DNS (Domain Name System) - Zero Omission Audit

DNS (Domain Name System)

📖 The Phonebook of the Internet

One-line definition: DNS is the system that translates human-friendly names (like google.com) into computer-friendly IP addresses (like 142.250.190.46).

Why it exists: Humans are bad at remembering random numbers (IPs), but computers need numbers to connect.

Break into components:

Recursive Resolver: The "Librarian" who does the hard work of searching.
Root Server: The "Top Floor" of the library.
TLD Server: The "Subject Section" (like .com, .edu).
Authoritative Server: The "Actual Book" containing the IP address.

The Process:

You type youtube.com into Chrome.
Your computer doesn't know where that is.
It sends a query to a DNS Server: "What is the IP for youtube.com?"
The server replies: "It is 172.217.1.1."
Your computer connects to that IP.

When your computer asks "Where is google.com?", it doesn't just ask one guy. It triggers a chain reaction across the internet.

3b-i. Recursive Resolver (Your Helper)

Definition: The first server your computer talks to (usually provided by your ISP or Google at 8.8.8.8).

Role: It does all the hard work. It runs around the internet gathering the answer for you.

3b-ii. Root, TLD, and Authoritative Servers

If the Recursive Resolver doesn't know the answer, it asks the hierarchy:

Root Server (.): The "boss" of the internet. It doesn't know where google.com is, but it knows who handles .com.
Reply: "Go ask the .COM server."
TLD Server (.com): Top-Level Domain server. It knows who owns "google".
Reply: "Go ask Google's specific Name Server."
Authoritative Server (ns1.google.com): The final authority. It actually owns the records.
Reply: "I am Google. The IP is 142.250.190.46."

⚠️ Security Warning: DHCP Starvation

A hacker can pretend to be 1,000 different people and "rent" every single room in the building. Now, when a real person (employee) comes in, there are no IPs left. This is a form of Denial of Service (DoS).

📚 Analogy: The Librarian

You (Client): You walk into a library and ask the Librarian (Recursive Resolver) for a specific book title.

Librarian: She doesn't know where it is, so she calls the Regional Manager (Root).

Regional Manager: "I don't know, but check the Fiction Department (TLD)."

Fiction Dept: "I don't have it, check Row 5 (Authoritative)."

Row 5: "Here is the book."

Result: Librarian brings the book back to you. You never saw the other managers; you just got the result.

DNS isn't just for websites. It stores different types of data.

3c-i. Common Record Types

A Record: Maps a name to an IPv4 address (Standard).
AAAA Record: Maps a name to an IPv6 address.
CNAME: An alias (e.g., www.google.com is just google.com).
MX Record: "Mail Exchange" - tells email where to go.
TXT Record: Arbitrary text, often used for domain verification.

3c-ii. DNS Cache Poisoning (Spoofing)

Definition: A hacker tricks your DNS resolver into saving a fake IP address for a real website.

Why it works: DNS servers cache (save) answers to save time. If a hacker inserts a fake answer before the real one arrives, the server saves the fake one.

Common Record Types:

A Record: Points a name to an IPv4 address.
AAAA Record: Points a name to an IPv6 address.
MX Record: Tells the world where the Mail server is.
CNAME Record: An alias (like how "vv" might point to "Victor").

The Attack Scenario:

Goal: Steal banking credentials.
Action: Hacker corrupts the local DNS cache.
Victim: Types bank.com.
Result: Poisoned DNS tells computer bank.com is at 6.6.6.6 (Hacker's IP).
Outcome: Victim sees a fake login page, typed password is captured.

💡 Real Examples:

Example 1 (Basic): Type nslookup google.com. You'll see the A Record (IP address) provided by your router or ISP.
Example 2 (Cybersecurity - DNS Tunneling): Enterprises often block all traffic except DNS (Port 53). A hacker installs malware that sends commands inside DNS queries, like run-exploit-now.hacker.com. The firewall allows it because it looks like a standard lookup.

🛑 DNS Wrap-Up

Function: Translates human names (google.com) into computer IPs.
Hierarchy: Root (.) → TLD (.com) → Authoritative Name Servers.
Poisoning: Tricking a server into caching a fake IP for a real site.
Careers: Malware uses DGA (Domain Generation Algorithms) to hide, requiring analysts to decode their logic.

Practical Uses: Website config, nslookup, dig, bypassing censorship (using 8.8.8.8).

📚 Sources & References

RFC 1034 / 1035: Domin-name System standards.
MITRE ATT&CK: T1071.004 (DNS Communication).
MITRE ATT&CK: T1568.002 (Domain Generation Algorithms).

Wholly formed old latter future but way she. Day her likewise smallest expenses judgment building man carriage. Considered introduced themselves mr to discretion at. Means among saw hopes for.

So feel been kept be at gate. Be september it extensive oh concluded of certainty. In read most gate at body held it ever no. Talking justice welcome message inquiry in started of am me. Led own hearted highest visited lasting sir through compass his.

Do play they miss give so up. Words to up style of since world. We leaf to snug on no need. Way own uncommonly travelling now acceptance bed compliment solicitude. Dissimilar admiration so terminated no in contrasted it.

📚 Networking Course