What’s the DNS (Domain Name System)?
To facilitate the website search on the Internet, the domain name system (DNS) has been invented. The DNS allows to associate an understandable name to an IP address. Then, we associate a logical address, the domain name to a physical address, the IP address.
The domain name and the IP address implied are unique. The DNS allows your message to reach its recipient and not someone else holding a similar domain name. It also allows you to type « www.nameshield.com » without having to enter a long IP address and access to the appropriate website.
For these operations, there are principally two servers types used:
- Server doing authority: DNS server which knows the domain content. (AFNIC servers which know what are in .Fr and can respond);
- Resolver or recursive server: DNS server which doesn’t know anything but asks questions to authority servers and memorizes the answers. (At the Internet service provider or on the local network).
When a web user types an address on his browser, it’s then a DNS server which translates this humanly understandable address into an IP address, understandable by computers and networks. www.nameshield.com address is then translated into 126.96.36.199.
We call this the «DNS resolution».
This time amount is lower when the server is efficient: CPU (processor), disk access, and RAM (memory) must be correctly dimensioned.
The DNS logical architecture is modelled after the domain names’ hierarchical structure.
The DNS of a given hierarchical level « delegates » to a level below, the dealing of the following subdomain, up to the last level which knows the IP address corresponding to the requested domain name.
The availability of web services depends on the DNS’ availability
The strategic domain names of a company and the associated Internet services depend on the DNS and require a high availability and a high level security. A services disruption would have heavy consequences, the damage can be particularly high for the victims companies:
- High degradation of the company’s image;
- Loss of users‘ trust;
- Revenue loss;
- Confidential or strategic data loss.
Yet, the DNS is often the less secure infrastructure of a company and is exposed to many potential attacks.
The DNS, a well-known attack vector
DDoS, DNS cache poisoning, spoofing, Man in the Middle, the attacks targeting the DNS are diversified and more and more sophisticated.
In front of the rise of these cyberattacks, the security of its infrastructure became a priority.
Nameshield’s DNS Premium solution protects companies from attacks targeting the DNS, in order to prevent any service disruption and ensures not only the best performances, the most advanced functionalities but also optimal security parameters.
You can find on the blog the articles: DNS – the big forgotten of Internet and The 3 most common DNS attacks and how to defeat them.
Source: Nameshield’s White paper – Understanding domain names