What is a Domain Name Server and How Does it Relate to Website Protection?

by
Complex internet is connected by different forms of connections via domain name servers
DNS servers help connect users to websites

Everyone who’s used the internet has come across with the term “DNS” in some point of their online life, but more likely than not ignored it, thinking it was just one of those internet gibberish lingos. Frankly, many people guilty of doing this. But what not people know are aware of is the importance of a Domain Name Server. In this article, you will learn about what DNS does and how it is related to your daily online life.

How Does It Work?

DNS is the backbone of the internet. It handles millions of request and help internet browsers locate website around the globe. Here is a brief example on how the Domain Name Server works:

  1. As an example, let’s imagine that a user wants to see a website (ex. https://www.cloudbric.com/en).
  2. The user will first type the domain name in the URL field of his internet browser.
  3. The browser will then request the IP address of the cloudbric’s site to a DNS server that is provided by a ISP.
  4. The DNS server will then search the IP address of the requested website, and send it back to the user computer for access. However, if the DNS server is unable to find the IP address in their cache, it will defer to another DNS server called root servers which operate around the globe.
  5. If the root servers had a copy of cloudbric’s IP address in their cache, they return it immediately to the previous servers. If not, they point out another DNS servers called Top Level Domain (TLD) servers.
  6. TLD servers possess the addresses that end up with .com, .net, .org and many more. Once the servers have found the address, it will query an IP address (ex.192.10.182.1) and sends it to your browser.
  7. The browser will interpret the IP address and translate it into a readable address, in this example it will translate to “https://www.cloudbric.com/en” and display it in the URL field on top of your browser.

DNS Attacks

Now that you have a basic understanding how DNS function, here are three attacks that you should now related with DNS:

      1. DNS Spoofing

Also known as DNS cache poisoning, this attack replaces the address of a website for another. Think of it as if someone was robbing a museum and the thief swaps the real piece of art for a fake one. Users looking to enter a website are instead headed to the fake website which it can contain a virus, malware or spyware into their computer.

      2. DNS Amplification Attacks

In 2015, it was reported becoming more common as a form of denial of service (DoS Attack). Amplification attacks use DNS machines to increase their attacks drastically and reflect the traffics passing through the DNS machines to its victim. This is possible due to the nature of DNS machines and almost impossible to trace the attack’s origin.

      3. DNS Fast Flux

This is a technique that hackers deploy to avoid detection. They use infected computers as botnets, just like they would in order to start a DDoS attacks, to hide their presence against authorities. If not careful, your computer could be used as a proxy that aids a hacker.Domain Name Server is one of the most important backbones of the internet. Because of its important role, it is often targeted by hackers for exploitation. DNS can’t provide you protection once it was compromised, however, relying in a good web application firewall can guard you from attacks originated from DNS and much more. Keep an eye to Cloudbric to learn more about cyber security!