What is DNS and DNS Server?The Domain Name System (DNS) is one of the fundamental technologies of the modern Internet environment and is a distributed system of storage and processing of information about domain zones. It is necessary, first of all, to correlate the IP-addresses of devices in the network and more convenient, human-readable symbolic names.
Critical Issue About : Cloud Security IssuesThe namespace that maps addresses and unique names may be organized in two ways: flat and hierarchical. In the first case, the name assigned to each address is a sequence of characters without structure, fixed by any rules. The main drawback of a flat namespace, it can not be used in large systems such as the Internet, because of its randomness, as in this case is quite difficult to verify the ambiguity and duplication.
In a hierarchical namespace as each name is made up of several parts. For example, the first level domain .mobi, second-level domain yourdomain.com, third-level domain name.yourdomain.com, etc. This type of namespace makes it easy to carry out checks for duplicates and at the same time organizations do not need to worry that the prefix chosen to host busy someone else and the full address will be different.
What is DNS Server - A comparison of the namesLet's see how the comparison of names and IP-addresses. Suppose the user types in the browser www.yourdomain.com and presses Enter. The browser sends a DNS Server Network Request, and the server, in turn, corresponds to either itself (if it knows the response) or forwards the request to one of the higher-level domain servers (or root).
The request is then begins its journey is the root server sends it to the server tier. The second-level server and so on, until you find a server that knows the requested name and address, or knows that such a name does not exist. After this inquiry starts to move back. In order to clearly explain how it works from dnssimple guys have prepared a colorful comic book, which you can find at this link.
Also, a few words should be said about the inverse mapping process is getting the name provided by IP-address. This occurs, for example, checks e-mail server. There is a special domain in-addr.arpa, records which are used to convert IP-addresses into symbolic names. For example, to obtain a DNS Name for the address 18.104.22.168 can be obtained from the DNS Server Entry 22.214.171.124.in-addr.arpa, and returns the corresponding symbol name.
Who Manages and Supports DNS Server?When you enter the URL of the Internet resource in your browser, it sends a request to the DNS-server is responsible for the root zone. Such servers 13 and they are managed by different operators and organizations. For example, a.root-servers.net server has the IP-address of 126.96.36.199 and is administered by the company Verisign, and e.root-servers.net (188.8.131.52) Serves NASA.
Each of these operators provide this service free of charge and provides a smooth operation, because in case of failure of any of these servers will not be available the whole area of the Internet. Previously, the root DNS Servers, which are the basis for handling all requests for domain names on the Internet, located in North America. However, with the introduction of alternative technologies addressing are "spread" all over the world, and in fact, their number increased from 13 to 123, thus improving the reliability of DNS Foundation.
For example , in North America are servers 40 (32.5%), in Europe 35 (28.5%) 6 more servers located in South America (4.9%) and 3, in Africa (2.4%). If you look at the map, the DNS-servers are located according to the intensity of use of the Internet infrastructure.
What is DNS Server - Protection Against AttacksAttacks on the DNS is not a new strategy for hackers, but only recently the fight against this kind of threats began to take global.
"In the past there were already attacks on the DNS Server, leading to massive failures. One of the DNS Spoofing entries for an hour for the users was not available to all known service Twitter. But the more dangerous attacks on the root DNS Server. In particular, the well-publicized attacks received in October 2002, when unknown persons tried to hold a DDoS Attacks on 10 of the 13 top level of DNS Servers".
The DNS protocol uses for TCP or UDP port for responding to requests. Traditionally, they are sent in a single UDP datagram. However, UDP is a connectionless protocol and therefore has vulnerabilities associated with fake addresses, many of the attacks carried out on the DNS Server, rely on a substitute. To prevent this, use a range of methods aimed at improving safety.
One option would be uRPF technology (Unicast Reverse Path Forwarding), the idea of which is to determine whether a packet to a specific address of the sender to be adopted on a specific network interface. If a packet received from a network interface, which is used to transmit data addressed to the sender of the packet, the packet is considered authenticated. Otherwise, it is discarded.
Despite the fact that this function can help detect and filter out some of the fake traffic, uRPF does not provide complete protection against spoofing. uRPF suggests that the reception and transmission of data to a specific address made through the same interface, and this complicates the situation in the case of multiple providers. For more information about uRPF can be found here.
Another option is to use features IP Source Guard. It is based on uRPF technology and monitoring the DHCP packet filtering for fake traffic on individual switch ports. IP Source Guard checks the DHCP-traffic on the network and determines which IP Addresses were assigned to network devices.
Once this information has been collected and stored in a table combining DHCP tracking packages, IP Source Guard can use it to filter IP packets received by the network device. If the packet received from the IP source address that does not correspond to track association table DHCP-packet, the packet is discarded.
Also worth noting is the utility DNS Validator, which oversees the transfer of all the DNS packet, compares each request with an answer in the case of mismatch header notifies the user. Detailed information is available in the repository on GitHub.
Conclusion about What is DNS ServerDomain Name System is developed in another 80s of the last century and continues to provide the usability of the address space of the Internet so far. Moreover, DNS technologies are constantly being developed, for example, one of the most important innovations of recent times has been the introduction in national alphabets domain names.
Continuing work is underway to improve the reliability, to make the system less sensitive to disruptions (natural disasters, disconnect the power supply and so on. D.), And this is very important because the Internet has become an integral part of our lives, and "lose" it, even for a few minutes , it would not be desirable.