AI-SPM is generally available to all Prisma® Cloud users as we continue the rollout of Secure AI by Design product portfolio.     Let's go!
Search
Network Security

What Is DNS?

DNS is as ubiquitous online as flooring is in your home – so what exactly is it, and why should you care?

3 min. read
Listen

Each device connected to the internet has an IP address. The domain name system, or DNS, is a protocol that translates a user-friendly domain name, such as www.paloaltonetworks.com, to an IP address – in this case, 199.167.52.137. DNS is ubiquitous across the internet. Without it, we’d have to memorize random strings of numbers, which our brains aren’t equipped to do very well.

Related Video

How Attackers Use DNS to Steal Your Data

 

How DNS Works

To explain this, let’s look at five steps in a DNS lookup.

  1. You, the user, initiate a query by typing www.paloaltonetworks.com into your browser. The query is sent to a DNS resolver, a computer usually provided by an IP provider. It is the DNS resolver’s job is to track down the IP address.
  2. The resolver queries one of the root servers. Root servers are distributed around the world and hold the locations of all top-level domains – TLDs – such as .com, .edu, and .net. The root server sends a response back to the resolver.
  3. The resolver can now notify the TLD server. The TLD server doesn’t hold the IP address you’re looking for, but it knows the locations of the name servers for Palo Alto Networks.
  4. The DNS resolver queries one of the name servers. This time, the server knows the IP address and responds with an address record.
  5. In the last step, the DNS resolver sends the IP address – 199.167.52.137 – back to your computer, and the website loads in your browser.

All this happens in the background in mere milliseconds. Sites like google.com or paloaltonetworks.com may have multiple IP addresses, which can speed up DNS lookup times. There may be millions of people looking for the same information at the same time, even from different countries around the world, and these queries will likely go to different servers, distributed worldwide.

DNS information is also cached on your computer and on the servers used by your internet service provider. Once the IP address for paloaltonetworks.com is saved, your computer no longer needs to access a DNS resolver to resolve the name with its IP address.

Why You Need to Know About DNS

  1. DNS is the backbone of the internet. It helps us reach the correct sites.
  2. DNS mechanisms are used to identify who is allowed to send email on behalf of a domain so email from impostors doesn’t reach you.
  3. DNS resolvers are attacked regularly.

Take this example from Palo Alto Networks Unit 42®. On January 22, 2019, the U.S. Department of Homeland Security published an emergency directive requiring federal agencies to comply with a number of steps as a response to a series of recent DNS hijacking attacks from a foreign country. The purpose of these attacks was to redirect traffic meant for companies’ and agencies’ email servers toward malicious clones operated by the hackers.

How do you stop attackers from using DNS against you? Read this white paper to learn the steps you can take to stop DNS attacks.

Related content

  • What is Dynamic DNS?

    Dynamic domain name system (DDNS), or Dynamic DNS, is a service that provides a mapping between a hostname and your IP address.

  • What is DNS tunneling?

    DNS tunneling is a method of cyber attack that exploits the DNS protocol to tunnel malware and other data through a client-server model.

  • See the top DNS-Based attacks you should know about

    Learn how Palo Alto Networks DNS Security service protects your organization from the latest and most sophisticated DNS-layer threats.

  • See Palo Alto Networks DNS Security

    DNS Security uses inline deep learning to provide 40% more DNS-layer threat coverage and disrupt 85% of malware that abuses DNS for malicious activity.

Get the latest news, invites to events, and threat alerts