Post

DNS Cheatsheet

Posted Updated
By John Morrow 4 min read

DNS (Domain Name System)

  • Purpose: DNS translates human-readable domain names (like www.example.com) into IP addresses (like 192.0.2.1).
  • Introduced in 1983 by Paul Mockapetris with RFCs 882 and 883, updated by RFC 1034 and RFC 1035.
  • Hierarchical Structure: DNS is organized in a hierarchical domain structure (e.g., .com, .net, .org).
  • Root Servers: At the top of the DNS hierarchy, root servers store the complete database of Internet domain names and their corresponding IP addresses.
  • TLD Servers (Top-Level Domain): Manage domains such as .com, .net, .edu, and country-specific TLDs like .uk, .fr.
  • Authoritative Name Servers: Hold information about specific domains; they can provide definitive answers to queries for domains within their responsibility.
  • Recursive Resolvers: Server that receives queries from client machines and takes the necessary steps to resolve the queries by making requests to other DNS servers.

Key Concepts and Components

  • Domain Name Space: The naming structure used by DNS, organized in a tree structure with a single root.
  • Zone Files: Text files that describe a portion of the domain name space.
  • Records: Entries in zone files. Types include A (Address), AAAA (IPv6 Address), CNAME (Canonical Name), MX (Mail Exchange), NS (Name Server), PTR (Pointer), and more.
  • Delegation: Process of designating a subdomain to a specific authoritative name server.
  • Caching: Temporary storage of previous query results to reduce future query times.
  • Time to Live (TTL): A value in DNS records that tells other servers how long to cache a record before refreshing.

DNS Query Process

  1. Recursive Query: Client sends a query to a recursive DNS server (usually provided by the ISP).
  2. Root Name Server Query: Recursive server queries a root server if needed.
  3. TLD Name Server Query: Next, the query is sent to the appropriate TLD server.
  4. Authoritative Name Server Query: Finally, the query reaches the authoritative server for the specific domain.
  5. Response Returned to Client: The client receives the IP address for the domain name.

How DNS Resolves a Query (A Record)

Example Domain: www.example.com

  1. Your Computer to Local Resolver: Request A record of www.example.com.
  2. Local Resolver to Root Server: Request A record of www.example.com. Response: Address of .com TLD server.
  3. Local Resolver to .com TLD Server: Request A record of www.example.com. Response: Address of example.com authoritative server.
  4. Local Resolver to example.com Authoritative Server: Request A record of www.example.com. Response: IP address of www.example.com.
  5. Local Resolver to Your Computer: Response with IP address of www.example.com.

DNS A Record Diagram

How DNS Resolves a Reverse Lookup (PTR Record)

Example IP Address: 203.0.113.76

  1. Your Computer to Local Resolver: Request PTR record of 203.0.113.76.
  2. Local Resolver to Root Server: Request PTR record of 76.113.0.203.in-addr.arpa. Response: Address of .arpa TLD server.
  3. Local Resolver to .arpa TLD Server: Request PTR record of 76.113.0.203.in-addr.arpa. Response: Address of 113.0.203.in-addr.arpa authoritative server.
  4. Local Resolver to 113.0.203.in-addr.arpa Authoritative Server: Request PTR record of 76.113.0.203.in-addr.arpa. Response: Domain name associated with 203.0.113.76.
  5. Local Resolver to Your Computer: Response with domain name associated with 203.0.113.76.

DNS PTR Record Diagram

DNS Security

  • DNSSEC (DNS Security Extensions): Adds security to DNS, using digital signatures to ensure data integrity.
  • DANE (DNS-based Authentication of Named Entities): A protocol to bind keys and certificates.
  • DNS over HTTPS (DoH) and DNS over TLS (DoT): Encrypt DNS queries to enhance privacy and security.

Common DNS Issues

  • DNS Spoofing: Unauthorized introduction of false DNS records to redirect traffic.
  • Cache Poisoning: Inserting false information into a DNS cache.
  • Distributed Denial of Service (DDoS) Attacks: Overwhelming DNS servers with traffic.
  • NXDOMAIN Hijacking: Redirecting queries for non-existent domains.

Performance and Optimization

  • Anycast Routing: Using the same IP address for multiple DNS servers to route queries to the nearest server.
  • Load Balancing: Distributing requests across multiple servers to improve response times and system redundancy.
  • Geolocation-based Routing: Directing users to the nearest server based on their geographic location.

Tools and Utilities

  • dig: A command-line tool for querying DNS name servers.
  • nslookup: A utility for diagnosing DNS problems.
  • whois: A tool for querying information about domain ownership.

Advanced Features

  • DNS over QUIC: Incorporating QUIC protocol for better performance and security.
  • IPv6 Support: Handling AAAA records for IPv6 addresses.
  • Internationalized Domain Names (IDNs): Supporting non-ASCII characters in domain names.
  • Critical for Internet Functionality: DNS is essential for the operation of the internet.
  • Ongoing Challenges: Addressing security threats, scaling infrastructure, and adapting to new technologies.
  • Continual Evolution: DNS continues to evolve with new technologies and security practices.

References:

  1. “RFC 1034 - Domain Names - Concepts and Facilities” - IETF
  2. “RFC 1035 - Domain Names - Implementation and Specification” - IETF
  3. “Understanding DNSSEC” - ICANN
  4. “DNS over HTTPS” - [Mozilla Developer Network](https://developer.mozilla.org/en-US/docs/Web/HTTP/DNS_over
dns, cheatsheet, network
dns network
This post is licensed under CC BY 4.0 by the author.