Skip to Content
🎉 Welcome to my notes 🎉
Networking2. Domain Name System (DNS)

🤔 What is DNS?

The Domain Name System (DNS) is the internet’s phonebook. It translates human-friendly domain names (like google.com) into machine-readable IP addresses (like 142.251.42.227). Computers need IP addresses to communicate, but names are much easier for people to remember.

🤷‍♂️ Why Do We Need DNS?

  • Simplicity: It’s easier to remember a name than a long string of numbers.
  • Flexibility: Website owners can change their server’s IP address without impacting users. They just update their DNS record, and the domain name works as before.

🏷️ The Structure of a Domain Name

Domain names have a hierarchical structure:

  • Subdomain: Used to organize content (e.g., mail in mail.google.com).
  • Second-Level Domain (SLD): The unique part of the domain name (e.g., google in google.com).
  • Top-Level Domain (TLD): The last part of the domain name (e.g., .com, .org, or country codes like .in).
  • Root Domain (.): The starting point of the entire DNS hierarchy, managed by root servers.

🔍 How DNS Works: The Lookup Process

The DNS lookup process involves a team of servers working together to find the correct IP address.

  1. The Query: You type google.co.in into your browser. Your computer sends the query to a DNS Resolver. This is a server, usually run by your ISP (like Jio or Airtel) or a public service (like Google’s 8.8.8.8), whose job is to find the answer for you. The resolver first checks its cache (short-term memory) to see if it already knows the IP. If not, it begins the lookup.

  2. Asking the Root Server: The resolver contacts a Root Name Server. The root server doesn’t know the IP but directs the resolver to the server that handles the .in TLD.

  3. Asking the TLD Server: The resolver then asks the .in TLD Name Server. This server manages all domains ending in .in. It doesn’t have the final IP but knows which server is the authority for the google.co.in domain and provides its address.

  4. Asking the Authoritative Server: Finally, the resolver queries the Authoritative Name Server for google.co.in. This server holds the official DNS records for the domain and provides the definitive IP address as the answer.

  5. The Response: The resolver receives the IP address, saves it in its cache for future requests, and sends it back to your browser. Your browser can now connect to Google’s servers.

📄 Common DNS Records

The Authoritative Name Server holds various types of records. The most common are:

  • A Record: Maps a domain to an IPv4 address.
  • AAAA Record: Maps a domain to an IPv6 address.
  • CNAME Record: An alias that points a domain name to another domain.
  • MX Record: Directs email to the correct mail server.

🛠️ DNS Types and Management

  • Public vs. Private DNS: Public DNS services (like Google 8.8.8.8 or Cloudflare 1.1.1.1) are open to anyone. Private DNS is used within an organization’s internal network for local resources.
  • Forward vs. Reverse DNS: A forward lookup resolves a name to an IP. A reverse lookup resolves an IP back to a name, often for security checks.
  • Management Tools: DNS settings are typically managed through your domain registrar’s website (like GoDaddy), command-line tools (dig, nslookup), or specialized DNS services (like AWS Route 53 or Cloudflare).

☠️ DNS Hijacking

DNS hijacking, also known as DNS redirection, is a malicious attack where DNS queries are incorrectly resolved to redirect users to a different destination than the one they intended to visit.

Analogy: It’s like a scammer secretly changing the phone number for your bank in your contact list. When you try to call the bank, you are unknowingly connected to the scammer instead.

🎯 How It Works and What Attackers Want

The primary goal of a DNS hijacking attack is to intercept the traffic between a user and a legitimate service for malicious purposes, such as:

  • Phishing: Redirecting users from a real banking or e-commerce site to a fraudulent, identical-looking one to steal login credentials, credit card details, and other personal information.
  • Malware Distribution: Forcing a user’s browser to download malware from a fake website disguised as a legitimate one.
  • Censorship: Preventing access to specific websites by redirecting their domains to an error page or a government notice.

⚠️ Common Types of DNS Hijacking Attacks

  1. Router Hijacking This is one of the most common methods. An attacker gains access to a user’s home or office router—often through a weak or default password—and changes its DNS server settings to point to a malicious DNS server they control. Every device connected to that network is then affected.

  2. Local Host Hijacking Malware on a user’s computer can modify the local hosts file. This file can manually map domain names to IP addresses, and the operating system checks it before sending a DNS query. The malware adds entries that point legitimate domains (like mybank.com) to a malicious IP address.

  3. Rogue DNS Server An attacker sets up their own malicious DNS server that deliberately provides wrong IP addresses. They then use other techniques, like router hijacking or network attacks, to force a user’s device to use this rogue server for its queries.

🛡️ How to Protect Yourself

  • Secure Your Router: Immediately change your router’s default administrator username and password. Keep its firmware updated to patch security vulnerabilities.
  • Use Trusted DNS Servers: Manually configure your computer or router to use well-known, reputable public DNS services like Google Public DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1).
  • Enable Encrypted DNS: Use DNS over HTTPS (DoH) or DNS over TLS (DoT) in your web browser or operating system settings. This encrypts your DNS queries, making them much harder for attackers to intercept.
  • Use a VPN: A Virtual Private Network (VPN) encrypts all your internet traffic, including DNS queries, routing it through its own secure DNS servers.
  • Look for HTTPS: Always check for the padlock icon 🔒 and https:// in your browser’s address bar. This ensures your connection to the website is encrypted and secure, which can help reveal if you’ve landed on a fake site without a valid security certificate.
Last updated on
1. Story of the Internet3. Network Devices