Exploring DNS with dig

·

3 min read

Exploring DNS with dig

<What>

The Domain Name System (DNS) is a protocol that translates domain names into IP addresses. Often referred to as the "phonebook of the internet," DNS simplifies navigation by allowing users to access websites using human-readable names instead of numeric IP addresses. DNS supports both IPv4 (32-bit) and IPv6 (128-bit) addresses, for example:

  • IPv4 Address: 192.168.36.8

  • IPv6 Address: FE80:CD00::0CDE:1257:211E:729C

Each device on a network typically has a host file that maps hostnames to IP addresses. For example, a host file could map localhost to 10.0.0.84, allowing access to a local webserver. Host files are located in:

  • Windows: C:\Windows\System32\drivers\etc

  • Linux: /etc/hosts

<Why>

Without DNS, browsing the internet would be extremely difficult. Users would need to remember the exact IP addresses of every website. DNS makes internet navigation simpler by using domain names. However, DNS is also a target for attackers. Common DNS attacks include:

  • DNS Cache Poisoning: Sending malicious packets into the DNS cache, where legitimate users are either infected with malware or redirected to a malicious domain that looks legitimate.

  • DNS Flood Attacks: A type of Distributed Denial of Service (DDoS) attack where an attacker floods a DNS server with an overwhelming amount of queries, this will cause the server to crash which then affects resource availability to legitimate users.

<How>

Here’s how DNS resolution works:

  1. Local DNS Cache (Browser and OS): When you type buildattackdefend.net into your browser, the browser first checks its local DNS cache for the IP address. If it finds the IP address, it connects directly to the website. If not, the OS cache is checked.

  2. DNS Resolver: If the IP address isn’t found locally, the OS forwards the request to a DNS resolver (often provided by your ISP or a public service like Google DNS or Cloudflare DNS). If the resolver doesn’t have the IP address cached, it queries one of the 13 root nameservers.

  3. TLD Nameservers: The root nameservers don’t directly have the IP, but they point the resolver to the Top-Level Domain (TLD) nameservers responsible for .net domains.

  4. Authoritative Nameservers: The TLD nameservers direct the resolver to the authoritative nameservers for buildattackdefend.net. These servers hold the actual DNS records, including the IP address for the domain.

  5. DNS Response to Client: The DNS resolver returns the IP address to the OS, which passes it to the browser. The browser then uses this IP address to load the website.

<Demonstration Video>

In this video, I’ll manually query the root servers, retrieve the nameserver of the domain's TLD, and use that to get the domain's IP.

I’ll be doing this on my Linux box, but if Graphical User Interface (GUI) is ya thing (nothing wrong with that) here is a link to do the same but on a site https://mxtoolbox.com. Again, you don’t have to know this BUT it will help you better understand how DNS works :)