Just as the heart pumps blood to all parts of the body, Domain Name System (DNS) ensures that packets reach their correct destination. Analogy may not be perfect, but the criticality of the Internet DNS is not less than that of the heart to the body.
DNS serves billions of queries each day and do the work of the Internet by connecting customers asking hosting servers. There are multiple DNS components that work in a coordinated hierarchically to keep the Internet and delayed.
Whenever customers need to access a resource they use DNS to resolve the IP domain name. This IP address is then used to route the packet to its final destination. DNS various components to exchange information using what are called records.
Customers running a service called resolver that interacts with the DNS server to resolve customer queries. For each domain name, it is an authoritative name server that is qualified to give authoritative answers to queries for this domain. Support servers in the hierarchy serve the response from them hide or reach the authoritative name server. Talking cache - each component in the domain name system also has a cache to avoid reaching to other name servers for the fair names. Cover not only improves the performance of the entire system, but also reduces the traffic floating around the network.
It is not difficult to imagine what will happen if the DNS rendered inoperable by attacks from malicious sources. As applications and networks, DNS is vulnerable to attack. The techniques that were used to attack the DNS servers are:
- Poisoning Cache: Cache name servers is contaminated by attackers to that wrong information will be used to demanding customers
- response Diversion name server response to the client is diverted to inject incorrect answers in packets reaching the customer
- DNS flood / DDOS: Category attack where legitimate customers are not able to get an answer nameservers
Here are some famous incidents of attacks on the DNS infrastructure:
- DNS Hijack attack on affected services Twitter for a few hours in Dec'09
- DDOS attack Amazon services DNS provider assigned to Oct'2010
- Hackers temporarily seize control of Google Morocco domain Name in May'09
- Chinese root server was closed in Mar'2010
in the next two blogs, we'll examine these in depth attacks and how NetScaler provides protection for DNS environments.
0 Komentar