Domain Name System (DNS)

Resources

• CloudFlare cheatsheet
• CloudFlare DNS documentation
• DNS Records Overwiew

DNS and NS Resolution – Detailed Explanation

An NS (Name Server) is a DNS server authoritative for a domain.
It holds DNS records (A, MX, TXT...) and answers queries for domains/zones it manages.

When you buy a domain from a registrar (like OVH), it usually uses their default NS servers. If you change the NS records to point to your own DNS servers, you take full control of the domain's DNS — your servers handle all DNS queries and records.

Changing NS records to your own servers means you manage the domain's DNS yourself.

Common Authoritative DNS Servers

• Bind9 — Classic and widely used DNS server.
• PowerDNS — Modular DNS server for dynamic environments.
• NSD — Simple, high-performance authoritative-only DNS server.

DNS Attacks

• DNSChef — Man-in-the-middle DNS proxy for spoofing responses.
• dnsspoof — Tool to forge DNS responses on local networks.
• Responder — Captures and relays DNS and SMB requests for network attacks.
• dnsenum — Automated DNS enumeration tool.

Step-by-step DNS Resolution Process

[Your Computer / DNS Resolver]
        |
        |--(1)--> Root Server: who handles .com?
        |<-- NS = a.gtld-servers.net, b.gtld-servers.net
        |
        |--(2)--> a.gtld-servers.net: who handles example.com?
        |<-- NS = ns1.example.com, ns2.example.com
        |
        |--(3)--> Resolve A for ns1.example.com
        |<-- A = 198.51.100.53
        |
        |--(4)--> 198.51.100.53: what is A for www.example.com?
        |<-- A = 203.0.113.80

HTTP Request Example :

Once IP is known (e.g., 203.0.113.80):

GET / HTTP/1.1
Host: www.example.com

The Host header tells the web server (e.g. Nginx) which virtual host to serve.

MISC

Common DNS Record Types

- A
  Maps a domain to an IPv4 address.

- AAAA
  Maps a domain to an IPv6 address.

- MX
  Specifies mail servers responsible for accepting email for the domain.

- CNAME
  Alias pointing one domain name to another (canonical name).
  Example: www.example.com -> example.com

- TXT
  Stores arbitrary text data, often used for SPF, DKIM, DMARC, or domain verification.
  Example: example.com -> "v=spf1 include:_spf.google.com ~all"

- SRV
  Defines the location (hostname and port) of servers for specific services.
  Example: "_sip._tcp.example.com -> sipserver.example.com:5060"

- PTR
  Pointer record for reverse DNS lookups (IP address to domain name).
  Example: "93.184.216.34 -> example.com"

- NS
  Lists authoritative name servers for the domain or zone.
  Example: example.com -> "ns1.example.com, ns2.example.com"

- SOA
  Contains administrative info about the zone, including primary server and serial number.
  Example: "example.com SOA ns1.example.com serial=2024052001"

- CAA
  Specifies which certificate authorities are allowed to issue SSL/TLS certificates for the domain.
  Example: example.com -> "issue" letsencrypt.org

TTL (Time To Live)

TTL is the time (in seconds) a DNS record is cached by resolvers or clients before it expires. When TTL runs out, the resolver asks the authoritative server again to get updated info.

This reduces DNS traffic by avoiding repeated queries but also means changes to DNS records take time to propagate.

Resolver caches record -> TTL counts down -> TTL expires -> Resolver queries authoritative NS again

DNS Response Codes

DNS servers use response codes to indicate the result of a query. Common codes include:

• NOERROR: The query was successful and data is returned.

• NXDOMAIN: The domain name queried does not exist.

• SERVFAIL: The DNS server failed to process the query due to an internal error.

• REFUSED: The DNS server refused to answer the query.

• FORMERR: The query was malformed or invalid.