DNS: Domain Name System

Questions and Answers

What is the primary function of DNS?

• To provide a database of user credentials.
• To manage network routing protocols.
• To translate domain names to IP addresses. (correct)
• To encrypt data transmitted over the internet.

Which protocol does DNS primarily use for communication?

• FTP
• UDP (correct)
• TCP
• HTTP

What is the role of ICANN in the DNS system?

• To manage the physical infrastructure of the Internet.
• To oversee IP address allocation.
• To manage the DNS structure and assign top-level domains (TLDs). (correct)
• To develop web browsing software.

What are the three classes of DNS servers?

Root, TLD, and authoritative. (A)

What is a 'local DNS name server'?

A server run by each ISP or institution that caches DNS records. (C)

Why does DNS use caching?

To speed up DNS resolution and reduce load on root servers. (A)

What does a DNS 'A' record do?

Maps a domain name to an IP address. (D)

If a host changes its IP address, what might cause outdated information for internet users?

Cached DNS entries with a remaining TTL. (A)

What information is necessary when registering a domain name with a DNS registrar?

Names and IP addresses of authoritative DNS servers. (C)

In DNS, what is the purpose of a CNAME record?

To create an alias for a domain name. (C)

Which of the following is a potential vulnerability of DNS?

DNS Spoofing (D)

What is the role of the TTL (Time To Live) in a DNS record?

It defines how long a DNS record remains valid in a cache. (B)

What is a DNS zone?

A collection of DNS records managed by a single DNS server. (D)

What is the purpose of DNS load distribution?

To distribute incoming requests across multiple servers using DNS. (B)

Which DNS server is queried to find the .com DNS servers when resolving www.amazon.com?

Root DNS server (D)

What is an 'iterated query' in DNS resolution?

A query where the contacted server provides the name of another server to contact. (D)

How does a 'redirect attack' exploit DNS?

By intercepting queries and sending bogus replies. (B)

How do local DNS servers help defend against DDoS attacks on root servers?

By caching IPs of TLD servers, bypassing root servers for common lookups. (B)

What is the function of an MX record in DNS?

Points to the mail server responsible for accepting email messages on behalf of a domain. (D)

What is DNS spoofing, and how does it compromise network security?

A type of attack where falsified DNS records are injected into the DNS cache, leading users to malicious websites. (C)

Flashcards

What is an IP address?

Used for addressing datagrams

What is DNS?

Mapping between IP address and name, and vice versa.

What is a distributed database?

Implemented in hierarchy of many DNS servers

What is application layer protocol?

Allows hosts and DNS servers to communicate to resolve the names (address/name translation)

What is UDP?

The DNS protocol runs over this and uses port 53.

What is a DNS Service?

Hostname to IP address translation

What is Host aliasing?

Host with a complicated hostname can have one or more alias names.

What does DNS translate?

DNS translates from simple alias names to canonical names and its IP address

what is Mail server aliasing?

Translate from simple alias mail server names to its canonical name and its IP address

Load distribution

Between replicated Web servers, many IP addresses correspond to one server name

What is the root of the hierarchy?

Represented by International Corp. for Assigned Names and Numbers (ICANN)

Top-level domain (TLD) servers

Responsible for com, org, net, edu, aero, jobs, museums, and all top-level country domains

Authoritative DNS servers

Organization's own DNS server(s), providing authoritative hostname to IP mappings for organization's named hosts.

Local DNS name server

Each ISP (residential ISP, company, university) has one also called default name server

DNS Records

The DNS is a distributed database that stores resource records (RR) in the format: (Name, Value, Type, TTL)

What does TTL mean?

Is the time to live of the resource record

RR type-A

Name is hostname, and value is IP address

RR type=MX

value is canonical name of mailserver associated with an alias name

DDoS attacks?

Bombard root servers with traffic

Redirect attacks

To intercept queries and send bogus replies

Study Notes

DNS: Domain Name System

• DNS is a directory service for the Internet.
• People have identifiers like SSN, name, and passport number.
• Internet hosts have a 32-bit IP address for addressing datagrams and a human-readable name like www.yahoo.com.
• DNS maps between IP addresses and names

DNS: Domain Name System

• DNS is a Domain Name System.
• It is a distributed database implemented in a hierarchy of many DNS servers.
• Application-layer protocol allows hosts and DNS servers to communicate to resolve the names (address/name translation).
• The DNS protocol runs over UDP and uses port 53.
• Usually run on UNIX machine that runs Berkeley Internet Name Domain (BIND) software

DNS: Domain Name System Example

• If the HTTP client wants to access www.amazon.com/index.html, the same user machine runs the client side of the DNS application.
• The browser extracts the hostname, www.amazon.com, from the URL and passes the hostname to the client side of the DNS application.
• The DNS client sends a query containing the hostname to a DNS server.
• The browser gets the IP address from DNS and then initiates a TCP connection to the HTTP server process located at port 80 at that IP address.

DNS Services

• DNS offers hostname to IP address translation.
• It allows host aliasing, where a host with a complicated hostname can have one or more alias names.
• For example, relay1.west-coast.enterprise.com could have the simple aliases enterprise.com and www.enterprise.com.
• DNS translates from simple alias names to canonical names and its IP address

Mail server aliasing:

• Translates from simple alias mail server names to its canonical name and its IP address

Load distribution :

• Occurs between replicated Web servers by having many IP addresses correspond to one server name,
• DNS server responds with the entire set of IP addresses, but rotates the ordering of the addresses within each reply.

DNS Hierarchy

• Domain names and global IP addresses must be globally unique.
• A hierarchical structure makes it easier to assign unique domain names.
• ICANN (International Corp. for Assigned Names and Numbers) represents the root of the hierarchy.
• ICANN is in charge of the DNS structure and the assignment of the Top-Level Domains (TLDs).
• Name assignment in a domain is delegated to the name authority of that domain.

DNS - Distributed and Hierarchical Database

• There are three classes of DNS servers: Root, Top-level domain (TLD), and Authoritative DNS servers.
• In order to find the IP address of www.amazon.com, the client will query one of the root servers to find the .com DNS servers.
• The client then queries one of the .com DNS servers to get amazon.com authoritative DNS server.
• Lastly, the client queries amazon.com authoritative DNS server to get the IP address for www.amazon.com.

Root DNS Servers

• There are 400 root name servers around the world that are managed by 13 different organizations.
• Each "server" is replicated many times.
• Contacted by local name server that cannot resolve name.
• Root name servers provide the IP addresses of the TLD servers.

Top-Level Domain (TLD) servers:

• Responsible for com, org, net, edu, aero, jobs, museums, and all top-level country domains
• Network Solutions maintains servers for .com TLD.
• Educause maintains servers for .edu TLD.
• TLD servers provide the IP addresses for authoritative DNS servers.

Authoritative DNS servers:

• Each organization's individual DNS server(s) provide authoritative hostname to IP mappings for the organization's named hosts.
• Maintained by organization or hosted by a service provider

Local DNS Name Server

• It doesn't strictly belong to the hierarchy.
• Each ISP (residential ISP, company, university) has one and is also called "default name server".
• A host will send DNS queries to its local DNS server which acts as a proxy.
• Has local cache of recent name-to-address translation pairs, which may be out of date
• It may forward query into the hierarchy.

DNS Implementation

• DNS is implemented as two distinct components: DNS servers and Name resolvers.
• DNS database is distributed and stored across many servers.

DNS Zone

• Each DNS server oversees one zone.
• A zone corresponds to a domain or part of a domain.
• For example, Ryerson DNS server resolves addresses within its zone, encompassing all subdomains except ee.ryerson.

DNS Name Resolution Example

• To resolve the IP address for gaia.cs.umass.edu:
• Assume a host at cis.poly.edu wants to know the IP address.
• Use an iterated query where the contacted server replies with the name of the server to contact, like saying, "I don't know this name, but ask this server".

DNS - Caching

• When a name server learns an IP mapping, it caches the data.
• Cache entries timeout after some time (TTL= 2 days)
• TLD servers also typically cached in local name servers
• Thus root name servers not often visited
• Cached entries may be out-of-date (best effort name-to-address translation!)
• If name host changes its IP address, it may not be known internet-wide until all TTLs expire
• Update/notify mechanisms proposed by IETF standard, documented in RFC 2136.

DNS - Records

• DNS stores resource records (RR) in a distributed database using the format: (Name, Value, Type, TTL)
• TTL(time to live) is the time to live of the resource record.
• The meanings of Name and Value depend on Type:
  • Type=A (hostname-to-IP address mapping): Name is hostname, and value is IP address. Example: (relay1.bar.foo.com, 145.37.93.126, A, ...)
  • Type=NS: Name is the domain (e.g., foo.com), and value is hostname of authoritative name server for this domain; e.g., (foo.com, dns.foo.com, NS, ...)
  • Type=CNAME: Name is alias name for some "canonical" (the real) name; e.g., (www.ibm.com, servereast.backup2.ibm.com, CNAME, ...)
  • Type=MX: Value is canonical name of mailserver associated with an alias name; e.g., (foo.com, mail.bar.foo.com, MX,...)

DNS - Messages

• The query and reply messages both use the same message format.
• In Windows, you can use the nslookup program to query a DNS server.
  • Identification: 16-bit number for query and reply messages

Flags:

- Query (0) or reply (1)
- Recursion desired
- Recursion available
- Reply is authoritative

DNS – Inserting Records into DNS Database

• If a new company named "Network Utopia" registers the name networkutopia.com at DNS registrar (e.g.,Network Solutions.
• The registrar needs the names and IP addresses of the primary and secondary authoritative DNS servers.
• For example, dns1.networkutopia.com: 212.212.212.1; and dns2.networkutopia.com: 212.212.212.2
• Then, the registrar inserts two RRs (type NS and A) into all .com TLD servers.
  • (networkutopia.com, dns1.networkutopia.com, NS), (dns1.networkutopia.com, 212.212.212.1, A)
  • (networkutopia.com, dns2.networkutopia.com, NS), (dns2.networkutopia.com, 212.212.212.2, A)
• In the two authoritative DNS servers, type A record is needed for web server www.networkuptopia.com and type MX record for mail server mail.networkuptopia.com
• A complete list of accredited registrars is available at http://www.internic.net.

DNS Insertion Records cont.

• Alice in Australia wants to view the Web page www.networkutopia.com.
• Host first sends DNS query to local DNS server.
• The local DNS server then contacts either a TLD com server or the root.
• Next, the TLD com server sends two RR (type NS and type A):
  • (networkutopia.com, dns1.networkutopia.com, NS)
  • (dns1.networkutopia.com, 212.212.212.1, A)
• Local DNS server then sends a DNS query to 212.212.212.1 which asks for the Type A record corresponding to www.networkutopia.com
• Authoritative server replies with record A: (www.networkutopia.com, 212.212.71.4, A, ..)
• Local DNS passes reply back to Alice's host.
• Alice's browser can initiate a TCP connection to the host 212.212.71.4

DNS - Vulnerabilities

• DNS can be exploited through various attacks:

DDoS attacks:

• This attacks bombard root servers with traffic, but this hasn't been successful,
• Traffic filtering blocks all ping messages, and local DNS servers cache IPs of TLD servers.
• Bombarding TLD servers is a potentially more dangerous method.

Redirect attacks:

• Man-in-the-middle attacks intercept queries and send bogus replies, also known as DNS poisoning.
• Send bogus replies to DNS server to caches

Exploit DNS for DDoS:

• Sending queries with spoofed source address targets an IP requiring amplification.