Domain Name System (DNS)

The Domain Name System (DNS) is part of the backbone of protocols used to power the public internet. Specifically, the DNS protocol is used to translate a friendly domain name such as “example.com” to its hosted IP address. Without DNS, users would be forced to remember and type IP addresses into their browsers. Remembering IP addresses would be much more difficult, so DNS lets website owners use a friendly domain name and link it to the site’s IP address, similar to a phone book. The recorded link between a site’s friendly name and its IP address is stored on a name server running the DNS protocol.

After a website owner registers a domain, the next step is to find a host for the content. Registrars sell domain names to website owners, but they don’t host the content. Even during initial registration, a domain name is assigned an IP address, and any requests for the domain name are sent to a temporary page hosted by the registrar. Once website owners find a host server for the domain, the new web server’s IP address must be associated with the domain name. A website owner tells the host to register the web server’s IP address to their domain name.  The new host adds an entry to their name server linking the IP address to the domain name.

It takes anywhere between a few hours to a couple of days for the new link between an IP address and a domain to propagate to the entire internet. After the domain’s IP address propagates to name servers across the internet, users can access the domain name from their browsers. When a request is made for the domain from a user browser, the first step in opening the website’s home page is to query the user’s Internet Service Provider (ISP) name server for the IP address matching the domain name.

Web browsers requesting IP addresses for a domain is the most common use for DNS, but DNS is used in any kind of software that requests information from a fully qualified domain name (FQDN). For example, if you have software that pulls data from a domain on the internet, the first step is to use DNS to find the IP address for the API or web address where the data is located.

DNS queries are sent to servers hosting a table of domain names and IP addresses. Servers have a hierarchy to protect from malicious name servers. The authoritative name server is at the top of the hierarchy and hosts all domain names and IP addresses. Root servers and recursive servers get their information from authoritative name servers. User requests usually go to recursive servers first where a table of domain names and IP addresses are cached. If a recursive server does not have the IP address for a domain name, the request is sent to another server. Recursive servers continually query authoritative servers to update their DNS tables.

Malware designed to poison DNS queries can be used in phishing attacks, so organizations must have the right protections in place to stop DNS poisoning. Email is the common attack vector, so email filtering and antivirus protections can help organizations avoid DNS poisoning.

Learn More

Related Terms

• Denial of Service
• Man-in-the-Middle (MitM)
• Spoofing

Further Reading

• What is DNS & How Does TitanHQ DNS Filtering Work?
• DNS Filtering: The How-To Guide
• Top 5 Ways Attackers Use DNS to Target Your Users

How Can TitanHQ Help?

TitanHQ offers a range of solutions to protect against DNS-related attacks, such as Anti-Spam Solution for email security, DNS and Web filtering, and Email Archiving. TitanHQ’s solutions are backed by real-time threat intelligence that continuously updates DNS filtering rules to adapt to new and emerging threats.