DNS

The DNS or Domain Name System is the system used to convert the more user friendly URLs and domain names into the IP addresses that the Internet uses. ICANN, the Internet Corporation of Assigned Names and Numbers, is tasked with "coordinating the Domain Name System (DNS) to ensure that every address is unique and that all users of the Internet can find all valid addresses."

DNS Basics

 * There is a specific method or protocol that the DNS follows when converting domain names to IP addresses.
 * 1) The user types a URL or domain name into an Internet browser.
 * 2) This generates a request to local DNS servers asking for the correct IP.
 * 3) If the server does not have the IP address associated with the requested name "cached," or in its database, that server can request the information from an authoritative DNS server.
 * 4) The authoritative server sends the information back to the local server, which sends it on to the user, allowing him/her to access the requested site. The local server also has the IP address stored for a certain amount of time.

Relation to the Seal of Approval

 * This project is based partially on the security and operation of the DNS, which is an essential aspect of how the Internet functions. Actors in the DNS industry include: Internet users, service providers, registries, registrars, Internet governance bodies like ICANN, and national governments. Users register domain names with registrars. Each domain name is also assigned an identifying number or IP address. Registries are the operators for TLDs or Top Level Domains. Generally, both registries and registrars enter into agreements with ICANN and sometimes other certifying organizations. These agreements outline the operational and technical requirements specified by ICANN, including DNS-related requirements.


 * The behaviors discussed on this site are examples of common Internet behaviors, many of which can affect the DNS. One example is DNS Cache Poisoning or Pharming, a "bad behavior" that manipulates the way the DNS works in order to trick people into accessing malicious websites without their knowledge by getting a DNS server to direct people requesting one website to an IP address not associated with that site. Another example is Fast Flux Hosting, a "cautioned" behavior that involves manipulating DNS resource records.

Security
The use of DNSSEC or DNS Security Extensions may help guard the DNS from attacks and artificial manipulation, like those used in pharming. The goal of DNSSEC is to limit an "attacker's ability to redirect users using the DNS." In order to do this, DNSSEC employs a digital signing system so that each DNS record or entry in the root zone can be verified as genuine.

Additional Resources

 * View the How Stuff Works Diagram on the DNS
 * View Network World's Slides on How the DNS Functions
 * Read about DNSSEC

Related Articles

 * DoS Attacks
 * DDoS Attacks
 * Fast Flux
 * Pharming