Let's talk about DNS

Many users do not fully understand what DNS is, why this system is so important, and how it influences our daily work on the network. We believe that understanding the basics of DNS operation is a crucial step towards comprehending not only the principles of how the Internet functions but also issues related to internet security and anonymity. Understanding these aspects is particularly relevant in the face of the constant increase in cyber threats and attacks aimed at disrupting the operation of network services.

DNS stands for Domain Name System, which translates to the system of domain names. At first glance, the concept may seem quite abstract, but practically every Internet user encounters it daily. Thanks to DNS, we can input familiar words like google.com or yandex.ru in the address bar, instead of memorizing complex numerical sequences of IP addresses.

Key Concepts

To better understand this topic, let's start with the basic concepts.

A domain name is a human-readable string used for identifying a resource on the internet. For example, the domain name example.com corresponds to a specific IP address, which is a numerical identifier of a computer on the network.

IP addresses can be of two types:

IPv4 - a classic system with four octets (for example, 192.168.0.1), and IPv6 - a more modern system that allows for many more addresses due to the hexadecimal format.

How DNS emerged

The history of the emergence of DNS is closely related to the development of the Internet itself. In the early years of the network's existence, a centralized system was used, where a list of mappings between domain names and IP addresses was stored in a single large file. However, as the number of devices connected to the network grew, it became clear that this approach was quite inconvenient and could not be scaled.

By the 1980s, as the Internet began to rapidly develop and gain momentum, the amount of information started to increase dramatically, leading to the need for a more flexible, decentralized system to translate domain names into IP addresses. It was important to design a structure that could operate independently, providing reliable and fast access to any resource on the network.

The First Appearance of DNS

The first standard that laid the foundation of the modern DNS system was documented in RFC 1034 and RFC 1035. These documents defined the architecture and protocols on which the modern DNS is based, serving as a "starting point" for the further development of the system.

With the development of the Internet network, DNS has undergone many changes and improvements, introducing new capabilities such as distributed caching, load balancing, and mechanisms for protection against attacks. Today, DNS is one of the key components of the Internet infrastructure, providing fast and reliable routing of requests worldwide.

How DNS system works

To understand how DNS works, it is important to grasp its architecture and the processes underlying domain name resolution.

DNS Architecture

DNS is a hierarchical system consisting of several levels of servers:

• Root servers: They are the highest level of the DNS hierarchy and are responsible for directing requests to top-level servers.
• TLD servers (top-level domain servers): These servers manage top-level domain names such as .com, .ru, .net, and redirect requests to the appropriate authoritative servers.
• Authoritative servers: They store up-to-date information about domain names and are responsible for the final resolution of domain names into IP addresses.

Furthermore, there is a distinction between local and remote DNS servers. Local servers are typically owned by internet service providers or organizations and are used to speed up query processing by utilizing caching. Remote servers can be located anywhere in the world and provide additional levels of load distribution.

Domain Name Resolution Process

Domain name resolution is a multistage process that can be divided into several stages:

1. Customer Request: When a user enters a domain name in the browser, their device sends a request to the local DNS server.
2. Feedback from Cached Records: If the required information is already stored in the cache, the server instantly returns the corresponding IP address, significantly speeding up the process.
3. Query to Root Servers: If the information is not found in the cache, the query is forwarded to the root servers, which then redirect it to TLD servers.
4. Query to TLD and Authoritative DNS Servers: At this stage, the query is sent to the relevant TLD servers, and then to the authoritative servers where the final information about the domain is stored.

After your request has traversed such a long chain, the page you requested appears on your screen.

The Role of Caching

Caching plays a key role in speeding up DNS resolution. By storing the results of previous queries, the cache significantly reduces response time (and thus loading speed) and decreases the load on servers. However, caching can cause issues if the data becomes outdated, which is especially critical in the face of dynamically changing resources.

DNS Record Types

In the DNS system, there are multiple types of records, each serving its own purpose:

• A Record: Links the domain name to an IPv4 address.
• AAAA Record: Links the domain name to an IPv6 address.
• CNAME Record: Allows specifying an alias for the domain.
• MX Record: Defines mail servers for the domain.
• TXT Record: Stores textual information, often used for verification and security purposes.

Every type of record is important for the proper functioning of the network and allows for accurate and fast conversion of domain names to IP addresses.

DNS Security

Like any other technology, DNS is not immune to threats and vulnerabilities. Disruptions in the operation of DNS can lead to serious consequences for individual users as well as for large companies.

Among the most well-known DNS vulnerabilities are:

DNS Spoofing: An attack where a malicious actor deliberately interferes with the domain name resolution process by substituting real DNS responses with fake ones. Typically achieved by injecting fake DNS packets into the network before the legitimate server can respond to a query. As a result, when a user requests access to a specific resource, their device receives the wrong IP address, redirecting them to a fraudulent website. This site may closely resemble the original, enabling the attacker to gather sensitive information like usernames, passwords, or credit card details. Authentication mechanisms and digital signature of DNS responses are employed to combat such attacks; however, without proper protection, malicious actors can easily bypass standard security measures.

DNS Cache Poisoning: The mechanism where attackers inject malicious records directly into a DNS server's cache. When the server retains such a fake record, it becomes available to all users serviced by that server. Even if the initial request was legitimate, subsequent queries automatically receive false information, leading to redirection to fake websites. The consequences of such an attack can be extremely massive since hundreds or even thousands of users are immediately affected until the cache is cleared or overwritten. Cache poisoning is often used in combination with other attacks, amplifying the overall impact and creating prolonged periods during which users remain at risk.

BGP Hijacking: Although this method is not a direct attack on DNS, it significantly affects the proper functioning of DNS servers. The Border Gateway Protocol (BGP) is responsible for exchanging route information between autonomous systems on the Internet. With BGP Hijacking, attackers change routes, redirecting traffic through their nodes. As a result, DNS requests intended for legitimate servers can fall into the hands of attackers, allowing them to intercept, analyze, or modify data. Such an attack can cause widespread service disruptions and disrupt the stability of entire network segments, especially if critical DNS servers are affected.

DDoS Attacks: DDoS attacks (Distributed Denial of Service) are a method of distributed impact in which a large number of devices, often just bots, simultaneously send requests to one or more servers. The goal of such an attack is to overload the server to the point where it stops responding to legitimate user requests. The consequences of a DDoS attack can be catastrophic: targeted services become unavailable, leading to losses for businesses and disruption of critical systems. Very often, attacks of this nature can be combined with other methods, such as DNS spoofing, making them particularly dangerous and difficult to respond to promptly.

The consequences of such attacks can be quite devastating: users may lose access to necessary resources, their data is threatened, and the reputations of companies suffer. Financial institutions, online stores, and internet security services can be especially vulnerable as they all store sensitive information (personal information, documents, bank accounts, etc.). If this information falls into the hands of malicious actors, it can cause financial, legal, and sometimes even physical harm.

Historical background

One of the largest DNS server attacks was the attack that occurred on August 18, 2023. Google Cloud CDN was targeted by hackers. On that day, a record of 398 million requests per second was recorded. This attack not only set a new "anti-record," exceeding the previous figure by 7.5 times, but also demonstrated the evolution of malicious methods, in particular the use of the Rapid Reset technique.

The Rapid Reset method involves quickly resetting and restoring TCP connections, allowing attackers to generate a huge number of requests in an extremely short period of time. Thanks to this approach, malicious actors were able to create traffic equivalent to the volume of views on Wikipedia articles for the entire month of September in just 2 minutes. This level of efficiency indicates that modern DDoS attacks are becoming more sophisticated and capable of bypassing standard security systems even at giants like Google.

The incident highlighted that even distributed CDN systems, designed to absorb and mitigate the consequences of massive attacks, may encounter issues when traffic is generated at such speed and scale. This case has been an important signal for the entire IT community, emphasizing the need for continuous improvement of defense mechanisms, adaptation of infrastructure, and the implementation of new technologies to combat such threats.

How to protect yourself?

To enhance internet security, specialists recommend using technologies such as DNSSEC - a mechanism for digitally signing DNS records that helps prevent attacks like spoofing and cache poisoning. Additionally, using a VPN provides an additional level of protection by hiding real IP addresses and increasing anonymity online. We also emphasize the importance of using specialized tools, such as an anti-detection browser - a solution that allows you to conceal browser information and provide an additional layer of protection when working through public networks.

The Future of DNS

The future of DNS is tied to the implementation of new technologies and the improvement of existing protocols, amidst increasing threats and growing strain on internet infrastructure.

Two of the most discussed innovations in recent years are DoH (DNS over HTTPS) and DoT (DNS over TLS).

These technologies provide encryption of DNS queries, significantly enhancing the level of privacy and data security.

DoH (DNS over HTTPS) - Encrypts DNS queries using the HTTPS protocol, protecting data from interception and analysis. The advantage of this approach is integration with existing HTTPS security mechanisms.

DoT (DNS over TLS)- Similar to DoH, DoT uses encryption over TLS (Transport Layer Security), providing protection for DNS queries and preventing malicious intervention.

Overall, the future development vector of DNS will be associated with

Enhancing security measures: Development of new protocols and protection methods to minimize vulnerabilities and respond quickly to attacks.

Seeking cutting-edge solutions for scaling infrastructure: Given the growing number of devices and data volumes, we will need innovations that can ensure high performance and fault tolerance of DNS servers.

These innovations are aimed not only at enhancing security but also at providing anonymity on the internet for users, which is particularly important in the face of a constant increase in cyber threats. The use of encryption technologies and distributed systems allows for the creation of a more resilient and secure infrastructure, where every DNS server becomes an important link in the chain of data protection.

Conclusion

Summing up our review, it can be confidently stated that DNS is a fundamental technology that underlies the functioning of the modern Internet.

It's important to remember that, despite the efforts made by both large companies and non-profit organizations to enhance online security, every user should take additional measures to protect their data. Utilizing modern encryption technologies such as DoH and DoT will not only help ensure a stable network connection but also maintain anonymity online.

We hope that our review helped you better understand what DNS is, how it works, and why its security is so important in the modern world. We urge you to pay more attention to personal data protection issues, remembering that downloading an anti-detection browser and using proxy connections are important steps to ensure reliable operation and information security.