SlideShare a Scribd company logo

A DNS Primer - Everything you need to know about DNS

O
OmkarKumbhar34

This presentation focuses on fundamentals of DNS in detail.

Technology
1 of 27
A DNS Primer
About Me • Omkar Kumbhar • Currently working as Associate Solution Advisor for Deloitte • Worked as a Salesforce Developer for past 4+ years. • @kumbharomkar07 • https://www.linkedin.com/in/omkar-kumbhar-b1219499/
What is DNS Domain Name System – Provides naming structure for online resources, maps domain names to respective addresses (IPv4, IPv6) and vice-versa. e.g. www.example.com  192.168.30.1 Created by Paul Mockapetris at UC Irvine in 1983. Before DNS, people used to map names to IP addresses by sharing big text file called ‘hosts.txt’ Generally uses UDP protocol and listens on port no. 53. Sometime use TCP if content is > 512 bytes. (e.g. zone transfer)
“.” com edu net example dev api staging FQDN: www.api.example.com. Root Domain Top Level Domains Second Level Domains Sub-domains www hostname DNS Hierarchy
DNS Query Types • Forward • Asks for IP address for given domain name • Reverse • Asks for domain name for given IP address • Recursive • Client asks server to do all the resolution work on client’s behalf and interested only in the answer. • Iterative • Opposite of recursive queries • DNS server tells client where to look next.
DNS Response Types • Authoritative • The response comes directly from nameserver which has authority for the record in question. • e.g. example.com’s DNS server is directly providing you answer. • Non-authoritative • The responses comes from another server or from cache. • e.g. If local DNS server is giving answer for example.com domain
DNS Query/Request
DNS Response
DNS Response
DNS Cache vs. DNS Server vs. DNS Resolver • DNS Cache – The list of domain names and IPs that has been resolved recently. • DNS Server – Serves DNS requests to clients. It can be cache which just performs recursive queries or it can hold authoritative answers for particular domain/zone. • DNS Resolver – DNS Clients. They make iterative or recursive queries.
DNS Server Configurations • Cache-only DNS Server • Doesn’t hold any authoritative information of its own, it relies on information obtained by recursion. • Authoritative DNS Server (Master-slave) • Holds authoritative information for certain resources • Primary Server • Master server which holds all the data related to particular zone. • Secondary Server • Pulls zone information from master server for backup and redundancy.
DNS Name Resolution Process
1. Enters www.example.com in browser 2. Checks cache 3. Checks hosts.txt 5. Checks cache Root Name Server .com Name Server example.com Name Server 6. Iterative query to root name server 7. Name server for .com 8. Iterative query to .com server 9. Name server for example.com Local DNS server 11. Ip address for www.example.com 10. Iterative query to example.com server 4. recursive query to local DNS server 12. Requested IP Address Client ( Laptop/Desktop) example.com drive www A.B.C.D mail Get root name server info from named.ca file
Resource Records Unit of information entry in DNS zone files. Owner TTL Class Type RDATA example.com 600 IN A 192.168.30.1 • [Owner] – Domain name • [Time to live]: How long is a zone record valid • [Class] – represents protocol family • Type – Type of resource the RR is representing • RDATA – Resource data.
DNS Record Types • A – IPv4 address • AAAA – IPv6 address • CNAME – Canonical name, alias of one name to another • MX – Mail transfer agents for the domain • NS – Authoritative name servers • PTR – Pointer record. Used for reverse lookup • SOA – Source of Authority. Authoritative information about a DNS zone. • AXFR – Authoritative zone transfer
What is Zone Transfer? • The process of retrieving zone data from another authoritative server (master server) • Initiated by secondary/slave server for backup and redundancy purpose. • Take place over TCP because the data is usually greater than 512 bytes • Client sends query of AXFR • Security risk involved if anyone can transfer zone from DNS server. • Zone transfer should only be allowed by approved systems.
Demo
DNS Security • DNS Spoofing/DNS Cache poisoning – Attacker redirects victim to malicious website by inserting false information into a DNS cache. • Typically there is no way to verify the DNS data in their cache. Information remains until the TTL expires or removed manually. • More secure DNS protocol DNSSEC aims to solve these problems but it has not been widely adopted yet.
What is DNSSEC? • Short for DNS Security Extensions • DNSSEC attempts to add layer of security to original design of DNS. • It protects DNS clients from populating false/forged information in their cache. • All answers in DNSSEC are digitally signed using public-key cryptography.
DNSSEC Terminologies • RRSet (Resource Record Set) – Group of records with same type. e.g Multiple A records can be grouped into single A record set. • Zone-Signing Keys (ZSK) – Used to sign/verify each RRSet in the zone. • RRSig (Resource Record Signature) – Record containing an RRSet’s digital signature. • Key-Signing Keys (KSK) – Used to sign/verify zone’s keys. • Fingerprint – Hash/digest of public keys. • DS (Delegation of Signing) – A record containing the hash of child zone’s pubKSK (public KSK)
How DNSSEC Works?
Root Name Server Local DNS server Client Recursive query to local caching DNS server Root zone’s DNSKEY record • Root pubZSK • Root pubKSK RRSig of DNSKEY (signed with root PvtKSK) DS Record for .com zone (hash of .com zone’s pubKSK) RRSig of DS Record (signed with root PvtZSK) Referral to .com name server Root pubKSK Verify zone
Root Name Server Local DNS server Client Recursive query to local caching DNS server .com zone’s DNSKEY RRSet • .com pubZSK • .com pubKSK RRSig of DNSKEY (signed with .com PvtKSK) DS Record for “example” zone (hash of example zone’s pubKSK) RRSig of DS Record for “example” zone (signed with .com PvtZSK) Referral to example.com name server Verify zone .com Name Server DS record for .com zone Hash of .com zone’s pubKSK
Root Name Server Local DNS server Client Recursive query to local caching DNS server example.com zone’s “A” RRSet 192.X.X.X RRSig of “A” RRSet (signed with “example” PvtZSK) “example” zone’s DNSKEY RRSet • “example” pubZSK • “example” pubKSK RRSig of DNSKEY (signed with “example” PvtKSK) Verify zone .com Name Server DS record for “example” zone Hash of example zone’s pubKSK example.com Name Server Sends Requested IP Address to local resolver
Root Name Server Local DNS server Client Recursive query to local caching DNS server .com Name Server example.com Name Server www. example.com Web Server
References • https://danielmiessler.com/study/dns/#what • http://www.tcpipguide.com/free/t_DNSNameResolutionProcess- 2.htm • https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ • https://www.cloudflare.com/dns/dnssec/how-dnssec-works/ • https://en.wikipedia.org/wiki/Domain_Name_System • https://en.wikipedia.org/wiki/List_of_DNS_record_types • https://www.youtube.com/watch?v=_8M_vuFcdZU&t=580s
THANK YOU 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

A DNS Primer - Everything you need to know about DNS

  • 2. About Me • Omkar Kumbhar • Currently working as Associate Solution Advisor for Deloitte • Worked as a Salesforce Developer for past 4+ years. • @kumbharomkar07 • https://www.linkedin.com/in/omkar-kumbhar-b1219499/
  • 3. What is DNS Domain Name System – Provides naming structure for online resources, maps domain names to respective addresses (IPv4, IPv6) and vice-versa. e.g. www.example.com  192.168.30.1 Created by Paul Mockapetris at UC Irvine in 1983. Before DNS, people used to map names to IP addresses by sharing big text file called ‘hosts.txt’ Generally uses UDP protocol and listens on port no. 53. Sometime use TCP if content is > 512 bytes. (e.g. zone transfer)
  • 4. “.” com edu net example dev api staging FQDN: www.api.example.com. Root Domain Top Level Domains Second Level Domains Sub-domains www hostname DNS Hierarchy
  • 5. DNS Query Types • Forward • Asks for IP address for given domain name • Reverse • Asks for domain name for given IP address • Recursive • Client asks server to do all the resolution work on client’s behalf and interested only in the answer. • Iterative • Opposite of recursive queries • DNS server tells client where to look next.
  • 6. DNS Response Types • Authoritative • The response comes directly from nameserver which has authority for the record in question. • e.g. example.com’s DNS server is directly providing you answer. • Non-authoritative • The responses comes from another server or from cache. • e.g. If local DNS server is giving answer for example.com domain
  • 10. DNS Cache vs. DNS Server vs. DNS Resolver • DNS Cache – The list of domain names and IPs that has been resolved recently. • DNS Server – Serves DNS requests to clients. It can be cache which just performs recursive queries or it can hold authoritative answers for particular domain/zone. • DNS Resolver – DNS Clients. They make iterative or recursive queries.
  • 11. DNS Server Configurations • Cache-only DNS Server • Doesn’t hold any authoritative information of its own, it relies on information obtained by recursion. • Authoritative DNS Server (Master-slave) • Holds authoritative information for certain resources • Primary Server • Master server which holds all the data related to particular zone. • Secondary Server • Pulls zone information from master server for backup and redundancy.
  • 13. 1. Enters www.example.com in browser 2. Checks cache 3. Checks hosts.txt 5. Checks cache Root Name Server .com Name Server example.com Name Server 6. Iterative query to root name server 7. Name server for .com 8. Iterative query to .com server 9. Name server for example.com Local DNS server 11. Ip address for www.example.com 10. Iterative query to example.com server 4. recursive query to local DNS server 12. Requested IP Address Client ( Laptop/Desktop) example.com drive www A.B.C.D mail Get root name server info from named.ca file
  • 14. Resource Records Unit of information entry in DNS zone files. Owner TTL Class Type RDATA example.com 600 IN A 192.168.30.1 • [Owner] – Domain name • [Time to live]: How long is a zone record valid • [Class] – represents protocol family • Type – Type of resource the RR is representing • RDATA – Resource data.
  • 15. DNS Record Types • A – IPv4 address • AAAA – IPv6 address • CNAME – Canonical name, alias of one name to another • MX – Mail transfer agents for the domain • NS – Authoritative name servers • PTR – Pointer record. Used for reverse lookup • SOA – Source of Authority. Authoritative information about a DNS zone. • AXFR – Authoritative zone transfer
  • 16. What is Zone Transfer? • The process of retrieving zone data from another authoritative server (master server) • Initiated by secondary/slave server for backup and redundancy purpose. • Take place over TCP because the data is usually greater than 512 bytes • Client sends query of AXFR • Security risk involved if anyone can transfer zone from DNS server. • Zone transfer should only be allowed by approved systems.
  • 17. Demo
  • 18. DNS Security • DNS Spoofing/DNS Cache poisoning – Attacker redirects victim to malicious website by inserting false information into a DNS cache. • Typically there is no way to verify the DNS data in their cache. Information remains until the TTL expires or removed manually. • More secure DNS protocol DNSSEC aims to solve these problems but it has not been widely adopted yet.
  • 19. What is DNSSEC? • Short for DNS Security Extensions • DNSSEC attempts to add layer of security to original design of DNS. • It protects DNS clients from populating false/forged information in their cache. • All answers in DNSSEC are digitally signed using public-key cryptography.
  • 20. DNSSEC Terminologies • RRSet (Resource Record Set) – Group of records with same type. e.g Multiple A records can be grouped into single A record set. • Zone-Signing Keys (ZSK) – Used to sign/verify each RRSet in the zone. • RRSig (Resource Record Signature) – Record containing an RRSet’s digital signature. • Key-Signing Keys (KSK) – Used to sign/verify zone’s keys. • Fingerprint – Hash/digest of public keys. • DS (Delegation of Signing) – A record containing the hash of child zone’s pubKSK (public KSK)
  • 22. Root Name Server Local DNS server Client Recursive query to local caching DNS server Root zone’s DNSKEY record • Root pubZSK • Root pubKSK RRSig of DNSKEY (signed with root PvtKSK) DS Record for .com zone (hash of .com zone’s pubKSK) RRSig of DS Record (signed with root PvtZSK) Referral to .com name server Root pubKSK Verify zone
  • 23. Root Name Server Local DNS server Client Recursive query to local caching DNS server .com zone’s DNSKEY RRSet • .com pubZSK • .com pubKSK RRSig of DNSKEY (signed with .com PvtKSK) DS Record for “example” zone (hash of example zone’s pubKSK) RRSig of DS Record for “example” zone (signed with .com PvtZSK) Referral to example.com name server Verify zone .com Name Server DS record for .com zone Hash of .com zone’s pubKSK
  • 24. Root Name Server Local DNS server Client Recursive query to local caching DNS server example.com zone’s “A” RRSet 192.X.X.X RRSig of “A” RRSet (signed with “example” PvtZSK) “example” zone’s DNSKEY RRSet • “example” pubZSK • “example” pubKSK RRSig of DNSKEY (signed with “example” PvtKSK) Verify zone .com Name Server DS record for “example” zone Hash of example zone’s pubKSK example.com Name Server Sends Requested IP Address to local resolver
  • 25. Root Name Server Local DNS server Client Recursive query to local caching DNS server .com Name Server example.com Name Server www. example.com Web Server
  • 26. References • https://danielmiessler.com/study/dns/#what • http://www.tcpipguide.com/free/t_DNSNameResolutionProcess- 2.htm • https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ • https://www.cloudflare.com/dns/dnssec/how-dnssec-works/ • https://en.wikipedia.org/wiki/Domain_Name_System • https://en.wikipedia.org/wiki/List_of_DNS_record_types • https://www.youtube.com/watch?v=_8M_vuFcdZU&t=580s