tryhackme: DNS in Detail: Making A Request?

-

 What happens when you make a DNS request?

------------------------------------------


1. When you request a domain name, your computer first checks its local cache to see if you've previously looked up the address recently, if not, a request to your Recursive DNS Server will be made. 


2. A Recursive DNS Server is usually provided by your ISP, but you can also choose your own. 


This server also has a local chache of recently looked up domain names. 


If a result is found locally, this is sent back to your computer, and your request ends here. Most of the locally founds results are common , popular or heavily requested domains. 


If the request cannot be found locally, it will forward the request to the internet's root DNS servers.


3. The root servers act as the DNS backbone of the internet, their job is to redirect you to the correct Top Level Domain Server. 


Depending on your request.

for example: if you request www.website.com


The root server will recognise the TLD of ".com" and refer us to the correct TLD server that deals with .com addresses.


4. The TLD server holds records for where to find the authoritative server to answer the DNS request. 


The authoritative server is often also known as the 'nameserver' for the domain.


for example: the name server for www.website.com is kid.ns.cloudfare.com and uma.ns.cloudfare.com. 


Multiple nameservers can be found for a domain name to act as backup in case one goes down.


5. An authoritative/nameserver, DNS server, is the server that is responsible for storing the DNS records for a particular domain name and where any updates to your domain name DNS records would be made. 


Depending on the record type, the DNS is then sent back to the Recursive DNS server, where a local copy will be cached for future requests and then relayed back to the original client that made the request. 


DNS records all come with a TTL(Time To Live) value. This value is a number represented in seconds that the response should be saved for locally until you have to look it up again.


Caching saves on having to make a DNS request every time you communicate with a server.

---------------------------------------------------------------------------------------------------------------------Thanks for reading,

Roger

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: IP R

-
IP R Command Overview The `ip r` command is part of the `iproute2` package in Linux systems. It is used for displaying and manipulating the routing table, which determines how network packets are directed to their destinations. This command is vital for network configuration, management, and troubleshooting. Origin and Development The `iproute2` package was created to replace the older `net-tools` package, which included commands like `ifconfig` and `route`. The `ip` command provides a more unified interface for network management, supporting advanced features and modern networking protocols. It offers better capabilities for managing complex networking scenarios, making it a crucial tool for system and network administrators. Basic Functionality The `ip r` command serves several functions: - Displays current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Di...
Read more

Junior Security Analyst Intro

-
Why SOC Analyst L1 is Considered a Triage Specialist. A Level 1 Security Operations Center (SOC) Analyst is often regarded as a triage specialist because they are the first responders to cybersecurity alerts. Much like how a triage nurse assesses patients' conditions in a hospital, a Level 1 SOC Analyst evaluates and categorizes alerts generated by security tools to determine their severity and prioritize response efforts. Their primary focus is to: Filter Noise: Modern networks generate massive amounts of data, with many false positives. SOC L1 analysts must sift through this data to identify real threats. Categorize Alerts: Assign severity levels to incidents, such as low, medium, or high priority. Initial Response: Perform basic investigations (e.g., checking IP addresses, scanning logs) and decide whether to escalate incidents to Level 2 or 3 analysts. This role is vital because it ensures that high-priority threats are addressed quickly and resources are allocated ...
Read more

Example of A Day in the Life of a Junior (Associate) Security Analyst

-
The day begins early for the Junior Security Analyst, stepping into the office or logging into their remote workstation. The quiet hum of servers and the glow of multiple screens set the stage for another day at the heart of the cybersecurity battlefield. Their first task is to review the handover notes from the previous shift or the daily briefing. This update includes summaries of unresolved incidents, ongoing investigations, and any notable changes in the organization’s threat landscape. Equipped with this crucial information, the analyst prepares to navigate a world where even the smallest anomaly could signify a major threat. Logging into the array of tools—a Security Information and Event Management (SIEM) platform, endpoint detection systems, firewalls, and intrusion detection/prevention systems (IDS/IPS)—the analyst is immediately immersed in the flow of alerts. Every beep, flash, and log entry represents a potential threat. The first challenge is triage. Like a digital detecti...
Read more