DNS Decoded!

Domain Name System (DNS) is a hostname for IP address translation service. DNS is a distributed database implemented in a hierarchy of name servers. It is an application layer protocol for message exchange between clients and servers. DNS Resolves names to numbers and domain names to IP Addresses. It's like a phone book. We don’t look for the number first, we look for the name first similar to the domain name.

● Components of DNS

1. ROOT Servers — They are the root, of the DNS hierarchy. 13 main type of root servers strategically placed around the world. Operated by 12 different organizations. Each set has their own unique IP Addresses.
2. TLD (Top-Level Domain) is the rightmost part of a domain name.  TLDs fall into two types: gTLDs (generic top-level domains) and ccTLDs (country code top-level domains). Originally, gTLDs indicated the purpose of the domain, like “.com” for business, “.org” for organizations, “.edu” for education, and “.gov” for government. Meanwhile, ccTLDs, such as “.ca” for Canada and “.uk” for the UK, were initially employed for geographical identification.
3. SLD (Second-Level Domain): “medium” here is the second-level domain. SLDs, like “medium,” are restricted to using lowercase letters, numbers 0–9, and hyphens, with a maximum length of 63 characters. When registering a domain, both SLDs and TLDs must adhere to certain rules, such as not starting or ending with hyphens and avoiding consecutive hyphens within the domain name.
4. Subdomain: A period is used to separate a subdomain from a second-level domain. For example, the admin part is a subdomain named admin.medium.org. You can create as many subdomains as you want for your domain name.
5. Authoritative nameserver: This final nameserver can be thought of as a dictionary. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS (user) that made the initial request.

● DNS Records & Its Types

DNS records are pieces of information stored in a DNS server that provide instructions on how to handle various aspects of domain name resolution. These records are essential in translating human-readable domain names into machine-readable IP addresses. Each DNS record type serves a specific purpose and contains specific information.

1. A(Address) Record: Associates a domain name with an IPv4 address. (TTL-Time to live). For example, if you have the A record for “singlea .com” set to “192.132.65.78”, means that when someone accesses “singlea .com”, they will direct to the server with the IP address “192.132.65.78”.

2. AAAA (IPv6 Address) Record: Associates a domain name with an IPv6 address. It allows computers using IPv6 to resolve domain names.

3. CNAME (Canonical Name) Record: Maps an alias or subdomain to the canonical (primary) domain name. It allows multiple domain names to resolve to the same IP address. For example, if you set a CNAME record for “ftp.petname. com” pointing to “petname. com”, any requests for “ftp.petname. com" will be redirected to “petname. com”.

4. PTR (Pointer) Record: Performs reverse DNS lookup by mapping an IP address to a domain name.

5. SRV (Service) Record: Specifies the location of a specific service within a domain. It is commonly used for services like Voice over IP (VoIP) or instant messaging.

● How Does DNS works?

Step 1: Query Initialization

The DNS begins when a user’s computer sends a request to resolve a domain name (e.g., www.learndns. com) to its corresponding IP address.

Step 2: Local DNS Resolver

The request is sent to the user’s local DNS resolver (often provided by the ISP). If the resolver has the requested information cached, it will skip the remaining steps and provide the response directly.

Step 3: Recursive DNS Server

If the local DNS resolver doesn’t have the requested information, it will forward the query to a recursive DNS server. The recursive server starts the DNS resolution process on behalf of the user.

Step 4: Root DNS Servers

The recursive DNS server contacts one of the root DNS servers, which are responsible for maintaining information about the top-level domains (.com, .net, etc.). It asks for the DNS server responsible for the top-level domain in the requested domain name.

Step 5: Top-Level Domain (TLD) DNS Servers

The root DNS server responds with the DNS server responsible for the specific top-level domain requested (e.g., .com). The recursive server then queries the TLD DNS server.

Step 6: Authoritative DNS Servers

The TLD DNS server responds with the authoritative DNS server responsible for the requested domain name (e.g., learndns .com). The recursive server then queries the authoritative DNS server.

Step 7: DNS Record Retrieval

The authoritative DNS server retrieves the requested DNS records associated with the domain name from its DNS zone. This may include A records (IPv4 addresses), AAAA records (IPv6 addresses), MX records (mail server), etc.

Step 8: Response to User

The recursive DNS server receives the DNS records from the authoritative server and sends the response back to the user’s computer via the local DNS resolver. The local resolver then caches the DNS information for future use, speeding up subsequent lookups.

● DNS Related Attacks:

1. DNS Spoofing: DNS spoofing, also known as DNS cache poisoning, involves manipulating the DNS cache to redirect users to malicious websites. Attackers inject false DNS records into a caching server, leading legitimate users to malicious IP addresses. DNS spoofing manipulates the internet’s address book (DNS cache), redirecting you to fake websites. Its like changing the number of your friend in phonebook.
2. DNS Pharming: DNS pharming does something similar by redirecting your internet traffic to fraudulent websites, aiming to steal your sensitive information like passwords or credit card details. Attackers compromise DNS servers or modify hosts files on users’ devices to redirect traffic.
3. DNS Amplification: DNS amplification attacks involve exploiting open DNS resolvers overwhelming and disrupting the target’s online services. Attackers send small requests with a forged source IP, causing the DNS server to send large responses to the victim’s IP address. Its like a prank call which makes your phone go ring and ring continuously.
4. DNS Tunneling: DNS tunneling is like that; it hides non-DNS data within DNS requests, letting attackers sneak information out of a network without raising suspicion, potentially compromising sensitive data. Its like a friend reading your love letters with so called seemingly harmless letters.

 → Dynamic Domain Name System (DDNS) is a service that automatically updates the IP address linked to a domain name, allowing users to access a device or network with a changing IP. In real life, if you have a CCTV at home with DDNS, even if your internet provider assigns a new IP address, you can still remotely access the camera using a consistent domain name (e.g., cctv.ddns .net) without manually updating the IP every time it changes.

I would recommend solving this TRYHACKME Room.

TryHackMe | DNS in detail

If you have understood the concepts written above, you can easily complete this room in few minutes.

Connections!! Medium