How Does DNS Work?
Okay, so a DNS is like a sophisticated address book for the Internet – but how does it work? Glad you asked.
The DNS directory isn’t located in one physical place or even one corner of the vast Internet. It’s distributed all over the world and stored on many different servers that communicate with one another to regularly provide updates, information, and redundancies.
DNS information is shared among a variety of servers, but it’s also cached locally on individual computers and devices. This prevents users’ computers from having to query the name server for commonly used IP addresses every time. The result is far greater efficiency.
In all, there are four different DNS servers involved in loading a webpage (assuming it’s not already cached on the user’s computer or device):
- DNS recursor. This server is similar to a librarian who is tasked with finding a specific book in a library. This server is specifically intended to handle queries directly from client machines through web browsers (and other similar applications).
- Root nameserver. This server translates human readable host names – web URLs – into IP addresses. It’s basically the translator.
- TLD nameserver. This server is responsible for categorizing websites based on their type. It’s the last portion of the domain name. Different TLDs include .com, .org, .net, etc.
- Authoritative nameserver. The fourth and final server involved in loading a webpage is the authoritative nameserver. If this server has access to the record the user’s query is requesting, the IP address will be delivered to the DNS recursor that made the original request.
Common DNS Attacks
For the most part, DNS works flawlessly in the background. However, it’s been around for decades and hackers are continuously finding ways to compromise the underlying system (which was never developed with security in mind). Here are some common attacks we see:
- Reflection attacks. This type of attack overwhelms users with high-volume messages straight from DNS resolver servers. The attackers request massive files from all open resolvers using the spoofed IP address of their victim. Once the resolvers respond, the victim gets an endless flow of unrequested data that overwhelms their machine.
- Resource exhaustion. As the name suggests, these attacks work by clogging up the DNS infrastructure of ISPs. This blocks users from reaching sites on the internet.
- Cache poisoning. This type of attack diverts users from an intended destination to malicious web addresses. The attacker does so by inserting false address records into the system. Once a user ends up on one of these phony websites, they can be tricked into providing sensitive information.
Accounting for DNS Security
Hackers today are sophisticated professionals who develop advanced, ever-changing attacks. As such, network security is more important than ever before. Whether it’s DNS attacks, or something else entirely, your business must commit to staying safe and protected around the clock.