User:AnuragT/3 drawbacks of dns

Disadvantages of DNS(Hard to comment as this happens to be a one-of-its-kind technology at the moment!)

DNS is the way that internet domain names are located and translated into IP addresses. A domain name is a meaningful and user-friendly handle for an internet address. DNS is implemented on a distributed database to store this name and address information for all public hosts on the Internet because maintaining a central list of domain name/IP address correspondences would be impractical.

The DNS is hierarchical in structure. This structure itself introduces few potential threats based on how the query sent out by the host is processed. Incase of a new query being processed(which implies the DNS cache would not be used here as this is the first time the query is being processed) the query must hit the root-server, which if somehow happens to be compromised would result in wrong resolution of the query.

Also additional problems include DNS Cache poisioning/DNS spoofing and risks associated with recursive DNS queries.

DNS Cache poisioning/DNS spoofing - Corruption of an Internet server's domain name system table(server's cache database) by replacing an Internet address with a rogue address.Web user seeking the page with that address, is redirected by the rogue entry in the table to a different address which can then trigger a spyware, worm, Web browser hijacking program, or other malware.

Risks associated with recursive DNS queries -

There are two types of DNS queries: Iterative(a DNS server is queried and returns answer without querying other DNS servers, even if it fails to provide the desired answer) and Recursive( a DNS client requests information from a DNS server that is set to query other DNS servers until the desired answer is given to the client). The recursive nature of the queries raises multiple possible threat scenarios such as DOS attacks(servers supporting recursive queries are more prone to entertain phony requests leading to flooding), root name server performance degradation, DNS cache poisoning(results from someone tricking a DNS server into believing that a incorrect DNS query response is authentic and further leads to this false intel being cached and distributed to other users), unauthorized use of resources.