How DNS Works: A Deep Dive into the Domain Name System

By /

Listen to this Post

Featured Image
DNS (Domain Name System) is a distributed naming system that converts human-readable domain names (e.g., google.com) into machine-readable IP addresses (e.g., 172.217.0.46). It operates through a hierarchical network of name servers, ensuring efficient and reliable domain resolution across the internet.

DNS Resolution Process

  1. User Query: A user enters a domain (e.g., example.com) in a browser.
  2. Recursive Resolver: The request is sent to a DNS resolver (often managed by the ISP).
  3. Root Server: If the resolver doesn’t have the IP cached, it queries a root DNS server.
  4. TLD Server: The root server directs the query to the Top-Level Domain (TLD) server (e.g., .com).
  5. Authoritative Name Server: The TLD server points to the domain’s authoritative name server, which holds the actual IP.
  6. Response: The IP is returned to the user’s device, allowing the connection.

You Should Know: Essential DNS Commands & Tools

1. Query DNS Records with `dig`

dig example.com A  Get A (IPv4) record 
dig example.com MX  Get mail server records 
dig example.com NS  Get name server records 
dig +short example.com  Short output

2. Check DNS Resolution with `nslookup`

nslookup example.com  Basic DNS lookup 
nslookup -type=MX example.com  Check MX records

3. Inspect DNS Cache on Linux

systemd-resolve --statistics  View DNS cache stats (systemd) 
sudo rndc dumpdb -cache  BIND DNS server cache dump

4. Flush DNS Cache

  • Linux (systemd):
    sudo systemd-resolve --flush-caches
  • Windows:
    ipconfig /flushdns

5. Test DNS Propagation

dig @8.8.8.8 example.com  Query Google's DNS 
dig @1.1.1.1 example.com  Query Cloudflare's DNS

6. DNS Tunneling Detection

tshark -i eth0 -Y "dns" -T fields -e dns.qry.name  Monitor DNS queries
  1. Modify Hosts File for Local DNS Override
    • Linux/Windows:
      sudo nano /etc/hosts  Add "127.0.0.1 example.com"

What Undercode Say

DNS is the backbone of internet connectivity, yet it’s often exploited for attacks like DNS spoofing, cache poisoning, and tunneling. Mastering DNS troubleshooting (dig, nslookup) and hardening techniques (DNSSEC, DNS filtering) is crucial for cybersecurity professionals. Always verify DNS responses and monitor unusual query patterns to detect malicious activity.

Expected Output:

$ dig google.com +short 
172.217.0.46

For further reading, visit: https://study-notes.org

References:

Reported By: Xmodulo Dns – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: