domain name service
- translates domain names to IP addresses
-
1 cause of stupid connectivity issues in [[RvB]] bc windows/linux config files rely on it¶
-
[[UDP]] 53 for queries for speed and bc its connectionless
-
[[TCP]] 53 for zone transfers - when name servers exchange updated records
-
common DNS servers
- google IPv4
8.8.8.88.8.4.4
- cloudflare IPv4
1.1.1.1
- google IPv4
- sometimes have DNS sinkhole so we know who's trying to go to malicious sites
recursive DNS iterative DNS
- DNS record request (typing in a URL into browser)
- go to DNS recursive revolver (librarian), revolver makes additional requests
- goes to root nameserver
- goes to TLD (Top level domain) name server
- hosts last portion of domain name, like
.com
- hosts last portion of domain name, like
attacks¶
- DNS cache poisoning / DNS [[spoofing]]
- false info into DNS cache so that domain name goes to wrong IP
- can be done thru
- modifying DNS server
- modifying client host file (takes precedence over DNS queries)
- MITM - send fake response to valid DNS request
security¶
- DNSSEC - validate DNS responses using public key crypto
- DNS resolve malicious site to sinkhole address
- identify PC's infected w malware
- this is essentially content filtering