Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A ‘DNS server’, also known as ‘name server’ or ‘domain name system server’ is a computer server that stores a database of hostnames and their corresponding IP addresses and in most situations resolves or translates those names to the requested IP addresses.
DNS servers use specialized software and exchange information with one another using special protocols.
In the following, I will explain some of their basic principles, the way they work, what types of DNS servers are out there, their safety, and why a DNS server plays such an important role in the process of using the internet as we know it.
Key takeaways:
- The purpose of a DNS server
- The process of a DNS resolution
- DNS server types
- Types of cyber attacks that DNS servers are vulnerable to
Why do we need a DNS server?
Simply put – it makes our lives easier. The DNS server acts as an intermediary between humans and computers.
All machines connected to the internet, from our computers and smartphones to the servers that deliver content for large websites, use numbers to locate and communicate with one another.
These numbers are referred to as IP addresses. The DNS server helps translate these numerical addresses into the human-readable domain names that we enter when we browse the internet.
Let’s give an example. If you want to access heimdalsecurity.com, you would normally just type this URL into the address bar. Now, what if instead of the URL you will have to type 52.157.161.254 (the actual IP address of the website).
Not so easy to remember, right? Without a DNS server, we would have to memorize all the IPs of the websites we want to reach.
How does it work? Types of DNS servers
DNS query
When you type a website’s address into the address bar of your browser for the first time, a DNS server starts looking for the site you want to visit. It does this by sending a DNS query to several servers.
What happens when you send a DNS query?
Each server translates a different part of the domain name you entered. This process of translating and looking up names is also known as ‘DNS resolution’.
These are the servers that are being queried in the process:
A DNS Resolver
Gets the request to find the IP address for a domain name. This server does the hard work of figuring out where on the internet the site you want to go to is actually located.
A Root Server
The root server gets the first request and delivers a response that informs the resolver of the address of the Top Level Domain (TLD) server that holds the site’s information. A top-level domain is the .com or .net section of the domain name that you typed into the address box.
It’s important to mention that 13 primary DNS root servers in the world maintain a directory of all domains and their corresponding public IP addresses.
These top DNS servers are identified by the first 13 letters of the alphabet (A through M). The United States is home to ten of these servers, while London, Stockholm, and Japan each host one.
The root servers are managed by companies, universities, and government agencies. They are appointed by ICANN, which stands for Internet Corporation for Assigned Names and Numbers. You can check out the full list of root servers all over the world here.
A TLD Server
The resolver queries the TLD server, which returns the Authoritative Name Server.
An Authoritative Name Server
Lastly, the resolver will send a query to this server in order to determine the precise IP address of the website you are attempting to display.
Learn more about the process of solving a DNS query in this article: What Is DNS? An Introduction to the Internet’s Phonebook and How It Works.
Although it sounds like a lot of work, this whole process happens within a few seconds, without us even perceiving it.
It can even happen within milliseconds the second time you visit the same website because the web browser will retrieve the information already stored in its cache (assuming you did not delete your browser cache).
DNS Cache Locations
Servers can store the IP addresses obtained from DNS queries in a cache for a certain amount of time. DNS caching is good for efficiency because it lets servers respond quickly the next time someone asks for the same IP address.
There are a number of places where DNS data can be cached. The following are some common ones:
- Browser. Browsers such as Apple Safari, Google Chrome, and Mozilla Firefox store DNS data for a set time. When a DNS request is made, the browser is the first cache that is checked before the request is sent to a local DNS resolver server.
- Operating system (OS). Many operating systems have built-in DNS resolvers called ‘stub resolvers’ that cache DNS data and handle queries before sending them to an external server. Most of the time, the OS is queried after the browser or another application is queried.
- Recursive resolver. The recursive DNS resolver can also cache the result of a DNS query. Some of the records required to produce a response may be available to resolvers, allowing them to skip some steps in the DNS resolution process.
If you want to learn more about DNS records, check out this article written by my colleague Livia: What Are DNS Records? Types and Role in DNS Attacks Mitigation.
DNS Servers: Primary and Secondary
When you subscribe to your internet service provider (ISP), they typically set up your router or computer with a primary and secondary DNS server. If one DNS server malfunctions, the system will use the other to resolve any hostnames you input.
Default vs Alternative DNS Servers
However, in some situations, if you experience DNS server errors, you might want to consider changing the DNS servers provided by your ISP to ones from a more reliable company, like one that won’t keep track of the websites you visit, for instance.
You can also use DNS servers that are free and open to the public, provided by Google, Quad9, or OpenDNS, to name a few.
You can check out the complete list of the most trustworthy public DNS servers as well as a guide on how to configure or change your primary and secondary servers here.
The largest public DNS server in the world
Did you know? Google is the biggest public DNS server in the world right now and it has been around since 2009.
To use this DNS server, you will need to change your IP addresses to 8.8.8.8 and 8.8.4.4.
Google hosts its public DNS servers in data centers worldwide, ensuring that when you access a website using one of the two mentioned IP addresses, the system automatically directs you to the nearest server for faster response times.
Are DNS servers vulnerable to attacks?
The short answer is: YES. According to a study by IDC published in June 2022, 88% of organizations experienced at least one DNS attack last year. Each one of these attacks had an average financial impact of $942,000. Additionally, 70% of these incidents led to application downtime.
The DNS was not made with security in mind, but many standards were published to ensure website safety. While DNS Security Extensions and other best practices are helpful, they have their limitations.
Due to limitations and technological changes, DNS servers are vulnerable to various attacks including spoofing, amplification, DoS (Denial of Service), and private information extortion.
Because DNS is used in almost all Internet requests, it can be a tempting target for attackers.
The most common DNS attacks
The top 3 most common types of DNS attacks are:
- DoS attack. This cyberattack tries to temporarily or indefinitely interrupt the services of a network-connected host. Perpetrators typically accomplish this by flooding the target, which is typically a website, with redundant DNS requests, seeking to prevent legitimate searches from passing through.
- DDoS attack. In a DDoS attack, the source of the excess traffic has multiple points of origin. DDoS attacks are more common than DoS attacks. This happens because bots and botnets are widely available on the dark web, and volumetric attacks get a higher success rate than DoS attacks.
- DNS Hijacking. In this cyberattack, a malicious server redirects traffic away from its intended destination. Thus, hackers can trick visitors into visiting a malicious website. This technique goes by a few different names such as DNS poisoning, DNS redirection, and so on.
Cybercriminals use DNS in various ways, including DNS hijacking and denial of service attacks, to commit cybercrimes. Additionally, other types of attacks may employ DNS as a tool, or they might function as methods for hackers to manipulate or access DNS systems.
Examples include man-in-the-middle-attacks, zero-day attacks, and botnet attacks. These last three are also used to employ phishing campaigns or data exfiltration operations aimed at increasing cybercriminals’ profits.
More on DNS security in this video:
How Can Heimdal® Help?
Since the launch of our first product in 2014, we have placed DNS security at the top of our priority list. Our primary service, Heimdal® DNS Security – Endpoint, is an enhanced version of the original product that combines cutting-edge machine learning technology with a highly efficient DNS filtering module to let you predict threats with 96% accuracy.
Heimdal DNS Security – Endpoint skillfully detects threats that would otherwise go undetected by typical antivirus. It does so without causing interruptions and with minimum impact on your resources.
Heimdal® DNS Security Solution
Wrapping Up
The DNS server works its magic daily, every time you type a website URL into the address bar. In the process of locating your desired website, 4 types of servers work to exchange information and delivering it to you in a matter of seconds.
Even if equipped with speed as a superpower, they are not immune to cyberattacks. We aim to enhance DNS security with innovative, efficient, and reliable solutions. Book a demo to discover our approach to DNS protection.
If you want to delve deeper into domain name system security, check out our free eBook – DNS Security of Dummies, and learn more about securing your DNS infrastructure or the one of your organization.
DNS Security for Dummies
An eBook that gives a comprehensive role-based security approach and addresses the numerous dangers to the Domain Name Systems (DNS) as cyberattacks increase globally.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
FAQs
What is DNS server and why is it used?
A DNS (Domain Name System) server translates human-friendly domain names (like www.heimdalsecurity.com) into IP addresses that computers use to identify each other on the network. It’s essential for internet navigation, allowing users to access websites using easy-to-remember names instead of complex numerical IP addresses.
How do I find my DNS server?
To find your DNS server, use Command Prompt on Windows (ipconfig /all), Terminal on macOS (scutil --dns), or Linux (cat /etc/resolv.conf) to view network settings. For devices using router-assigned DNS, check the router’s admin page, typically found under DHCP or LAN settings, to see the DNS server details.
What happens if DNS is off?
If DNS is off, devices can’t translate domain names into IP addresses, blocking access to websites by name and disrupting internet usage. You’ll face connectivity errors despite an active network connection. Essential online services and applications requiring domain name resolutions will fail, significantly hindering your ability to navigate and use the internet.
What causes DNS problems?
DNS problems can stem from server issues, network connectivity disruptions, misconfigured DNS settings, firewall or security software blocking DNS traffic, corrupted DNS cache, outdated router firmware, and malicious DNS hijacking or spoofing attacks.
How do I clear my DNS cache?
To clear your DNS cache, use Command Prompt as Administrator on Windows (ipconfig /flushdns), Terminal on macOS (sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder for Catalina and newer), or Terminal on Linux (sudo systemd-resolve --flush-caches). This action may temporarily disrupt internet usage as the cache rebuilds. More in this article: How to Clear DNS Cache on Windows, macOS, Linux & Browsers.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
