Web-Development-blogs
Understanding The Domain Name Systems (DNS) From The What? to How!

Understanding The Domain Name Systems (DNS) From The What? to How!

Importance of DNS.

Aashish Jha's photo
Aashish Jha
·

4 min read

Table of contents

Overview

  • DNS has been one of the pillars of the Internet for the past 40 years, allowing users to access a vast amount of resources and information in a human-friendly way. Despite being old, no major changes have been made to the original protocol and the RSS still performs with the 13 original root servers.

  • DNS Purpose: Translates human-readable domain names (e.g., example.com) into IP addresses, enabling internet communication.

  • To Know how the DNS system Works I request to read my previous article -From Browser to Server: The Journey of Your Data

Paul Mockapetris definition on DNS:
“I built the first floor and maybe the second floor, and then people came along and added about 20 more floors.”
— Paul Mockapetris, inventor of DNS.

History and Evolution

  1. Initial Method:

    • Early systems used a hosts.txt file to map hostnames to IP addresses.

    • File managed manually by the SRI International Network Information Center.

    • Updates were distributed weekly, which became impractical as the network grew.

  2. Creation of DNS:

    • Paul Mockapetris designed the first version of DNS in collaboration with DARPA(Defense Advanced Research Projects Agency).

    • Jon Postel, administering the name space, later established the Internet Assigned Numbers Authority (IANA).

    • DNS introduced a hierarchical structure for scalability and distribution.

  3. Top-Level Domains (TLDs):

    • The first seven TLDs (root zones):

      • .com, .org, .gov, .net, .mil, .int, .edu.,etc

    • Hierarchical delegation:

  4. Root Servers:

    • IANA engaged 13 organizations to manage root servers for redundancy.

    • Currently, the root zone is replicated across hundreds of servers, but queries are still routed to 13 IP addresses for efficiency and load balancing.

  5. Commercialization of DNS (1991):

    • Network Solutions, managing .com, .net, and .org, began charging for domain registration.

    • The rise of the World Wide Web (WWW) led to:

      • Increased domain registrations.

      • Speculation markets, where individuals hoarded domains for resale.

DNS Limitations

  1. Centralization:

    • Traditional DNS infrastructure relies on a centralized hierarchy, making it vulnerable to control by a few entities.

  2. Security Vulnerabilities:

    • Susceptible to attacks such as DNS spoofing and DDoS.

  3. Censorship:

    • Can be manipulated or restricted by governments or organizations to control access to certain websites.

1. Centralization and Single Points of Failure (SPOF):

  • DNS is a centralized and hierarchical system; control over the highest level (e.g., root DNS servers) implies control over the entire system.

  • Root servers or authoritative name servers can become single points of failure (SPOF).

  • Distributed Denial of Service (DDoS) attacks targeting root servers can disrupt the entire DNS system due to their limited number and publicly known locations.

2. Control and Censorship:

  • Organizations managing DNS servers can decide which resources to allow, block, or modify, influencing the information clients receive.

  • While beneficial for regulation and administration, this control can lead to issues like censorship and misinformation.

3. Data Privacy Risks:

  • Clients across multiple regions may share a common root server, exposing navigation habits and resource access data to authorities or attackers.

4. DNS Spoofing and MITM Attacks:

  • DNS spoofing allows attackers to impersonate legitimate servers and execute Man-In-The-Middle (MITM) attacks.

  • Users are deceived into trusting malicious servers, exposing them to further threats.

  • Example: Philipp Jeitner, Haya Shulman, and Michael Waidner demonstrated how DNS spoofing could connect users to an attacker’s NTP server.

5. Lack of Security in Traditional DNS Protocols:

  • Traditional DNS lacks encryption and authentication, making it vulnerable to:

    • Eavesdropping

    • Tampering

    • Other malicious activities

  • Efforts to improve DNS security include:

    • DNSSEC (DNS Security Extensions): Provides cryptographic authentication of DNS data but does not validate data integrity. A compromised server can still distribute malicious resolutions.

    • DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT): Encrypt DNS traffic to reduce the risk of interception.

6. Caching Challenges:

  • Caching improves resolving time and reduces network congestion.

  • Issues include:

    • Propagation Delays: Changes to DNS records take time to propagate, leading to inconsistent or delayed resolution.

    • Cache Invalidation: Stale cached entries can prevent clients from accessing updated records, resulting in a poor user experience or exploitation by attackers.

7. DNS Amplification Attacks:

  • Attackers send small DNS queries with spoofed source IP addresses to vulnerable servers.

  • Servers respond with large replies to the victim's IP address, overwhelming network bandwidth and disrupting connectivity.

  1. List of all Hosted root servers - IANA web page

  2. Geographical Locations of all Hosted server - Root servers

  3. Extra Readings - Click here

Thank you for reading ❤️🧑‍💻

~ Aashish Jha

ChaiCodeChaiaurcodewebdevcohortJavaScriptWeb Developmentdns