Skip to content

DNS (DOMAIN NAME SYSTEM)

What’s the DNS (Domain Name System)?

To facil­i­tate the web­site search on the Inter­net, the domain name sys­tem (DNS) has been invent­ed. The DNS allows to asso­ciate an under­stand­able name to an IP address. Then, we asso­ciate a log­i­cal address, the domain name to a phys­i­cal address, the IP address.

The domain name and the IP address implied are unique. The DNS allows your mes­sage to reach its recip­i­ent and not some­one else hold­ing a sim­i­lar domain name. It also allows you to type « www.nameshield.com » with­out hav­ing to enter a long IP address and access to the appro­pri­ate web­site.

For these oper­a­tions, there are prin­ci­pal­ly two servers types used:

  • Serv­er doing author­i­ty: DNS serv­er which knows the domain con­tent. (AFNIC servers which know what are in .Fr and can respond);
  • Resolver or recur­sive serv­er: DNS serv­er which doesn’t know any­thing but asks ques­tions to author­i­ty servers and mem­o­rizes the answers. (At the Inter­net ser­vice provider or on the local net­work).

DNS resolution

When a web user types an address on his brows­er, it’s then a DNS serv­er which trans­lates this human­ly under­stand­able address into an IP address, under­stand­able by com­put­ers and net­works. www.nameshield.com address is then trans­lat­ed into 81.92.80.11.

We call this the «DNS res­o­lu­tion».

This time amount is low­er when the serv­er is effi­cient: CPU (proces­sor), disk access, and RAM (mem­o­ry) must be cor­rect­ly dimen­sioned.

The DNS log­i­cal archi­tec­ture is mod­elled after the domain names’ hier­ar­chi­cal struc­ture.

The DNS of a giv­en hier­ar­chi­cal lev­el « del­e­gates » to a lev­el below, the deal­ing of the fol­low­ing sub­do­main, up to the last lev­el which knows the IP address cor­re­spond­ing to the request­ed domain name.

The availability of web services depends on the DNS’ availability

The strate­gic domain names of a com­pa­ny and the asso­ci­at­ed Inter­net ser­vices depend on the DNS and require a high avail­abil­i­ty and a high lev­el secu­ri­ty. A ser­vices dis­rup­tion would have heavy con­se­quences, the dam­age can be par­tic­u­lar­ly high for the vic­tims com­pa­nies:

  • High degra­da­tion of the company’s image;
  • Loss of users‘ trust;
  • Rev­enue loss;
  • Con­fi­den­tial or strate­gic data loss.

Yet, the DNS is often the less secure infra­struc­ture of a com­pa­ny and is exposed to many poten­tial attacks.

The DNS, a well-known attack vector

DDoS, DNS cache poi­son­ing, spoof­ing, Man in the Mid­dle, the attacks tar­get­ing the DNS are diver­si­fied and more and more sophis­ti­cat­ed.

In front of the rise of these cyber­at­tacks, the secu­ri­ty of its infra­struc­ture became a pri­or­i­ty.

Nameshield’s DNS Pre­mi­um solu­tion pro­tects com­pa­nies from attacks tar­get­ing the DNS, in order to pre­vent any ser­vice dis­rup­tion and ensures not only the best per­for­mances, the most advanced func­tion­al­i­ties but also opti­mal secu­ri­ty para­me­ters.

You can find on the blog the arti­cles: DNS – the big for­got­ten of Inter­net and The 3 most com­mon DNS attacks and how to defeat them.

Source: Nameshield’s White paper – Under­stand­ing domain names