Domain Name System( DNS)- Recursive DNS

 What is DNS?

When someone type in a domain name (Ex. google.com), it triggers a DNS lookup. During that process, the domain name will match a corresponding IP address that will be returned back to the client.

There are 2 types of DNS lookups; iterative and recursive. 

A recursive DNS lookup implies that one DNS server interacts with other DNS servers and returns a matching IP address to the client. On a side note, a DNS server is when a user types a domain name. This enable a DNS lookup where several remote computers return a corresponding IP address to the user's computer and allow them to access the correct website. A DNS query on the other hand implies that the client can communicate directly to each DNS server involved in the lookup.

In a DNS lookup, there are several DNS servers involved; DNS resolver, DNS root server, DNS TLD (Top-Level Domain) server, and DNS authoritative nameserver. In iterative DNS lookup, DNS resolver asks each DNS one by one until it finds the final IP address of the corresponding website that the lcient is looking for.

What is the similarities and differences between recursive and iterative DNS lookup? 

First of all, both are methods used to solve a problem computationally. Furthermore, they implement DNS caching and multiple DNS servers such as root servers, TLD servers and authoritative servers. If both have the same goal, then it is obvious that they will have the same outcome; IP address returned to the client so that they can access the matching website. 

They differ in the way they operate. In recursive solution, a program keeps running until the criteria are met while, in iterative solution, the program repeats a series of steps until the required outcome is met. Although both use caching, the way they use caching differs. In recursive DNS lookup, caching is done primarily at the DNS resolver while in iterative DNS lookup, caching happens at the client-side resolver. DNS server continues querying other DNS servers until one of them returns the IP address to the client. In iterative DNS lookup, each DNS query communicates directly to the clients and keeps querying DNS until one of them responds with the matching IP address of the website.

What are the advantages and disadvantages of recursive DNS?

Recursive DNS tends to be faster than iterative queries due to the way they use caching. It caches final answer of a query and quickly returns it to the client for any queries similar without communicating with the other DNS server. This is very useful when either the DNS server has a lot of clients or the requested website is popular.

It can disrupt the security and create vulnerability if the recursive queries are left open on DNS server as it can allow attackers  to perform DNS amplification attacks and DNS caching poisoning. In DNS amplification attack, the culprit uses botnet ( a group of machines) to send an outburst of queries using spoofed IP address.

Spoofed IP address (bogus return address) where the attacker sends request of their own IP and ensures that the victim receives a flood of lenghty and unwanted DNS response. (DDOS attack). In DNS cache poisoning attacks, when a recursive DNS server requests an IP address from another DNS server, the attacker interrupts  and sends a fake response, usually IP address of harmful websites. DNS caching may also store this as the final answer and any user requesting the IP of the same domain name will get the same IP. This can affect users on a larger scale, probably thousands, if the domain name is popular.

In iterative DNS query, the client asks each DNS server for the answer. Even if an attacker is able to send a forged response to the query. Only one client will be affected which is not worth the attacker's time.

What is a recursive DNS?

Comments

Post a Comment

Popular posts from this blog

SSH (Secure Shell) and Virtual Private Network(VPN)

 As stated in my previous blog, SSH and VPN works almost similarly. They both provide the user with secure access to transfer data over an unsecured network. However, they serve different purposes. SSH is a protocol primarily designed for secure access to individual servers or devices. Users can execute commands, transfer files, and  forward specific ports, while encrypting the data. It is focused towards ensuring the completion of tasks, making it ideal for system admin and developers who need direct interaction over a remote server. VPN, on the other hand, is a wider solution that ensure the security of all internet traffic between devices and a remote server. It creates an encrypted tunnel to protect online activity and masks the IP address. It is used to provide remote access to an organization's private network, or perhaps enhance privacy on a public network like in Cafe, malls, etc... Both of them also possess drawbacks. SSH has limited network access and it requires exp...
Read more

Creating a new user and setting up their keys in SSH.

 SSH, shortly abbreviated for Secure Shell,  is a network protocol that provides secure access to a computer and manages devices over an unsecured network. It widely used by system admins, developers, and network engineers. SSH uses the port 22 and on a side note, HTTPS uses port 443 and port 80 is the default port for web servers. Some key features of SSH are: 1. It encrypts all data between the client and the server, making it reliable for crucial data. 2. It prompts the user with password authentication as well as key authentication ( public and private keys) which adds another layer of security. 3.  With port forwarding, SSH can forward network traffic, securing data. 4. With SCP (Secure Copy) and SFTP (SSH File Transfer Protocol) allow secure file transaction. 5. Users can interact on a remote session using commands via SSH session. Steps to set up the key for a new user: 1.  "useradd username" "useradd" command will allow the individual to add a new username t...
Read more