What is DNS? The Internet’s Address Book

By /

Listen to this Post

Featured Image
DNS (Domain Name System) is the backbone of the internet, translating human-readable domain names (e.g., google.com) into machine-readable IP addresses (e.g., 172.217.160.142). Without DNS, browsing the web would require memorizing complex numerical addresses.

How DNS Works:

  1. User Request: You enter `example.com` in your browser.
  2. DNS Query: Your computer sends a request to a DNS resolver (usually your ISP or public DNS like Google’s 8.8.8.8).
  3. Recursive Lookup: If the resolver doesn’t have the IP cached, it queries root servers, TLD servers (.com), and authoritative DNS servers.
  4. Response: The IP is returned to your browser, which connects to the web server.

DNS Security:

DNS is a common attack vector for:

  • Pharming: Redirecting users to malicious sites.
  • DNS Spoofing: Fake DNS responses.
  • DDoS Attacks: Overwhelming DNS servers.

DNSSEC (DNS Security Extensions) prevents tampering by digitally signing DNS records.

You Should Know:

1. Check DNS Records with `dig` (Linux/macOS)

dig example.com A  Get IPv4 address 
dig example.com MX  Mail server records 
dig example.com NS  Name servers 
dig +short example.com  Short output

2. Flush DNS Cache (Windows/Linux/macOS)

  • Windows:
    ipconfig /flushdns
  • Linux (systemd-resolved):
    sudo systemd-resolve --flush-caches
  • macOS:
    sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

3. Change DNS Servers

  • Linux (NetworkManager):
    nmcli con mod eth0 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con up eth0
  • Windows (PowerShell):
    Set-DnsClientServerAddress -InterfaceIndex 1 -ServerAddresses ("8.8.8.8","1.1.1.1")

4. Test DNSSEC Validation

dig +dnssec example.com

Look for `ad` (Authenticated Data) flag in the response.

5. Block Malicious DNS with `hosts` File

  • Linux/macOS: `/etc/hosts`
  • Windows: `C:\Windows\System32\drivers\etc\hosts`

Add entries like:

0.0.0.0 malware.com

6. Monitor DNS Traffic with `tcpdump`

sudo tcpdump -i eth0 port 53

What Undercode Say:

DNS is often overlooked but critical for cybersecurity. Attackers exploit weak DNS configurations for redirection, data exfiltration, and phishing. Always:
– Use DNSSEC.
– Monitor for unusual DNS queries.
– Prefer encrypted DNS (DoH/DoT).
– Block known malicious domains via firewall or `hosts` file.

Expected Output:

$ dig google.com +short 
172.217.160.142

Prediction:

As cyber threats evolve, DNS will remain a prime target, pushing wider adoption of DNS-over-HTTPS (DoH) and AI-driven anomaly detection in DNS traffic.

(Relevant URL: Cloudflare DNS Guide)

References:

Reported By: Ashish – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: