DNS Reflection

Zach M         9/23/16

• Can you give a high level description of DNS as a name-to-IP-address mapping system used on the Internet?
• Can you give a few reasons why DNS is useful and necessary?
• Can you describe at least one vulnerability of DNS and how an attack on it works?

In the DNS, each dot in the address represents a level in the domain structure. Each level refers to a server or group of servers that handle that level. The last level refers to a top level domain. For example, www.google.com has 3 levels in it’s domain.

The leftmost site of the web address is the host name. It specifies a specific ip address in a domain, that's typically dedicated to a specific process. Docs.google.com for example is a specialized ip set up just for google docs. A common example is www.

(For uncached websites)

When you attempt to access a website, your request first goes to a recursive resolver(or DNS resolver), typically run by your isp. The recursive resolver then contacts a root server, a dns that contains information about specific top level domains, such as .com, .org, etc. The root server knows how to access top level domain servers (TLD). If your website is a .com top level domain, it goes to the .com TLD. The TLD sends your request to a Authoritative Name Server. The Authoritative Name Server is the server that stores large amounts of ip addresses. Finally, the Authoritative Name Server sends the ip you requested back to the recursive resolver and you can connect to the website.

DNS is useful and necessary because it would be near impossible to memorize your favorite sites. It is much easier to memorize youtube.com then a 9 digit ip address.

One Vulnerability of DNS is the ability to exploit open resolvers (misconfigured DNS resolvers) to launch a DDOS attack. Since DNS queries are sent by UDP protocol, which requires no handshake to establish where the packet came from, hackers can fake their ip to the site they want to attack. If they request all of the DNS records of a zone, it will end up getting sent to the faked ip. This allows hackers to flood the targets servers with large amounts of incoming data, which slows down their website or server to a crawl.