Monday, June 30, 2014

DNS - How the Domain Name System Works

How the Domain Name System Works

The Domain Name System (DNS) is a central part of the Internet, providing a way to match names (a website you’re seeking) to numbers (the address for the website). Anything connected to the Internet - laptops, tablets, mobile phones, websites - has an Internet Protocol (IP) address made up of numbers. Your favorite website might have an IP address like, but this is obviously not easy to remember. However a domain name such as is something people can recognize and remember. DNS syncs up domain names with IP addresses enabling humans to use memorable domain names while computers on the Internet can use IP addresses.
Let’s explore what keeps more than 2.5 billion Internet users and 271 million domain names* connecting—and how Verisign helps to make it happen.
* Verisign Domain Name Industry Brief, April 2014


The Domain Name System FAQs

The DNS is the addressing system for the Internet. Almost anything that interfaces with the Internet (e.g., computers, mobile devices, laptops, ATMs, and POS terminals) relies on DNS services to exchange information. DNS uses specialized servers to translate (or resolve) names such as into numeric addresses that allow data and information to reach its destination. All Internet applications—ranging from websites, email, social networking, and online banking to Voice over Internet Protocol (VoIP), file sharing, and video on demand—depend on the accuracy and integrity of this translation. Without the DNS, the Internet cannot function. The DNS is integral to a nation's critical infrastructure, online business operations and financial transactions, and all Internet-based communications.

What is the DNS?

How does the DNS work?

The domain name space consists of a tree of domain names, subdivided into zones. The top-level or root zone is administered by the U.S. Department of Commerce (DoC) and jointly managed by Verisign and the Internet Assigned Numbers Authority (IANA) functions operator, who maintain the data in the root name servers.

A DNS zone consists of a collection of connected nodes served by an authoritative name server. Authoritative name servers for different zones are responsible for publishing the mappings of domain names to IP addresses. Each node or leaf in the tree has zero or more resource records that hold information associated with the domain name. Every domain name ends with a top-level domain (TLD) such as .com or .tv.

For the Internet to function and to prevent duplication of domain names, there must be one authoritative place to register a domain name. Each TLD has an authoritative registry, which manages a centralized database. The registry propagates the information about domain names and IP addresses in TLD zone files. TLD zone files map active second-level domain names (the portion of the domain name that appears immediately to the left of ".") to the unique IP addresses of the name servers.

Why is DNS vulnerable?

The process of translating a domain name into an IP address is called DNS resolution. When someone types a domain name, such as, into a web browser, the browser contacts a name server to obtain the corresponding IP address. There are two types of name servers: authoritative name servers, which store complete information about a zone, and recursive name servers, which answer DNS queries for Internet users and store DNS response results for a period of time. When a recursive name server receives a response, it caches (stores) it to speed up subsequent queries. Caching helps reduce the number of information requests required, but it is susceptible to man-in-the-middle attacks.

As a result of these attacks, cyber criminals can:

    Hijack emails
    Tap Voice over IP (VoIP)
    Impersonate websites
    Steal passwords and login information
    Extract credit card data and other confidential information

Learn more about threats to the DNS system.

What is cache poisoning?
Cache poisoning occurs when fraudulent DNS data is inserted into the cache of a recursive name server. Recursive name servers temporarily store, or cache, information learned during the name resolution process, but without DNSSEC they have no way to ensure the validity and accuracy of this information. When malicious information is cached on the recursive name server, the server is considered "poisoned." Cache poisoning allows an attacker to redirect traffic to fraudulent sites.

What are man-in-the-middle (MITM) attacks?
A man-in-the-middle (MITM) attack surreptitiously intercepts and modifies communications between two systems. The attacker can potentially modify the communication to redirect traffic to an illegitimate address or website. End users do not detect the "man in the middle" and assume that they are communicating directly with their intended destination.

How DNS works for

1. A client PC requests for an IP address of a domain say
2. The client request is forwarded to the local DNS server first. If it has an entry to its database or on cache, it will return the value. If it does not find it, it will forward the request to another DNS server. If there is not another DNS server and there is no record, then it will send no record to the client query.
3. Once the request is forwarded from DNS server to another DNS server, it might have entry for the domain on its cache, and it may return with an IP address of (example only).
4. This query will be returned back to the DNS server. The DNS server may cache this information for future request for the same domain.

5. Now, client PC gets the IP address of the domain. Now, it makes connection to the server

No comments:

Post a Comment