Cyber Conflicts: Domain Name System

Let's understand the domain name service better. 
Let's look at a domain name such as icann.org. This is essentially the address of any entity on the Internet. It can be a person or an organization on the Internet. The domain name is a mapping of this IP address, of a public computer on the Internet to a pneumonic address that can be more easily remembered or the domain name.  

 
The domain name has three parts.

The first is the subdomain labeled such as the www, which is like worldwide web or mail, M-A-I-L.


These subdomains are managed by the host of the domain and can be used to organize services offered by that host. For instance www for world wide web. And the domain labels such as ICANN in www.icann.org, it must be unique within the top level domain.

The top level domain extension is the third part such as .org, .com. And the most common top level domains are .com, .org, and .net. And since the creation of these original domains we have created several other domains related to specific countries, like ru for Russia, and in for India, and cn for China. And in 2013 ICANN began improving an expansion of the genetic top level domains from .com, org, and net to include up to 1,300 new extensions. A lot of them have been auctioned off to private entities for profit.

And the fullest of them can be available on the Internet. Anyway, it has different extensions such as .science, .iu, .dentist. And when you type an Internet address in your browser your computer makes a request to a domain name server. Now DNS servers are typically operated by your own organization or Internet service provider. Then again, local directories of the gateways. For example, if a university will operate a domain name server to manage all the internal IP addresses to easy to remember pneumonic names.
This internal domain name service can also look up Internet addresses for services that are outside of your internal network.

The domain name server, much like a phone book, it's really like a phone book. It will compare the name to a list of numbers. When it locates a match, it responds to your computer with the number for your service.

Your computer will then use that number to connect to the remote computer or to the remote host. The only difference here is that unlike a phone book the domain name servers can change their mapping as need be. It is very dynamic.

As new domain names are registered or existing computers change, the addresses, the relationship between names and numbers, they need to be constantly updated, and that happens.
Symantec Corp. The overall domain name system is set up in a hierarchy. There are 13 authoritative root servers at the top. What does that mean? These are the 13 root servers which have the complete mapping. Below these 13 servers are millions of other servers who are responsible for resolving the name values. For instance, if you give a domain name they will give you the IP addresses. They update the other name servers and cache recent snapshots of common domain name queries. And below the authoritative root zones exist a top level domain service, such as a .us, .com, or the .ru. And below that lie name servers that maintains the original copy of registrations for the domain name. So it's really a hierarchy. When a domain name is registered, the domain name system requires at least two servers to act as the primary and secondary name servers for that domain.

This redundancy is really required in case one of the servers is unreachable or fails. In addition, we have two different types of name servers, a master and a slave. The master server maintains the original copies of the domain name records in the zone. And the zone can be anything from a geographic region to a specific organization to a top level domain. And what the slave does is it basically automatically syncs in with the master. And the slave is what is the public facing end of the domain name server.
 
And the master is something that constantly updates itself. So the master updates itself as the things change, and then the slave keeps syncing itself to the master periodically. And this allows queries to be continually addressed by the slave leaving the master server able to respond to changes in the domain and records. The domain name service also has an important role to play in the delivery of mail. There are mail transfer agents that use domain name service to find out where to deliver emails for given addresses. And you can use those to create blacklists of all the addresses where emails are capable of. Even servers are capable of rejecting spam using specific IP addresses.

And so as we reject this bad host we're basically able to cause some filtration. Now, there's one important difference between a phone book and a domain name system that does not exist in the phone book. One is the phone book is a one to one mapping between the numbers and names, and the domain servers have multiple mapping. A single Internet address can correspond to multiple domain names, and multiple domain names can point to a single IP address. And multiple IP addresses can point to a single domain name. The reason for that is flexibility and scalability. If the same server is going to serve multiple domains or multiple functions and use, that's why we have multiple domain mains go to the same IP address. And to provide scalability to very large organization like Google, they can have the same domain name like google.com assigning itself to multiple IP addresses for scalability. 
 

And so that allows them to provide a fast response to any of the requests that were made in real time and that's why it is important to make sure that multiple IP addresses can be allocated to the same domain. For instance, Google had their servers scattered throughout the globe and based where the request comes from it can go to the specific IP address within the local region.   

Who manages Domain Name System?
1. your organization
2. ISP The Teacher Store

DNS and Its Working

• Domain Naming System (DNS)

DNS is a method in which domain names are translated into an IP (Internet Protocol) addresses. It is a naming system used for all devices connected to the Internet or a network. DNS is easy to remember instead of IP addresses for users. The DNS works transparently in the background doing the conversions. DNS works as an Internet’s directory service with a domain name for each and every IP address. All the information from domain name servers across the internet are gathered and stored in a Central Registry.

DNS is a type of protocol used to set standards for exchanging information on the Internet and private networks. DNS is a kind of navigation, like GPS on Mobile. Domain names in DNS are separated by dots. The last word in a domain name is called the top level domain. The word in the left-most end is known as the host name. It specifies the importance of a host for specific purpose. The words or characters in between the dots are known as labels. The domain entered should be unique, so it is controlled by an authority called registry which is under the service of ICANN. The domain name hierarchy is divided in terms of tree nodes.

When a new domain name is registered or updated in a DNS server, it takes about 12-36 hours for all the DNS servers to get updated and gain access to the information. The time period is also referred as propagation. DNS servers are present within every geographic proximity through each ISP (internet service provider) that maps the domain names for your computer’s requests. It also forwards them to other servers.

• How DNS Works?

A DNS server or name server is the management device containing large database that connects domain names to IP addresses. This process of mapping can be called DNS name resolution. DNS servers always rely on internet protocols and efficiency of network. The DNS working can be explained as a step-by-step process. 

• Name Entry: Domain name of the site should be entered in the search engine. Then a query is created to access the DNS.
• Requesting Information: The place the computer looks first is the DNS cache. DNS cache is the location where recently retrieved information is stored. If it is not found there, a DNS query should be performed.
• Recursive DNS servers: If the information is not stored in local history, then the ISP’s recursive DNS servers are queried by the computer. Since the recursive servers contain their own caches, the information is returned to the computer user if found.
• Root Name Servers: After the unsuccessful recursive DNS server query, the computer queries the root name servers. It acts as like a phone switchboard for the DNS. It answers the questions of each domain name by the IP addresses. It also directs the query to some other server, if the query is not answered.
• TLD Name servers: Root name servers take the last part of the request and direct the query to TLDs (top level domain name servers). TLDs have their own name servers so, even if the TLDs don’t have the information we need, they refer us directly to the name servers containing the information.
• Authoritative DNS servers: TLD name servers check the next part of the request and search or direct the query responsible for this particular domain. Authoritative name servers are the servers that contains the information about every specific domain. This information is stored in DNS records. Each record has a different type of information.
• Retrieval of Record: The recursive server retrieves the data or information obtained from authoritative name servers. It then stores the retrieved record in its cache locally. The advantage is that if again someone need the same information, it doesn’t need to perform the same process again. Once in a while, the recursive server asks for new copy to update information without being out of date. 
  Receiving Answer: The computer receives the record of data from recursive server. It then stores the data record in its cache for future references. The IP address is read and information is passed to the web browser, which will open a connection to the web server, obtaining the website.

The entire process from start to finish will take only very little milliseconds.


http://resources.infosecinstitute.com/attacks-over-dns/