NF Post 2 : Domain Name System
What is DNS?
Simply said, DNS is like the phonebook of the internet. It stores both domain names and IP addresses. DNS is the one that translate domain names (such as google.com, etc) to IP addresses, so the browser can load the resources online.
So why’s DNS useful? It is because, with DNS, internet users don’t have to memorize complex IP addresses. The user just have to know the domain name, and DNS will translate it to the IP address.
DNS Query
DNS query is a request sent from a DNS client to a DNS server, requesting the IP address related with a Fully Qualified Domain Name (FQDN).
There are 3 types of DNS queries:
- Recursive query
- Iterative query
- Non-recursive query
DNS Server
This is an important part of DNS. DNS server stores IP addresses and their host names. This information is used to resolve user’s query to access the requested website.
Other than mapping IP addresses to host names, DNS servers also do recursive hierarchical distributed database.
There are 3 types of DNS servers:
- DNS resolver
- DNS root server
- Authoritative DNS server
Forensics Value of DNS Server
- Configured to log queries
- Connection attemps from internal to external systems
- ex : websites, ssh servers, external mail servers
- Corresponding times
- Connection attemps from internal to external systems
- Create timeline of suspect activities
references :
https://www.cloudflare.com/learning/dns/what-is-dns/
https://www.itpro.co.uk/domain-name-system-dns/30232/what-is-a-dns-server