DNS is as ubiquitous online as flooring is in your home – so what exactly is it, and why should you care?
Each device connected to the internet has an IP address. The domain name system, or DNS, is a protocol that translates a user-friendly domain name, such as www.paloaltonetworks.com, to an IP address – in this case, 199.167.52.137. DNS is ubiquitous across the internet. Without it, we’d have to memorize random strings of numbers, which our brains aren’t equipped to do very well.
Related Video
How Attackers Use DNS to Steal Your Data
How DNS Works
To explain this, let’s look at five steps in a DNS lookup.
All this happens in the background in mere milliseconds. Sites like google.com or paloaltonetworks.com may have multiple IP addresses, which can speed up DNS lookup times. There may be millions of people looking for the same information at the same time, even from different countries around the world, and these queries will likely go to different servers, distributed worldwide.
DNS information is also cached on your computer and on the servers used by your internet service provider. Once the IP address for paloaltonetworks.com is saved, your computer no longer needs to access a DNS resolver to resolve the name with its IP address.
Why You Need to Know About DNS
Take this example from Palo Alto Networks Unit 42®. On January 22, 2019, the U.S. Department of Homeland Security published an emergency directive requiring federal agencies to comply with a number of steps as a response to a series of recent DNS hijacking attacks from a foreign country. The purpose of these attacks was to redirect traffic meant for companies’ and agencies’ email servers toward malicious clones operated by the hackers.
How do you stop attackers from using DNS against you? Read this white paper to learn the steps you can take to stop DNS attacks.