What is DNS

Recommended Reading

• Cloud DNS Route Policy and its Application
• Common usage of dig command
• CoreDNS - A Flexible and Powerful DNS Server
• DNS
• How to CNAME root domain and alternative solution
• How to get subdomain from given domain
• Name.com coupon and discount code
• Public DNS over TLS
• Public Free DNS Service
• Verify the authenticity of DNS records with DNSSEC resolver delv
• What is a HSTS domain

Introduction

DNS stands for Domain Name System. It is a hierarchical naming system that maps domain names to IP addresses. DNS plays a crucial role in the functioning of the internet. In this 30 minutes guide, we will discuss the basics of DNS and how it works.

How DNS Works

When you type a URL into your web browser, it sends a request to a DNS resolver to map the domain name to an IP address. The resolver checks its cache to see if it has the IP address for the domain name. If it doesn’t, the resolver sends a request to a DNS root server. The root server responds with the IP address of the top-level domain server that manages the domain name’s extension.

The resolver then sends a request to the top-level domain server, which responds with the IP address of the authoritative name server for the domain name. The authoritative name server has the IP address for the domain name and responds with it to the resolver. The resolver caches the IP address and sends it to the web browser, allowing it to connect to the website.

DNS Records

• A records - An A record maps a domain name to the IP address (Version 4) of the computer hosting the domain. An A record uses a domain name to find the IP address of a computer connected to the internet.

• AAAA records - DNS AAAA records match a domain name to an IPv6 address. DNS AAAA records are exactly like DNS A records, except that they store a domain’s IPv6 address instead of its IPv4 address.

• CNAME - The ‘canonical name’ (CNAME) record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address.

• MX - A DNS ‘mail exchange’ (MX) record directs email to a mail server. The MX record indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email). Like CNAME records, an MX record must always point to another domain.

• TXT - The DNS ‘text’ (TXT) record lets a domain administrator enter text into the Domain Name System (DNS).

• NS - The DNS ‘name server’ (NS) record is used to point a domain or subdomain to a DNS server. The NS record is used to delegate a DNS zone to use a specific DNS server.

• SOA - The DNS ‘start of authority’ (SOA) record is used to identify the authoritative name server for a DNS zone, and to specify administrative contact information for the zone.

• SRV - The DNS ‘service’ (SRV) record is used to specify the location of services (for example, mail servers) and the protocols they support.

• PTR - The DNS ‘pointer’ (PTR) record is used to map an IP address to a domain name. PTR records are used in reverse DNS lookups.

• SPF - The DNS ‘sender policy framework’ (SPF) record is used to prevent email spoofing. SPF records are used to identify which mail servers are authorized to send email for a domain.

• DKIM - The DNS ‘domain keys identified mail’ (DKIM) record is used to prevent email spoofing. DKIM records are used to verify that an email message was sent by a legitimate sender.

• DMARC - The DNS ‘domain-based message authentication, reporting and conformance’ (DMARC) record is used to prevent email spoofing. DMARC records are used to verify that an email message was sent by a legitimate sender.

DNS Hierarchy

DNS Security

DNS is vulnerable to several security threats, including DNS spoofing, DNS cache poisoning, and DNS tunneling. DNS spoofing involves redirecting traffic to a fake website by changing the DNS mapping. DNS cache poisoning involves corrupting the DNS cache to redirect traffic to a fake website. DNS tunneling involves using DNS traffic to bypass firewalls and send data outside the network.

To prevent these security threats, DNSSEC (DNS Security Extensions) is used. DNSSEC adds digital signatures to DNS records to ensure that they are authentic and have not been tampered with.

Conclusion

DNS is a crucial component of the internet, and understanding its basics is essential for anyone working in the field of IT. In this 30 minutes guide, we have discussed how DNS works, DNS records, and DNS security. By following the best practices for DNS security, we can ensure the integrity and confidentiality of DNS data and prevent security threats.

Reference

• https://www.cloudflare.com/learning/dns/dns-records

Buy Me a Coffee

Feedback