Believe it or not, all domain names (nodes) in one file, the host file, were listed at the beginning of the Internet. Today the host file has only been deleted so that an IP address can be redirected to a certain domain name, which the operating system first checks before the DNS servers are queried. The host file is saved under \Windows\System32\Drivers\etc\hosts in Windows operating systems and under the /etc / hosts in unix-like operating systems.
When the Internet evolved and the World Wide Web era began, the domain names being used increased exponentially, making it impossible for the host folder to list all existing domain names and their corresponding IP addresses. DNS was designed to overcome the need for most nodes to assign domain names with their respective IP addresses as Internet-facing applications are only able to collect data from an IP address, not from the domain name itself.
Apps accessing the internet, such as web browsers, forward the target hostname to a database that resides in the business or the Internet provider. If the hostname remains in your cache, the resolver returns the corresponding IP address. If the cache doesn’t exist, the server is called an authoritative DNS server that has a correspondence table of domains and IP addresses throughout the world. Many resolvers have no cache and only search the authentic DNS server but many resolvers have caches to boost response and reduce unnecessary transmission of packets. A cache resolver is called a “cache DNS database.”
DNS (Domain Name Service) has its fair share of bugs, as with any component of a working system. We still use it, however, since it is an efficient way to reach the rest of the internet without keeping a large host file. Maintenance of DNS servers is a cost for Internet service providers (ISPs), which is the reason they usually take care of the last aspect of their service.
Three attacks against a weak DNS system are the most common:
So long as the cache server doesn’t request the authoritative DNS server, the long cache time-to-live (TTL) array is an active countermeasure. Security researcher Dan Kaminski, however, announced a new technique for cache poisoning in 2008. This is an attack method where the cache server is forced to search for the authoritative DNS server using hostname on the cache server, such as w-se.com. Even when the cache TTL is decreased, queries are created aggressively, which increases the likelihood of successful impersonation by repeated attacks. This attack method is called the presenter name “Kaminski attack.”
Attack of DNS cache poisoning
The method of security attacks using the DNS system is referred to as DNS cache poisoning. Malicious attackers may send fake DNS information to attackers to the server of their attackers or cause the cache server to stop working. First, an attacker queries the IP of a host which impersonates a cache server. If the cache server does not have the hostname, the authoritative DNS server will be queried. Before the reply returns, the attacker sends the false DNS data which appears to be the reply to the same cache server from the authoritative DNS server. If it is successful, it will have access to the server of the attacker or it will not be able to find the host.
Attack Zone Transfer Request
Apart from DNS cache poisoning and DoS attacks and DDoS attacks derived from them, security attacks also exploit the zone transfer mechanism. Although several DNS servers can be installed for Load Balancing in the same zone (one of the divided domains or the same one if not divided), DNS information can then be configured for the zone. It must be coordinated. For this purpose, the zone transfer request is issued. If a transfer request from the outside can be sent, the answer may be viewed and the internal configuration understood and invalid DNS information can subsequently be submitted.
Security professionals recommend that users change their DNS servers to a known reliable DNS provider, from the default ISP. It fixes the DNS issue as the ISP provider is the least managed of all DNS servers available compared to a full-time DNS provider. They would suggest a range of: Quad 9, Cisco OpenDNS, Cloudflare DNS, and Google DNS.