Lecture ‐ DNS - Dleifnesor/NET-215 GitHub Wiki
Domain Name System (DNS)
- Distributed, hierarchical naming system for the Internet.
Structure
| Layer |
Description |
| Root Servers |
Top of the hierarchy. Directs to TLD servers. |
| TLD Servers |
Handle .com, .net, .org, etc. |
| Authoritative Servers |
Contain actual records for specific domain names. |
DNS Protocol Basics
- Operates over UDP (typically port 53).
- Short and simple – just retry if lost.
- Uses a Request/Response format.
- Each message has an ID number to match query/responses.
- Sometimes uses TCP port 53.
DNS Hierarchy
Root DNS Servers
- 13 named authorities (but implemented as hundreds of servers globally).
TLD Servers
- Handle domain extensions like
.com, .net, .gov, etc.
Authoritative Name Servers
- Provide the final IP answer for a specific domain.
Resource Records (RRs)
DNS responses use Resource Records (RRs):
| Field |
Description |
| Name |
Fully Qualified Domain Name (FQDN) |
| Type |
Type of the DNS record (e.g., A, MX, CNAME, NS) |
| TTL |
Time (in seconds) the record is cached |
| Value |
What the FQDN resolves to (e.g., IP address or another name) |
Common RR Types
| Type |
Name Example |
Value Example |
Description |
| A |
host.champlain.edu |
198.51.100.42 |
Maps hostname to IPv4 address |
| NS |
champlain.edu |
ns1.champlain.edu |
Points to authoritative name server |
| CNAME |
www.champlain.com |
servereast.backup2.amazoneast.com |
Alias to canonical name |
| MX |
champlain.edu |
mail.champlain.edu |
Points to mail server for domain |
DNS Resolution Techniques
| Method |
Description |
| Iterative |
Client gets referrals to other servers, continues querying |
| Recursive |
Server performs all lookups and returns the final result to the client |
DNS Recursion
- Not all DNS servers support recursion.
- Local servers usually allow it only for their own network.
Open Resolvers & Amplification Attacks
- Open Resolver = Server that supports recursion for any client.
- Vulnerable to DDoS amplification due to:
- UDP spoofing
- Small query → large response
- Response sent to spoofed (victim) address
DNS Header Fields
| Field |
Description |
| ID |
Unique transaction ID to match query/response |
| Q/R |
Query or Response |
| AA |
Authoritative Answer (true if server is authoritative) |
| RD |
Recursion Desired (client preference) |
| RA |
Recursion Available (server capability) |
DNS Caching
- Repeated queries waste resources.
- TTL (Time-To-Live) reduces redundant lookups.
TTL: Time To Live
| TTL Length |
Pros |
Cons |
| Long (hours) |
Less load on DNS servers |
Changes to DNS take longer to propagate |
| Short (mins) |
DNS changes take effect quickly |
More frequent queries = more server traffic |
Admins must balance performance vs. flexibility.
Simple Query Example
- Protocol: UDP
- Port: 53
- Query: A record for
wireshark.org
- Recursion desired
Simple Response Example
| Field |
Value |
| Transaction ID |
Matches the original query |
| Recursion Desired |
True |
| Recursion Available |
True |
| Authoritative |
False |
| Answer |
A record + IP + TTL |