DNS Fundamentals

Questions and Answers

What is the main purpose of DNS in the internet?

To resolve host names to IP addresses

What is the structure of the DNS hierarchy similar to?

An upside-down tree

What is the role of the top-level domains in the DNS hierarchy?

To organize subdomains into categories

What is the relationship between a domain and its subdomains?

A domain contains multiple subdomains

What is the purpose of the subdomains in the DNS hierarchy?

To organize hosts within a domain

Where is the information for all the hosts within a domain stored?

Within the domain itself

What is the result of the DNS resolution process?

A resolved IP address for a given host name

What is the layer of the OSI model that DNS primarily operates on?

Layer 3

What is the primary purpose of caching in DNS?

To store DNS responses locally to reduce the need for repeated requests

What is the term used to describe the manipulation of DNS cache to trick users into visiting a malicious website?

DNS Poisoning

What type of server is responsible for resolving a domain name to an IP address?

DNS server

What is the benefit of caching DNS responses locally on a computer?

It reduces the number of requests made to the DNS server

What is the term used to describe the process of a hacker creating a fake website to trick users into entering their credentials?

Credential Harvesting

What is the purpose of different record types in DNS?

To specify the type of IP address associated with a domain name

What is the benefit of using DNS caching for a website with a high volume of traffic?

It improves the performance of the website by reducing the load on the DNS server

What is the role of a root level server in the DNS process?

To direct DNS queries to the appropriate top level domain server

What is the primary function of an authoritative DNS server?

To provide IP address information for a specific domain

What is the well-known UDP port used for DNS requests?

UDP port 53

What happens when a computer types in www.cisco.com in their browser?

The computer makes a DNS request to resolve the domain to an IP address

What is the purpose of the root servers in the DNS hierarchy?

To redirect DNS requests to the correct top-level domain

What is the role of the DNS server in the example?

To forward DNS requests to the authoritative DNS server

What is the purpose of the layer 2 address in the DNS request?

To provide the MAC address of the DNS server

What happens when the DNS server receives the DNS request?

It de-encapsulates the packet and checks the layer 4 address

Why does the DNS server go to the root servers for help?

Because it doesn't know the IP address behind cisco.com

What is the purpose of the.com domain in the DNS hierarchy?

To redirect DNS requests to the correct authoritative DNS server

What is the final response in the DNS resolution process?

The DNS server provides the IP address to the client

What is the primary function of the DNS system?

To resolve domain names into IP addresses

What is the significance of the subdomains in the DNS hierarchy?

They contain information about all the hosts within a domain

What is the role of the root servers in the DNS hierarchy?

They provide a starting point for DNS resolution

What is the typical structure of the DNS hierarchy?

A tree-like structure with the root at the top

What is the purpose of the top-level domains in the DNS hierarchy?

To categorize domains based on their function or location

What is the result of successful DNS resolution?

An IP address corresponding to the domain name

What is the significance of the network and host portions of an IP address?

They are used to identify the network and host portions of a destination

What is the primary reason DNS servers cache responses?

To reduce the latency of subsequent DNS lookups

What is the benefit of the DNS system?

It enables the use of domain names instead of IP addresses

What is the term used to describe the manipulation of DNS cache to trick users into visiting a malicious website?

DNS poisoning

What type of record would be used to look up an email server in DNS?

MX record

What is the primary benefit of caching DNS responses locally on a computer?

Reduced latency for subsequent DNS lookups

What would be the DNS resolution process for a request to www.cisco.com?

The DNS server would query the root level servers and then the .com domain servers

What is the purpose of the different record types in DNS?

To allow for different types of devices to be looked up

What is the result of a successful DNS poisoning attack?

The user's credentials are stolen

What is the primary benefit of using DNS caching for a website with high traffic?

Reduced load on DNS servers

What is the reason why the DNS server in the example doesn't know the IP address behind www.cisco.com?

It was just powered on and has no prior knowledge

What is the purpose of the UDP port 53 in DNS requests?

To send DNS requests to the DNS server

What happens when the DNS server receives the DNS request?

It checks the layer 3 address to ensure it is for the DNS server

Why does the DNS server in the example go to the.com domain for help?

To get the name servers responsible for the.com domain

What is the role of the root servers in the DNS resolution process?

To provide information about the name servers responsible for the top-level domains

What is the purpose of the layer 2 address in the DNS request?

To encapsulate the DNS request at layer 2

What is the final response in the DNS resolution process?

The IP address behind www.cisco.com

What happens if the DNS server is not on the local subnet?

The computer sends the DNS request to its default gateway

What is the purpose of the DNS request sent by the computer?

To get the IP address behind www.cisco.com

What is the role of the DNS server in the DNS resolution process?

To act as a relay between the computer and the authoritative DNS server

Study Notes

Domain Name System (DNS)

• DNS is the main way of resolving a website's name into an actual IP address on the internet.

• DNS operates like an upside-down tree with the root at the top, followed by top-level domains (e.g., com, mil, gov), and then subdomains (e.g., comptia.com, cisco.com).

  Top-level domains (TLDs) are the highest level in the domain name system hierarchy. They are found at the end of a domain name and are separated by a dot from the second-level domain. Common examples of TLDs include .com, .org, .net, .gov, and .edu. TLDs are managed by specific organizations, such as Verisign for .com and The Public Interest Registry for .org.

  Subdomains are subdivisions of a domain that are added to the front of the main domain. They are used to organize and navigate different sections or services within a website. Subdomains are created by adding a prefix to the main domain name, separated by a dot. For example, in the domain name blog.example.com, "blog" is a subdomain of the example.com domain. Subdomains can represent different departments, regions, products, or services within an organization's online presence.

  1. Support department: support.example.com

  2. E-commerce store: shop.example.com

  3. Services offered in multiple languages: fr.example.com, es.example.com

  4. Blog section: blog.example.com

  5. Events calendar: events.example.com

DNS Hierarchy

• The hierarchy has the root at the top, followed by top-level domains, and then subdomains.
• Each top-level domain has multiple subdomains, and each subdomain has its own DNS servers.

DNS Servers

• DNS servers are entities that have information about all hosts in a specific domain.
• Authoritative DNS servers are responsible for specific domains and have the information about the IP addresses behind those domains.

DNS Resolution Process

• When a user types a website's name, the computer makes a request to the DNS server to resolve the name into an IP address.

• The request is encapsulated in a UDP packet with the source IP address, destination IP address, and other information.

• The DNS server receives the request, de-encapsulates it, and checks if it has the information about the IP address.

• If it doesn't, it goes to the root servers, then the top-level domain servers, and finally the authoritative DNS server

  Yes, that is correct. When users make a DNS request, it involves the collaboration of three different types of DNS servers: the root servers, the top-level domain (TLD) servers, and the authoritative name servers.for the specific domain to get the information.

Caching

• DNS servers cache the responses to DNS requests to improve performance and reduce the number of requests.
• Local computers also cache DNS responses for a period of time.
• Caching can lead to a problem called poisoning, where an attacker can manipulate the cache to trick users into going to the wrong IP address.

DNS Records

• DNS has different types of records based on the type of device being looked for (e.g., email server, name server, IPv4 address, IPv6 address).

• Each type of record has a specific record type in DNS.

  DNS (Domain Name System) is a hierarchical distributed naming system used to map domain names to IP addresses on the internet. Each type of record in DNS is used for a specific purpose. Here are some common record types in DNS and their purposes:

  1. A Records: Used to map a domain name to an IPv4 address.

  2. AAAA Records: Used to map a domain name to an IPv6 address.

  3. CNAME Records: Used to alias one domain name to another.

  4. MX Records: Specifies the mail servers responsible for receiving email for a domain.

  TXT records are a type of Domain Name System (DNS) record that holds human-readable text information, allowing for the storage of various types of data, including SPF records, which help prevent spam by verifying the authenticity of email senders.

  1. SPF (Sender Policy Framework) record: This type of TXT record specifies which mail servers are allowed to send emails on behalf of a domain. It helps prevent email spoofing and protects against spam emails by authenticating the sender's identity.

  2. DKIM (DomainKeys Identified Mail) record: DKIM is another email authentication method that uses cryptographic signatures to verify that an email message was sent from an authorized server and has not been altered in transit. The DKIM TXT record contains the public key used for signing outgoing emails.

  Certainly! Let me explain further how the public key in DKIM (DomainKeys Identified Mail) works to verify the identity of the sender in emails.

  In the context of DKIM, a domain owner creates a public and private key pair. The public key is shared publicly by publishing it as a DNS TXT record for the domain. When an email is sent from that domain, the sender's email server will sign the email using the private key before sending it out. This signature is included in the email header.

  Upon receiving the email, the recipient's email server retrieves the public key from the sender's DNS records by looking up the DKIM TXT record for the sender's domain. Using this public key, the recipient's server can then decrypt the signature in the email header. If the decryption is successful, it means that the email was indeed signed with the corresponding private key known only to the sender.

  By verifying this signature, the recipient can confirm that the email has not been altered in transit and that it did indeed come from the expected sender. This helps in preventing email spoofing and assures the recipient that the email is legitimate and from a trusted source.

  In essence, the public key serves as a mechanism for verifying the authenticity of the sender's identity through the process of digital signatures and encryption, providing a level of trust and security in email communication.

  3. DMARC (Domain-based Message Authentication, Reporting, and Conformance) record: DMARC is a policy that helps domain owners protect their email domains from being used for phishing or spoofing attacks. The DMARC TXT record includes information on how incoming emails should be handled based on SPF and DKIM results.

  4. DANE (DNS-based Authentication of Named Entities) record: DANE is a security protocol that allows domain owners to specify digital certificates for their domains directly within DNS records. The DANE TXT record can contain information about which cryptographic keys and certificates should be used for secure communication.

  5. v=spf1 record: This type of TXT record is used to define the SPF policy for a domain. It specifies the rules for email servers that are authorized to send emails on behalf of the domain. The "v=spf1" indicates the version of SPF being used, and various mechanisms and qualifiers can be added to customize the policy.

  6. ALIAS record: An ALIAS record is a type of TXT record that allows a domain name to resolve to another domain or hostname through a CNAME-like mechanism while still retaining the ability to set other DNS records, such as SPF or DKIM, for the original domain.

  These are just a few examples of the different types of TXT records and their purposes in managing DNS data for domains.

  6. SOA Records: Specifies the start of a zone of authority and contains important information about the domain.

  7. NS Records: Specifies the authoritative name servers for a domain.

  8. PTR Records: Used for reverse DNS lookups to map an IP address to a domain name.

  Each of these record types serves a specific function within the Domain Name System and is crucial for the proper functioning of the internet.

Domain Name System (DNS)

• DNS is the main way of doing name resolution on the internet, resolving a website's name to an IP address.
• The DNS process involves a hierarchy or organization, with a root at the top, followed by top-level domains (TLDs) such as .com, .mil, and .gov, and then subdomains.

DNS Hierarchy

• The DNS hierarchy is organized like an upside-down tree, with the root at the top and TLDs below.
• TLDs have subdomains, such as comptia.com and cisco.com, which are managed by authoritative DNS servers.

DNS Servers

• DNS servers have information about hosts in their domain, and are responsible for resolving domain names to IP addresses.
• Authoritative DNS servers are responsible for specific domains, such as Cisco.com.

DNS Request Process

• When a user types in a website's name, the computer sends a DNS request to a DNS server.
• The DNS request is encapsulated in a UDP packet and sent to the DNS server's IP address (e.g., 192.168.1.100).
• The DNS server receives the request, de-encapsulates it, and checks if it has the IP address for the requested domain.
• If not, the DNS server asks for help from the hierarchy inside DNS on the public internet, starting from the root servers.

DNS Resolution Process

• The DNS server asks the root servers for the name servers responsible for the TLD (e.g., .com).
• The TLD name servers provide the information about the authoritative name server for the specific domain (e.g., Cisco.com).
• The DNS server then asks the authoritative name server for the IP address behind the requested domain (e.g., www.Cisco.com).
• The authoritative name server responds with the IP address, which is then cached by the DNS server and returned to the client.

Caching and Poisoning

• DNS servers and local computers cache DNS responses to improve performance and reduce the number of requests.
• Caching can lead to a problem called poisoning, where an attacker manipulates the cache to trick users into going to the wrong IP address.
• Poisoning can be used for credential harvesting, where an attacker tricks users into giving away their credentials.

DNS Records

• DNS has different types of records based on the type of device or service, such as email servers, name servers, IPv4 addresses, and IPv6 addresses.
• Each record type has a specific format and purpose in the DNS system.

Description

Learn about the basics of DNS, its hierarchy, and how it resolves website names into IP addresses. Understand the structure of DNS with root, top-level domains, and subdomains.