Written by Clifford
This document explains some of the technical details of DNS.
How DNS Works
ICANN is the organization that oversees the assignment of IP addresses worldwide.
For example, the .com domain is operated by Verizon Business.
The DNS server tries to sort out the IP address by looking in its cache.
If the address is not found it will query other DNS servers.
This request could go all the way to the TLD DNS servers.
DNS records have an expiration of a few hours.
Presumably they could return a DNS query a few milliseconds faster than other servers.
That would reduce latency for people in different parts of the world who are looking for your website.
They failover their customers to a redundant site in the case of an outage by changing the DNS records.
They also provide assistance during DDOS (distributed denial of service) attacks.
So the company does not have to wait hours to get back online.
Cloudflare is another company that helps when a website is under a DDOS attack.
They do this by proxying your web traffic to their enormous data centres temporarily.
Then they block DNS lookups that look like they are coming from hackers.
DNS A Record
There are different types of DNS records.
One domain usually has several.
The A record gives the IP address of the domains website.
On Linux systems you could use the dig command to query a DNS server.
Or you’ve got the option to run it online at different websites.
For example, here is the A record foranturis.com.
In the screen below, I selected the DNS servers at Google.
The website shows me that the IP address for Anturis is 67.225.148.163.
DNS MX Record
The MX record for a domain is the FQDN of the domains email server.
It then sends mail to the MX record with the lowest priority.
It uses the next server priority if the first one is busy or not available.
Email is send using SMTP which is an interactive conversation.
Thus there is a limited number of SMTP connections available per mail server.
For this reason its often the case that the first server is busy.
The MX record is a domain name and not an IP address.
Most of the time domain names in the MX record have a dot (.)
It does not mean anything.
It is just a convention.
The mail server would have to remove the dot to resolve to a valid IP address.
In the example below, you’ve got the option to see that Anturis uses Google for email.
They go around the VPN tunnel.
This means a hacker knows what addresses you are looking up if they are snooping on your traffic.
Here is how to illustrate that.
I used Wireshark to snoop the traffic going out my laptop.
you could see that the DNS lookup is going out in clear text.
If this traffic was encrypted you would not be able to read the text in the packet.
The Open Resolver Problem
A DDOS attack is designed to take down a website.
This is possible because the IP address for the recipient can be spoofed.
In other words, it can be set to whatever value the hacker wants.
The DNS server does not check it.
This is because of an older DNS design, which lots of DNS servers still have not fixed.
you could read more about this at theOpen Resolver Project.
Government Censorship
Some countries, including Turkey and China, have poisoned DNS servers to block websites.
They do this by adding fake DNS records to DNS servers.
Those addresses have the wrong IP address, thus blocking sites likeThe New York Timesin China.
In China, all internet traffic is required to use government-approved DNS servers.
Turkeys censorship is not so sophisticated.
So this is a basic summary of some of the technical details, options, and issues around DNS.
Also key is the message that you should partner with another company to provide DDOS protection for your site.
