DNS - rFronteddu/general_wiki GitHub Wiki

DNS

Root Name Server

The root name server is the first step in the DNS hierarchy. It is responsible for directing queries to the appropriate Top-Level Domain (TLD) name servers.

  • It responds to DNS queries with the IP addresses of TLD name servers (e.g., .com, .org, .net).
  • Does not store full DNS records for websites but acts as a starting point.
  • There are 13 logical root servers, named from A to M, managed by different organizations worldwide but each consists of multiple redundant servers distributed globally.

Top-Level Domain (TLD) Name Server

The TLD name servers handle requests for domains within a specific top-level domain, such as .com, .org, .edu, or country-code TLDs like .uk or .jp.

  • They provide IP address of the authoritative name server for the requested domain.

Authoritative Name Server:

An authoritative Name Server contains the actual DNS records (A, MX, CNAME, etc.) for a domain.

  • Resolve queries for specific domain names by providing the final answer, such as the IP address.
  • There are two types:
    • Primary (Master): Contains the original source of DNS records.
    • Secondary (Slave): Copies records from the primary for redundancy.

DNS Resolver

A DNS resolver is a client-side service that acts as an intermediary between a user's application (e.g., a browser) and the DNS system.

  • It initiates and processes the recursive DNS query process on behalf of a user (for example, when you type www.example.com in your browser, the resolver first contacts the root nameserver, then the TLD nameserver, and then then the authoritative nameserver to fetch the IP address).
  • Two types:
    • Recursive Resolver: Queries DNS servers until it gets an answer or a timeout.
    • Caching Resolver: Caches previous DNS query result to speed up future lookups.

DNS Records

  • A Record: Maps a domain name to an IPv4 address.
  • AAAA Record: Maps a domain name to an IPv6 address.
  • CNAME Record: Points one domain name to another (Alias)
  • MX Record: Specifies mail servers for a domain.
  • TXT Record: Stores arbitrary text, often used for verification.
  • NS Record: Indicates the authoritative nameservers for a domain.
  • Storage: These records are stored in the zone files on authoritative nameservers.

Security

  • DNS Spoofing (Cache Poisoning): An attacker inserts false DNS responses into the cache of a resolver, redirecting users to malicious websites.
  • DDoS Attacks: Distributed DOS attacks that flood DNS servers with traffic to disrupt resolution.
  • DNS Amplification: A type of DDoS attack that exploits DNS servers to increase the size of the attack.
  • Man-in-the-Middle Attacks: Intercepting DNS queries to modify responses.
  • DNSSEC (DNS Security Extensions): Adds a layer of security to DNS by enabling the authentication of DNS data using digital signatures. DNS records are signed with a private key, resolvers verify the records using corresponding public keys, prevents spoofing and cache poisoning.

More

  • CDNs use DNS for load balancing by directing users to the nearest or least congested edge server based on their IP address.
  • Root and TLD nameservers use any-cast, a network technique where multiple servers share the same IP address, routing users to the closest or least-congested server.
  • DNS are used for service discovery in cloud services or microservices, in Kubernetes, Pod and service DNS records are automatically generated by the cluster's DNS system (e.g., Core DNS), internal communication uses service names instead of hardcoding IP addresses.