DNS
what is a host file
phonebook before DNS, local file that maps domain name to IP
advantages of host file (6)
1. local domain resolution - doesnt query external DNS servers
2. testing websites - redurect traffic to test server during development
3. blocking websites - map unwanted domains to a local host IP
4. override DNS entries - useful if DNS servers misconfigured
5. isolate issues - redirect domain to specific server for testing or troubleshooting
6. debugging - force traffic to local/specific server instead of 1 listed in public DNS / bypasses cache / good for trsting new sites
disadvantages of host file (3)
1. static - doesnt update dynamically like DNS
2. not practical for large networks or frequent changes
3. host file hijacking - malware can modify HF to redirect legit sites to malicious IPs
cache definition
local storage of recently resolved domain-to-IP mappings, temporarily stores, clears after TTL value met which is set by DNS server or until cleared manually
advantages of cache (5)
1. faster DNS resolution
2. reduces network traffic
3. less load on DNS servers by elimating repetitive queries
4. improved user experience by reducing response time for smoother browsing experience
5. enhanced redundancy (if DNS is down)
disadvantages of cache (6)
1. stale outdated data - if changes to IP, doesnt auto update
2. when system is turned off, data + instructions destroyed
3. costly
4. cache poisoning - attackers can manipulate caches and can send to a phising site
5. troubleshooting - w/stale data when troubleshooting a domain res prob itll resolve incorrectly making it hard to pin point prob until cache clears/expires
6. limited to local device - only applies to device w/cache so changes on DNS records might only affect some
name the records in DNS (9)
1. PTR (pointer) - reverse lookup
2. MX (mail xchange) - directs emails to mail servers for a domain (user@example.com)
3. A - maps domain to IPv4
4. AAAA - maps domain to IPv6
5. SOA (start of authority) - birth cert of domain, primary NS, tracks when records are updated, helps keep multiple servers in sync
6. CNAME (canonical name) - aliasing, points 1 domain to another A/AAAA record
7. NS (name server) - specifices which DNS servers are authoritative for a domain
8. TXT (text) - note attached to a domain, used for extra info
9. SRV (service record) - map that helps computers find specific services on a domain
examples of SRV (1)
SIP TRAFFIC (session initiation protocol) - protocol used for communications (set up, ringing, termination)
examples of TXT (2)
1. SPF (sender policy framework) - text record for email security, list which servers are allowed to send emails on your behalf
2. DKIM (domainkeys identified mail) - email security feature, adds digital signature, recepients email server checks sign. to make sure it wasnt tampered with
list steps in DNS resolution process (8)
1. user query
2. host file
3. cache
4. recursive resolver
5. root name server
6. TLD server
7. authoritative nameserver
8. browser connection
recursive resolver
step 4: computer sends request to ISP's DNS server (r.r), message known as recursive DNS query
root name server
step 5: request sent here if last took too long, responsible for knowing appropriate TLD server and sends that back ( .com )
LIBRARIAN who point you to the right section
TLD server
(top level domain) step 6: responds w/appropriate authoriative nameserver, maintains info for all domain names w/same domain extension
SECTION of library
authoritative nameserver
step 7: sotres DNS record that map domain names to IP addresses, holds real, official record for "example.com" +knows IP address
SHELF
browser connection
step 8: DNS recursor sends IP address back to users browser, allowing it to connect to and load appropriate website/application
challenges with DNS (4)
1. misconfiguration in a single DNS server (missing/mistyped IP in an authoritative server) can lead to cascading failures for all services that communicate with it
2. can happen because of settings on users device, like their browser, not just issues w/server. companies might not know about these settings or be able to see them
3. many popular apps now depend on same DNS providers. if 1 of these providers goes down, it can cause worldwide issues
4. these providers are also major targets for cyber attacks like DDoS and cache poisoning
DNS monitoring tool features (5)
1. check status of all internal DNS servers in 1 place
2. investigate issues w/DNS on client devices or security problems
3. fix delays or errors on specific devices (troubleshoot latency)
4. compare DNS performance w/data from other services
5. spot unusual DNS record mappings or slow response times