The Domain Name System resolves the names of internet sites with their

1970-01-01 02:00:00

rlp

The Domain Name System (DNS) is one of the foundations of the internet, working

in the background to match the names of web sites that people type into a

search box with the corresponding IP address, a long string of numbers that no

one could be expected to remember.

It's still possible for someone to type an IP address into a browser to reach a

website, but most people want an internet address to consist of

easy-to-remember words, called domain names. (For example, Network World.)

In the 1970s and early 80s, the task of matching domain names and IP addresses

was assigned to one person - Elizabeth Feinler at Stanford Research Institute,

who maintained a master list of every internet-connected computer. This was

obviously unsustainable, given the rapid growth of the internet, and, in 1983,

Paul Mockapetris developed DNS, an automated, scalable system that handles

domain-name-to-IP-address translation.

There are currently more than 342 million registered domains, so keeping all

those names in a single directory would be cumbersome. Like the internet

itself,

the directory is distributed around the world on domain name servers that

communicate with each other on a regular basis to provide updates and eliminate

redundancies.

Another reason for the creation of a distributed system is to boost

performance. For example, imagine if all of the requests coming in at the same

time all

over the world to resolve the domain name Google with the underlying IP address

were being handled in a single location. To address this issue, DNS

information is shared among many servers.

That means a single domain can have more than one IP address. For example, the

physical server that your laptop or smartphone reaches when you

enter www.google.com is different from the server that someone in another

country would reach by typing the same site name into their browser. But DNS

still

gets you to the right place, no matter where you are in the world.

How does DNS work? Recursive resolvers and root, top-level, and name servers

When your computer wants to find the IP address associated with a domain name,

it first makes its DNS query via a DNS client, typically in a Web browser. The

query then goes to a recursive DNS server, also known as a recursive resolver.

A recursive resolver is typically operated by an Internet Service Providers

(ISP), such as AT&T or Verizon (or some other third-party), and it knows which

other DNS servers it needs to ask to resolve the name of a site with its IP

address. The servers that actually have the needed information are called

authoritative name servers.

DNS is organized in a hierarchy. An initial DNS query for an IP address is made

to a recursive resolver. This search first leads to a root server, which has

information on top-level domains (.com, .net, .org), as well as country

domains. Root servers are located all around the world, so the DNS system

routes the

request to the closest one.

Once the request reaches the correct root server, it goes to a top-level domain

server (TLD nameserver), which stores information for the second-level domain,

which is the words that you type into a search box. The request then goes to a

domain nameserver, which looks up the IP address and sends it back to the DNS

client device so it can visit the appropriate website. All of this takes mere

milliseconds.

What is DNS caching?

Chances are that you use Google several times a day. Instead of your computer

querying the DNS nameserver for the IP address every time you enter the domain

name, that information is saved on your personal device so that it doesn't have

to access a DNS server to resolve the name with the IP address.

Additional caching can occur on the routers used to connect clients to the

internet, as well as on the servers of the user's ISP. With so much caching

going

on, the number of queries that actually make it to the DNS name servers is

significantly reduced, which helps with the speed and efficiency of the system.

How does the DNS numbering system work?

Every device that connects to the internet needs to have a unique IP address in

order to have traffic properly routed to it. DNS translates human queries into

numbers using a system known as IPv4 or IPv6. With IPv4, the numbers are 32-bit

integers that are expressed in decimal notation.

The string of numbers is divided into sections, which include the network

component, the host and the subnet, not dissimilar to a telephone number that

might

have a country code, an area code, etc. The network part of the number

designates the class and category of network that is assigned to that number.

The host

identifies the specific machine on the network. The subnet part of the number

is optional but is used to navigate the sometimes extremely large number of

subnets and other partitions within a local network.

IPv6, which was created to address concerns about the internet running out of

IPv4 addresses, uses 128-bit-sized numbers, compared to 32-bit numbers with

IPv4. There are 340 trillion trillion possible IPv6 addresses.

Who assigns IP addresses?

In 1998, the U.S. government handed the task of assigning IP addresses over to

the Internet Corporation for Assigned Numbers and Names (ICANN). The

not-for-profit organization has managed that function ever since without any

notable disruptions. ICANN develops policies on things like the creation of new

top-level domains (such as .io).

For the most part, ICANN takes a neutral and advisory role. For example, anyone

who wants to register a domain on the internet today can go to any number of

ICANN-accredited registrars, which basically decentralizes the already

decentralized DNS system. Once registered, new domains can populate and be

reached

worldwide via DNS servers in a matter of minutes.

Is DNS secure?

Cybercriminals are extremely clever when it comes to identifying

vulnerabilities that can be exploited in just about any system, and DNS has

certainly come in

for its fair share of attacks. A 2021 IDC survey of more than 1,100

organizations in North America, Europe and Asia-Pacific, showed that 87% had

experienced

DNS attacks.

The average cost of each attack was around $950,000 for all regions and about

$1 million for organizations in North America. The report noted that

organizations across all industries averaged 7.6 attacks during the previous

year.

The COVID-related shift to off-premises work and the response by companies to

move resources to the cloud to make them more accessible have provided new

targets for attackers, the report said.

The researchers also found a sharp rise in data theft via DNS, with 26% of

organizations reporting that sensitive customer information was stolen,

compared

with 16% in 2020.

Common types of DNS attacks include DNS amplification, DNS spoofing or cache

poisoning, DNS tunneling, and DNS hijacking or DNS re-direction.

What is DNSSec?

DNSSec is a security protocol devised by ICANN to help make communication among

the various levels of servers involved in DNS lookups more secure. It

addresses weaknesses in the communication between DNS top-level, second-level,

and third-level directory servers that would allow hackers to hijack lookups.

This hijacking allows attackers to respond to requests for lookups to

legitimate sites by directing users to a malicious site. These sites could

upload

malware to users or carry out phishing attacks.

DNSSec addresses this by having each level of DNS server digitally sign its

requests, ensuring that requests sent by end users aren't commandeered by

attackers. This creates a chain of trust so that at each level of the lookup,

the integrity of the request is validated.

DNSSec also can determine if a domain name really exists, and if it doesn't,

prevents a fraudulent domain from being delivered to innocent requesters

seeking

to have a domain name resolved.

What is DNS over HTTPS (DoH)?

While DNSSec addresses potential vulnerabilities within the distributed network

of DNS servers, it certainly hasn't stopped DNS-based cyberattacks that use

some form of deception to inject malicious code into the DNS system.

In one of the biggest shifts in the long history of DNS, Google, Mozilla, and

others are encouraging a move to DNS over HTTPS or DoH, an IETF standard that

encrypts DNS requests in the same way that the HTTPS protocol already protects

most web traffic.

The shift to DoH, however, is not without controversy. By encrypting DNS

requests, DoH could get in the way of enterprise IT being able to monitor the

web

activity of employees, and parents have complained that it could block them

from implementing parental controls over their children's internet usage.

Uptake of DNS over HTTPS has been slow. On the client side, DoH comes with the

latest version of Google Chrome and Mozilla Firefox, but it can be turned off

by the end user. Organizations, that try to have some measure of control over

which browsers and browser versions are used by employees, have the option to

simply disable it. On the ISP side, many of the leading ISPS have not yet

enabled DoH on their end.

How to find my DNS server

Generally speaking, the DNS server that you use will be established

automatically by your ISP when you connect to the internet. If you want to see

which

servers are your primary name servers, there are web utilities that can provide

information about your current network connection, such as browserleaks.com.

While your ISP will set a default DNS server, you're under no obligation to use

it. Some users may have reason to avoid their ISP's DNS, for example, if the

ISP uses their DNS servers to redirect requests for nonexistent addresses to

pages with advertising.

As an alternative, you can point your computer to a public DNS server that will

act as a recursive resolver. One of the most prominent public DNS servers is

Google's. The IP address is 8.8.8.8.