com) It replies: The name-server ns1.tucows.com has that information.
5) Your web browser asks ns1.one.com about www.hackapc.com
6) It replies: The name-server ns1.one.com has that information.
7) Your web browser asks ns1.one.com about www.hackapc.com
It replies: The authoritative IP address of www.hackapc.com is 188.8.131.52
See how that works? Each name server passed the buck to the next one, until you finally got an answer from someone who knows it. The authoritative IP address, also known as the A record, is stored as a DNS entry on the name server. Other records, such as MX (mail server) and CNAME (canonical name, i.e. an alias) are also stored in the domain record.
A service called ‘whois’ exists to get the contents of these records. There are hundreds of websites that let you perform a whois. My favorite is http://whois.domaintools.com/ but as I said there are hundreds out there. These records often include the name, address and telephone number of the person who registered the domain, as well as the name and telephone number of the company that leases the domain to that person. Private individuals can opt out of the whois lookup to prevent privacy issues.
Harnessing the knowledge
If you were to attack a name-server, you could flood it with UDP packets on port 53 in order to cause large amounts of processing to be done on the server that runs it. This would mean that normal DNS traffic would not always get processed and the users would not be able to resolve the domain’s IP, resulting in a denial of service. In combination with a TCP SYN flood on port 80 of the server itself, a DNS flood can take out a website completely, given enough resources.
Hide Your DNS
This seems pretty simple, right! DNS can leak much information about a user, when the client communicates with the server. So, hiding your DNS is also very important for secure & anonymous browsing.