User:Jane Kruch/DNS: what is it and how it works

1. Overview and Learning Objectives
This chapter provides a brief overview of how, when, under which circumstances and due to what problems the Domin Name System as it is was developed. After revision of the history, we will go through the stucture of domain name system and its levels. Section about DNS zones provides information about DNS zones of responsibility which are closely connected with the term of delegation. Knowing the most important things of the DNS formation, the scheme and the principles of work of DNS servers will be explored. Details of DNS queries demonstrate the whole picture of a system and explores the format of DNS message. Finally, we will touch a very important part of any system - its problem side. Last section will present the most popular and widespread forms of DNS attack and also will give some advice on how to save your server from such attacks. After readng this chapter, you will : 1. Have deeper understanding of the principles of information exchange in the Internet. 2. Clarify and visualize processes that take place in DNS. 3. Get a good fundamental impression whcih will help for the familiarization with next chapters.

2. Introduction
In the previous chapter we have discussed the principles of TCP/IP protocol. In this part another important topic will be disclosed. As we already know from the previous chapter, for an appropriate work of TCP / IP protocol it is necessary that each host in the Internet has its own unique address – IP address – that consists of 4 octets separated by points. However, numeric addresses are good for machines' communication - people prefer names. It's hard enough to remember and use addresses like "192.0.34.163." Therefore, for the convenience of users computers on the Internet have been assigned their own names. All Internet applications allow you to use system names instead of numeric addresses. What will you do if you want to visit your favorite music web site? There are 2 options: Modern Internet users are accustomed to symbolic addresses of sites, for example: "www.favoritemusic.com." Indeed, these addresses can be easily typed and they are better remembered. Let's use the analogy of post for better understanding. Network numerical addresses are quite similar to the mail indexing. Machines that are sorting correspondence in the mail nodes are guided exactly by the index. If there is some confusion with the index, the mail is transmitted to people for reviewing and they determine the destination post office. People are more convenient while dealing with geographical names – this is pretty the same domain names. So this chapter will introduce the technology of Domain Name System (DNS), through which these symbolic addresses are functioning.
 * to browse for it
 * or just type the address of the site in the search bar.

3.1 Time before DNS
In the late sixties, Department of Defense's Advanced Research Lambs (or ARPA) opened funding of ARPAnet, which was an experimental global computer network that brought together important research organizations in the USA. But DNS did not exist when the ARPAnet NIC (Network Information Center) was created by Doug Engelbart at Stanford’s Research Institute in 1967. Initial purpose of the creation of this network was to divide the scarce or costly computing resources among government contractors. At the beginning, the network was quite small, so users could easily exchange files, programs and e-mail messages without the usage of a global directory structure. As it grew in size, it became obvious that such service would be further important. Then the question of its scaling raised and in 1971 Peggy Karp conceived of “host mnemonics” - Internet names. RFC - "Request For Comment". This refers to a description of a standard for new or modified internet or networking protocols. When standards are proposed, they are made available for public comment so that they can be refined and agreed upon. When the standards are finalized, they keep the same "RFC" name. The lookup table was created and was put into the “HOST.txt” file(Table 1).



It contained all of the hostnames and their related IP addresses and mapped all of the network resources. The implementation of this approach was extremely simple and it was quite applicable at small scale. “HOST.txt” was installed on the local server and gave an opportunity to lookup locally required resources and search in the bigger networks. Upon addition new machine to the network, the chain of actions was activated. First, the email template with all appropriate information was sent to the Stanford Research Institute. There all changes would be taken into account and implemented in the next release of HOSTS.txt. After that they would store the new file on a globally available FTP server. Finally, operators were to update an old version and install it in the server. This system had worked properly for a long time. Later it had suffered from a problem that had a large consequences – it was not scalable. In 1982-1983 different data transmission protocols were standardized and the ARPAnet was moved to the TCP/IP protocols. After the population of the network exploded. Growth from a very small number of nodes to tens' of thousands of them had resulted in difficulty to ensure the compatibility of all HOST files. Amount of once known hosts (and domain names) had grown to thousands, so the support and distribution of the current HOSTS file across the Internet turned into an intractable problem. System administrators started to refuse producing the daily file uploads that were increasing in size, and the environment swelled faster than the possible static methods of treatment envisaged. Main problems that appeared were:
 * Traffic and load
 * Lost of the network traffic and processor load involved in distributing the file had become unbearable.


 * Name collisions
 * It was impossible that two hosts would have the same name. Network Information Center had no authority over host names. Anyone could add a host with a conflicting name and break the scheme.


 * Consistency
 * Maintaining consistency of the file across an expanding network became harder. The host address could be changed, when the new version of HOSTS.txt had reached all the serversor a new host had appeared.

3.2 Era of Domain Name system
On the one hand, all those problems seemed to be inappropriate for a normal development, but on the other, they led the engineers of the time to come to the conclusion that a new structure would have to be put to replace HOSTS.txt. The first idea of what now is known as DNS was written by Dr. David Mills in 1979 in. In that document he outlined the concepts and facilities required for an Internet Name Domains system that would eventually scale to facilitate addressing of thousands of hosts. Four years later, in 1983 Paul Mockapetris published a request for comments to the Internet community entitled “Domain Names – Concepts and Facilities” as and “Domain Names – Implementation and Specification” as. These RFCs were superseded by and, the current specifications of the Domain Name System. In 1984, he also created the first reference implementation of DNS, calling it JEEVES. In 1988, Kevin Dunlap created a different implementation of the DNS in the environment of BSD UNIX 4.3. It was named BIND (Berkley Internet Name Domain). BIND later became the most common implementations of the applicable DNS. UNIX - a popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, UNIX was designed to be a small, flexible system used exclusively by programmers. UNIX was one of the first operating systems to be written in a high-level programming language, namely C. BIND - the most common implementation of the DNS protocol on the Internet. BIND DNS servers are believed to be providing about 80 percent of all DNS services. This software is nearly fault free, easily upgradable when a bug is found, and completely trusted by the Internet community - in other words, free open source software. ISC (Internet Software Consortium - a consortium of software developers for Internet) - a non-profit organization that manages the development of major software components for Internet including BIND package.

3.3 Domain Name System as it is
From the very beginning, DNS was conceived as a distributed database with information about domain names and addresses. Separate parts of such databases are sometimes called database segments because they include only part of the namespace, access to which the DNS service can receive. Advantages of DNS: 1)	friendly names are easier to remember than IP-address;
 * It’s quite obvious that the names of organizations or the words related to the description of the web site are faster and more easy to remember. From some point of view it’s even a commercial question when yoy create an address that everyone will keep in mind. Hard to imagine the world where we have to keep in mind all the IP addresses of common sites that we use nowadays.

2)	tree-based hierarchical structure of domain names; 3)	permanence of names
 * IP-address of the server may change, but the server name does not change.

4)	ability to add new domains;
 * DNS service allows to control certain parts of the global database on the Internet, so that people with administrative privileges could organize their own domain names and without any outside interference.

5)	stability and availability
 * Information which is contained in the databases is stable and continuously available. Robustness is achieved by DNS replication which makes copies of the same data and then supports it on many servers, preventing the loss of data access.

While being such a good system, DNS has some drawbacks. The biggest one is DNS attack. Reasons for the success of such attacks are rooted in the ease of faking the server response. DNS protocols that are currently in use do not provide any means of verifying the authenticity of the received data and their source, relying on transport layer protocols. The transport protocol in order to improve the efficiency does not provide establishing a virtual channel and uses an identifier of the message source as an IP-address which can be falsified elementary.

4. Organization of DNS space


After having some introduction to DNS, let's look deeper in its world. DNS is based on the concept of a tree of named domains, where domain is a named branch (or a sub-tree) in a tree of DNS names. The concepts of delegation and authority lie at the core of the domain name system hierarchy. We can see that the representation of the domain name system is illustrated as the tree (Figure 1). But as usually it is in the frames of informational presentation of structures, this tree is inversed. So its root is on the top. It is like what we have because the root means the most inportant part of the structure and at the same time has to be on the highest level of system hierarchy. Like common tree, DNS tree also has branches and leaves that stand for the lower blocks



As we can see the DNS tree consists of nodes (rectangles and clouds in the Figure 2) and each node has a label that can have a length up to 63 characters name can only consist of letters of the alphabet, numbers, and symbols "-" (hyphen). Also, domain names are case-insensitive. This means that the sequence of characters "Com", "COM", "cOm", "com", etc. mean the same name. The domains in the domain space are divided into levels: 1)	Root domain 2)	Top-level domain 3)	Second level domain 4)	Sub-domains 5)	Name of the host

4.1 DNS levels
Root domains Root domain is the totality of Internet hosts. Root domain is signed as “.” and is conditional since it is not administrated. It represents the delegation details of top-level domains

Top level domains Administration starts from the top level domains (domains of the first level). The domains of this level were distinguished in the 1980th. There are several types of TLD:
 * Gereric TLD (gTLD).
 * They were created for general usage. For example some of them were introduced in 2000th to accommodate the rapid development of the Internet and the need for extension of the domain name space (Table 2) :
 * {| class="wikitable"

! Domain name !! Owner Table 2. Generic TLDs
 * aero|| Air-transport industry
 * asia|| Asian Countries
 * biz|| Businesses
 * coop|| Cooperatives
 * eu|| European Countries
 * info|| Unrestricted use
 * museum|| Museums
 * name|| Individuals
 * pro|| Accountants, lawyers, and physicians
 * travel|| Travel related businesses
 * }
 * info|| Unrestricted use
 * museum|| Museums
 * name|| Individuals
 * pro|| Accountants, lawyers, and physicians
 * travel|| Travel related businesses
 * }
 * pro|| Accountants, lawyers, and physicians
 * travel|| Travel related businesses
 * }
 * }
 * These domains are of limited use and actual registration happens on the basis of the belonging of organization to a particular type. Originally there are 7 of them (Table 3) :
 * {| class="wikitable"

! Domain name !! Owner Table 3. Generic TLDs(beloning to organizations)
 * com|| Commercial organizations
 * edu|| Educational organizations
 * gov|| Government organizations
 * int|| International organizations
 * mil|| Military organizations
 * net|| Organizations providing network infrastructure
 * org|| Noncommercial organizations
 * }
 * mil|| Military organizations
 * net|| Organizations providing network infrastructure
 * org|| Noncommercial organizations
 * }
 * org|| Noncommercial organizations
 * }
 * }
 * Country code TLD (ccTLD)
 * After the Internet left the boundaries of the USA, new top-level domains were presented. Those domains were reserved for each country to allow geographical designations. According to ISO 3166, 2-letters abbreviations were created for each country name. The exception to this is Great Britain that has its domain name .uk.

! Domain name !! Country
 * bb||	Barbados
 * ca||	Canada
 * de||	Germany
 * es||	Spain
 * fr||	France
 * ru||	Russian Federation
 * ua||	Ukraine
 * vc||	Saint Vincent and the Grenadines
 * }
 * fr||	France
 * ru||	Russian Federation
 * ua||	Ukraine
 * vc||	Saint Vincent and the Grenadines
 * }
 * vc||	Saint Vincent and the Grenadines
 * }
 * }


 * Reserved Top Level DNS Names
 * These define the domain names to be used as examples (e.g. documentation), as well as for testing. These include names such as example.com, "example.org" and "example.net", as well as "test", "invalid", etc.ISO (International Organization for Standardization) – is an international organization for standardization, which develops international standards that give state of the art specifications for goods and services.

Second level domains In the second level we can see domain names that can distinguish regions, organizations or the projects. For example, the .us-domain has 50 subdomains that are responsible for each state (there is one extra domain for one for Washington, D.C.). They are named according to the standard two-letter abbreviation for the state. Also a lot of subdomains correspond to individual cities. Example: ibm.com, berkeley.edu, tsn.ua, bahn.de,etc.

Third level domains Each organization or private person can get their own domain (if it is still free till that moment). Here, in this level, names can be assigned to organizations that belong to the regions, projects or bigger organizations. These names provide growth of DNS name tree. The most common third level domain is "www". Example: www.facebook.com, blog.stackoverflow.com.,etc.

Host (or resource) name It’s the name that represents the leaf in the DNS tree which identifies a particular resource. Typically, the leftmost label in a domain name defines a specific computer in the network. For example, the name of this level used to record the resource node which is used to search for IP-address of the computer by its host name. Example: peter.gudzon.com (where “peter” is the name of the host),etc. Each node in the DNS hierarchy is separated from its parent with the point. To draw an analogy with the Windows file system, the domain name system has a similar structure, except that the separator in the file system is back slash, and in DNS there is point. DNS address is read from right to left (opposed to Windows file system paths). Domain name starts with a dot (the root domain) and passes through the domains of the first, second, third level and so on and (if necessary) ends with a hostname. There is also a rule that at the end of address there should be a symbol of root domain - “.”. But very often, the last point in the domain name is omitted (i.e. in the browser we print not “bigpicture.ru.”, but “bigpicture.ru ”. So, after the clarification of how to use domain names, the concept of FQDN was approached.

FQDN (Fully Qualified Domain Name) - is the domain name that uniquely identifies the domain name and includes all the names of parent domains in the hierarchy of DNS, including the root. It has some kind of analogy to the file path. For example, we want to get to the file “host”. So for this file the full path that is displayed in the command line can be:
 * C:\Windows\System32\drivers\etc

Very similar situation is with domain name. To make domain address clear we can look at the scheme(Figure 3):



Computer that is physically installed and connected to the web in America can successfully have a name of Ukrainian corporate domain, for example “valiza.ua”, and vice versa, computer or router of Ukrainian segment can have the domain name “.com”. Furthermore, the same computer may have multiple domain names. It is possible that one domain name can be attached to several IP-addresses that are actually assigned to different servers serving the same type of requests. Thus, the correspondence between domain names and IP-addresses within the domain name system is not one-to-one but is based on a "many-to-many" relationship. Several recent observations were intended to draw attention to the fact that the hierarchy of the domain name system is strictly enforced only in the names and displays only the nesting of naming and zones of responsibilities of respective domains’ administrators.

4.2 DNS zones and delegation
Domain is a brick in a whole building of Domain Name System. DNS – a distributed system (distributed database) that is able to provide the IP address or other information on request which contains the domain name of the host (computer or other network device) and make the vice versa process – to give a domain name in accordance with IP address. To convert domain names and IP-addresses, a distributed system of special servers is used in DNS. Each server maintains its "set of customers", performing for them the address conversion. The most important are the so-called root servers of DNS that ensure the whole system of Internet domain names in general. There are 13 such servers, and they belong to the Technology Center ICANN. Main root DNS servers are denoted by Latin letters from A to M. They are managed by different organizations working in coordination with ICANN. ICANN (Internet Corporation for Assigned Names and Numbers) - a nonprofit organization whose aim is coordination of addresses and names in the Internet, domain name system management and approval of protocol parameters. Earlier - before 1998 - these functions were performed by the organization IANA (Internet Assigned Numbers Authority) under the contract with the U.S. government. ICANN in contrast to the IANA, is an independent international organization. Terms of reference of ICANN include general technical management of the Internet - the definition of the domain name system, unique IP-addresses and protocol parameters (e.g. port numbers) and control of the Internet root server system (Table 4). As we have seen before the main advantage of DNS is its quality of work order that allows DNS-servers synchronously update the database names. Adding an address of the new site takes a few hours in online mode. But let’s just imagine what a huge amount of data should be proceeded and answered for a DNS work of full value. That’s why there is a hierarchy of "confidence" and distribution of the "zones of responsibility" among the DNS servers. A particular server can be responsible for a certain set of domains. At the same time DNS-servers in the global system of the DNS are interconnected and share information using rather complex protocols. The programs that store information about the domain name space are called name servers. Name servers generally have complete information about some part of the domain name space (a zone), which they load from a file or from another name server.

Let’s see how it works on the example. We have a company that consists of CEO and 3 departments: HR, Finance and International. Human Recourses department has 2 employees: A and C. Finance Department includes the Incomes (with D and E working on it) and Outcomes (only 1 person – F – is working there) divisions. International department has 3 branches that are responsible each for Europe, USA and China. Each branch has a helper: G, H and I. And for USA helper-H there are 2 more persons to manage the work: J and K. (Figure 4) It’s hard to imagine that CEO can know everything about, for example, K that works as the helper of helper in USA branch of International Department. It is clear that CEO will divide the responsibilities of each department to its heads. In its turn, heads of the depatments can also devide their branch into several divisions.

So imagine that the mail comes to the company and it is for F. At first all is delivered to the CEO (Figure 5). Then the secretary of CEO looks that there is the mail for F. She is not acknowledged about F but sees from mail address that he works in Outcome division of Finance department.

In her responsibility is only the Finance department so she forwards letter there (Figure 6). Secretary of Finance department looks at mail but she also is not responsible for such employee as F. All she does – sends letter to the Outcome division which is under her control. Finally in the list of employees in Outcome division there is such a person as F and he gets his mail (Figure 7)

Root server stores addresses of the TLD servers. The zone of its responsibility is calle root-zone.(Figure 8) Top-level domains store addresses of the local domain servers (Figure 9). Each zone will be called after the name on the server that is responsible for it. For example, all servers that are under control of the google server are in .google-zone. The same situaton happens with the second- and third-level domains that also have zones of the responsibility. (Figure 10) Zone - a container uniting several domains in a structure with general permissions to manage, i.e. zones are containers for domains and hosts. Zones can be nested in one another. Domain can belong to multiple zones containing different subdomains of this domain. Each domain must have at least two name servers to store there the zone file.

4.3 Types of servers
Chief among the servers in DNS is called the Primary DNS server. Primary DNS-server is also called the master server. It stores master files that contain all the information about control zones of this server. These files are loaded into the memory of the name server when it starts up. Primary server is different from other name servers that it is always able to read its data from the zone file on the disk when the DNS service is launched. Designation of the primary master server configuration is an important element during installation of any DNS-server. Each DNS-zone can have only one primary master name server. The second server is called Secondary DNS server or a slave server. There can be any number of secondary servers, but it is required to have at least one. It gets its zone data from the master server of that zone. In all implementations of the DNS secondary server always checks whether the version of the data that is stored on its disk is as up-to-date as the version posted on the primary server. For this purpose, it checks the special field in its “start of authority record” (SOA) and compares it with the corresponding value in the master database server. SOA - a DNS record, which defines the authoritative information about DNS-zone. SOA record contains the following parameters: If it finds that there are any changes in the zone file, the slave server will edit its file. Secondary DNS-servers are important as they contain database backup of domain for a particular zone. They are also necessary because in the case when something will go wrong with the primary (we know that absolutely reliable technique does not exist), then the functions of primary server temporarily will switch to secondary. But it does not become the primary because of this situation. If the primary server will not recover, the secondary server will delete records of the domain. Caching DNS servers store records from other domains, access to which was requested during the recent time of usage. This is done in order to avoid the overhead related with the making of a remote request in each case aiming to access the resources outside the local domain. To understand the principle of caching we can see the difference between your refrigerator and a nearby grocery store. As well as a refrigerator determines what you can eat right now, the cache indicates which domain names that are outside the local domain can be resolved immediately. Similarly, in the grocery store there is an extensive set of products that you can eat theoretically, the global DNS database contains all of the names and addresses that you can try to get. Caching functions can be performed by the primary and secondary DNS-servers, but at the same time within a particular domain, you can install and configure a dedicated server (caching-only server).
 * Primary Name Server
 * Hostmaster (Contacts of the person responsible for the administration of the file zone)
 * Serial number (Serial number of the file zone. 32-bit integer that varies every time you update zone)
 * Refresh (Time in seconds to wait before secondary DNS requests of SOA-record from the primary one. When the time expires, the secondary DNS appeals to the primary to receive a copy of the current SOA-record.)
 * Retry (Time in seconds that comes into effect when the primary DNS-server is unavailable. The time interval after which the secondary server should try to synchronize zone description with the primary server again)
 * Expire (Time in seconds within which Secondary DNS server will try to complete synchronization of zone with the primary one. If this time expires before the synchronization is carried out, the secondary DNS-server will stop serving requests for this zone)
 * Minimum TTL (The minimum lifetime that is applied to all resource records of the zone. This value is used in query responses in order to inform other servers how long they can store data in the cache.)

5. DNS queries
The major task carried out by a DNS server is to respond to queries (questions) from a local or remote resolver or other DNS acting on behalf of a resolver. A query that should be proceeded by server would be something like what is the IP address of jane.example.com? Resolver - DNS client software module that sends requests for name resolution, simply saying it’s a server which converts IP addresses the human-oriented names. Since the domain name service operates on the principle of delegation of authority, each machine either knows the answer to the question or knows whom to ask. That means if the requested information is available, it will be found and reported to the client, or if the question has no answer, the customer will receive a message that will prove the impossibility of obtaining an answer to the question. There are two ways to get the answer.

5.1 Recursive queries
If we are working in recursive mode, a DNS client sends a request to the name server, whereupon the latter, with the absence of the necessary information addresses up the chain to other name servers. After receiving the information the name server sends to client the result. That means that they ask other DNS server by themselves. Because of this, the DNS client is freed from most of the work on searching information in the DNS. Recursive server is convenient to use in local area networks. They cache intermediate answers, so for subsequent answers to the requests will return much faster. To operate in the recursive mode, the client and server must be configured accordingly. However, in most cases, the user is unable to change the setting for the client. Recursive mode is rarely used, as the load on name servers in this case is greatly increased. And for the client this mode is not optimal, because in case of the response delay it will be difficult for client to determine what happened: line failure or just polled a very long chain of name servers is processed. Let’s look at the example (Figure 11). Objective: To appeal to a web page “www.jane.example.ua” 1)	Once you have typed character address in the URL field of your browser, it accesses the function Winsock GetHostByName (if it is a platform win32), which in this case is the DNS resolver. 2)	Resolvers sends recursive query to the local DNS-server that asks to identify IP-address ''“www. jane.example.ua''” 3)	Local server looks whether the content of the database of its own zones of responsibility can provide answer the question . If yes - resolver sends a response. 4)	 If not - the local server sends the root DNS-server question about the node ''“www. jane.example.ua”'' 5)	Root server actually do not know anyhing about the hosts and can report only the address of the server responsible for the .ua-zone. 6)	Local server continues to send queries one by one to the servers that are responsible for ''. ua-zone, .example.ua-zone and finally comes to the server responsible for the .jane.example.ua-zone.'' 7)	Domain server jane.example.ua finds in its database and returns the required hostand sends to local server the IP-address which corresponds to the name. 8)	In the end your browser can use the IP address and show you the desired page.

5.2 Non-recursive (iterative) queries
The most common is a non-recursive mode. Name server receives a request from a client DNS, for example on the transformation of the domain name in the IP-address. If a domain name is included in the zone of the control of server, the server returns a response to the client. The answer may be positive (ie IP-address) or negative (for instance name does not exist). If the required information is does not refer to this server control zone, but is present in the cache server, the name server also sends a response to the client with the address of the name server that is authoritative for this information. If the information is not present in the cache, the DNS client received the IP-address of the server that is closest to the required domain, and which may have the necessary information. In this case, the DNS client sends a request to the following address on the server running analogously. This continues until the moment when the client gets to the correct name server, where the required information is located. Thus, in a non-recursive mode, the client itself performs all requests to the name servers. Let’s come back to the example. The aim is the same – to get the page “www.jane.example.ua”(Figure 12). 1)	As in the previous case, you type the address in the search bar and access the DNS resolver. 2)	DNS resolver sends the query to the locally configured DNS server. The DNS server looks up for “www.jane.example.ua” in its cache and finds, then server sends the answer immediately. 3)	But if there is no answer, server replies that you should send your query to the root-servers. 4)	Resolver sends query to a root-server asking for the IP address for “www.jane.example.ua”. 5)	The root server in its order doesn’t know about the “www.jane.example.ua” and redirects you to the TLD server which in our case is .ua-zone (ccTLD). 6)	After the receiving information from root-server, the resolver sends queries in turn to the .ua-zone, after to .example.ua, then to .jane.example.ua and finally gets the IP address for “www.jane.example.ua” in the last server. 7)	The resolver gets the IP address and can provide your browser with it.

5.3 Inverse query
From time to time it can be seen that the opposite process (the searching for IP address by domain name) will happen. Actually solution to the task of searching the DNS domain name by IP-address is a bit unusual. It would seem that to solve this problem you can easily use the description of direct (common) zone as it has all the information. Salvation of the inverse task using the direct zones is inconvenient. This search will be reduced to a full examination of all zones that will take a tremendous amount of time. If the IP-address for which domain name is searched fall into the zone of responsibility of the domain name server or the right name would be cached, the server will easily find the domain name. If the IP-address will not appear in the zone of responsibility of the server, then usage of the standard procedure will not give an answer. The first thing that the server makes in this situation is appealing to the root server. But how the root server can know who owns the requested IP-address? Domain Name System is maintained according to the hierarchy of domain names, but not IP-addresses.

Quite logical and simple solution arises that allows you to use a standard search engine of the domain name for solving for "reverse" problem - a special domain, the structure of which coincides with the structure of IP-addresses. It is called the domain IN-ADDR.ARPA. This special domain is created in the root domain and it uses the IP address as an index. As the specification in domain names increases from right to left, and in IP addresses - from left to right, the order of octets during the formation of the corresponding name in the in-addr.arpa domain will be reversed. So, for example, host name for IP address 192.0.34.163 will be a PTR record for the file of 34.0.192.in-addr.arpa -zone. This element will look like: Since we are talking about domain addressing, the names are processed in the same way as regular domain names. This means that the domain name system for machines of this domain can be represented in analogous form.

5.4 Forwarders
DNS forwarding - is the process by which particular sets of DNS queries are handled by a designated server, rather than being handled by the initial server contacted by the client. The DNS forwarder should be thought of as the designated server to which particular subsets of queries are forwarded by other DNS servers within the network. It then sends (forwards) those requests for resolution to other DNS servers. Local DNS-server asks other server and finds the correct answer on his own, but if your network is connected to the Internet over a slow line, this process can take quite a while. Instead, you can redirect all requests, let's say, to the provider's server, and then take his answers back. Using the "forwarders" may be useful for large companies with multiple networks: each network can be supplied with a relatively weak DNS-server, but then more powerful machine that is connected to the fast line may be specified as forwarder. In this case all the answers will be cached on this powerful server that will speed up process for the entire network.

5.5 Scheme of the query
When we are looking for some address or domain name as in every system we are using messages of a certain format. DNS message format is divided into five sections (some of which, under certain circumstances remain unfilled)(Figure 14). Header section is always present and includes fields that describe the different sections in current message. Question section contains fields that describe the request type, class and domain name request. Answer section contains resource records that answer the query. Authority section contains resource records that point to the authoritative server. Additional section contains resource records that are associated with the request, but not exactly respond.

5.6 DNS attacks
It was noticed that system administrators spend a lot of time to develop security systems for applications, servers, and other infrastructure components, but, unfortunately, they tend to forget about security systems for DNS-servers. The DNS system is designed so that most of the data for exchange goes via UDP, while it does not provide built-in security system and no built-in authentication support - all this makes system more vulnerable to the attacks than other network services. And the damage of DNS may entail significant costs, as well as distortion of the original data DNS. DDoS (Distributed Denial of Service) – is a network traffic attack used by various malicious actors for the negative impact. Let's look at a few types of the most common attacks on DNS.

DNS cache poisoning This attack can influence the name resolution process in two ways. When using the first method attacker installs malicious software (virus), which should control the local DNS cache on the client machine. After recording this in the local DNS cache, it is modified to point to other IP-addresses. For example, if the browser tries to access a website with the address http://www.books.com, instead of IP-addresses of “books” he gets the address which was set by attacker’s software. This address usually leads to a site that is located on a server owned by the attacker and contains malicious software. Second, a more dangerous method is that the attacker attacks the DNS-server and modifies its local cache, so that all servers that use this server for name resolution will receive an incorrect IP-address. Finally it will lead to its disruption work and can result the loss or theft of information in the end. In extremely rare cases, attackers can gain access to the root DNS-server that stores the master records of root domains, such as .com, .net or to the records of the domain name systems of individual countries. Attackers can modify the records on this server, while other servers will receive changed data automatically, which can lead to blackouts of global commercial network services and sites. Although these situations are very rare, and they can sometimes occur.

DNS hijacking This attack is also often used to change the principle of DNS systems work. In this case, there are no changes applied in the client's DNS cache, but the changes are made in the settings, after which all requests for name resolution are addressed to attacker’s personal DNS-server. Normally this attack aims for not stealing data but for gathering the statistical information from the client. All name resolution queries that are sent to the attacker‘s server operate correctly, but the attacker gets the information from the sites used by the client. DNS spoofing This attack refers to the interception attacks involving human interaction during which attacker gets the control over the network. As soon as the control over the network MAC-layer is obtained, attacker defines the IP-address of the DNS-server and starts tracking and modifying requests that were intended for this server. All requests from the network pass through the attacker’s computer and achieve real DNS-server. This attack can have serious consequences, as all computers on the network would not capture the fact of attack and will send all requests for DNS address to a hacker’s computer. There is an alternative way of this attack called DNS ID spoofing. Each DNS-request and response has unique identifiers intended to divide up the requests directed to the DNS server at the same time. These unique identifiers are often formed from the MAC-address, date and time of request implementation and created by a stack of protocol automatically. Attacker uses a sniffer to capture one or more requests and responses with their corresponding identifiers and then creates a query with the appropriate identifier and spoofed IP-address. As a result of these actions, appears a spoofed IP address stored in the local cache of attacked system. After this the target system can be harmed by placing the malicious software on the server that was specified in the request address. Sniffers - are programs that intercept all the network traffic. DNS Amplification Attack Under Amplification Attack we can understand loading of DNS-server with tasks that the server is not able to perform. There are several ways to load the server and finally transfer it inoperable mode. The malware can be used to implement one of the methods, which will modify the local DNS cache of nodes’ set. After these steps, all nodes with a modified cache begin to send queries to specific name server that was preselected by attackers. Each server may respond only to a limited number of requests per bounded time interval (depending on CPU performance and configuration) and after all modifications that have been done before it eventually starts adding requests to the queue. The more customers will be exposed to modifications of the local cache DNS, the more requests will be sent to the queue and finally the work of server will be paralyzed. The goal of this attack is actually not DNS but a third person. It is aimed at IP-address of the victim. Source of an attack can significantly increase the output data stream from and thus hinder Internet access to his victim. Protection of DNS Nevertheless there are some methods and ways of protecting DNS. First of all and most obvious one seems to be the fact that we have to run software in secure environment. Then DNS resolvers should have the latest security patches applied, as this reduces the opportunities for a cyber attack. Another thing that you can do is to enable DNSSEC. DNSSEC (Domain Name System Security Extensions) - is an extension of the domain name system, which ensures authentication of DNS data and its integrity. In other words, DNSSEC provides clients security from false DNS data. DNSSEC creates a chain of trust between the client and the authoritative server and is based on key exchange inside specific signed resource records. All responses from the DNSSEC are signed with a cryptographic key. For each domain ( the root domain to the domain of the user ) has a special pair of keys : a public(zone signing key) and private (key signing key) keys. Key information is stored on the primary DNS- server. The private key is used to sign the domain after each change. Digital signature of the public key is published on the Internet for verification, the parent domain specified DS-record ("Designated Signer"). Thus is formed a chain of trust: knowing public key of higher-level domain you verify keys of subdomains.

6. Brief overview of DNS future
DNS plays a major role in the todays life of World Wide Web. You do not need to remember all the IP addresses of web sites. Because of domain names everything became more faster and much easier for client. But DNS doesn't stop in its development. There are some projects that are aimed to be implemented into life. Program IDN (Internationalized Domain Names) is one of the main priorities of ICANN. This program includes several initiatives with the involvement of a significant representative part of the global Internet community and to ensure the safe way of introducing multilingual top-level domains in the root zone. Due to this program users will be able to register and use domain names with application of local fonts. This applies to users whose languages use writing from right to left (such as Arabic) or non-alphanumeric fonts (traditional Chinese). The main aim of this project is to make navigation through the Internet easier. One of the most thing why they are willing to implement this idea is the growing number of Internet users around the world, to whom is may be difficult to use symbols of ASCII. In fact, the number of Internet users, whose languages are not based on the Latin alphabet, far exceeds the number of other. The web address does not always represent a meaningful name or any significant word. In such cases, is especially important to use a font or alphabet that the target audience will be able to recognize and reproduce using the computer keyboard. Also in 2013 ICANN received an application from the company Google, which wants to get permission to use point free domain «search» to the search engines. Google intends to use the domain «http://search» for diverting search queries. So no one can say what will wait for us in the nearest future. Domain names in our native languages or point free ones – no one can predict. But what we can do – is to study as much about DNS as possible.

7. Conclusion
This chapter describes a key characteristics of the Domain Name System: from the history of its creation to the various kinds of DNS attacks. Illustrations and examples can provide the deeper understanding of the question and provide a visualized scheme of the work and stucture of DNS zones and servers. Information from this chapter also explores the principle of DNS query work. The next chapters will guide you through the world of Internet and World Wide Web, help to distinguish the main differences between them and obtain knowledge from both spheres of digital world.

8. Check yourself
Here you will find several tests that can help you to understand wheather all the material from this chapter was clear for you. Each 5 questions represents the certain topic with the same order as in the content. Good luck! {When did DNS appear? - It appeared not so long time ago, approximately in 1990th - Togeather with ARPAnet in 1967. They both where developed at the same time. - During the growth of the ARPAnet + The first implementation of DNS was developed in 1980th
 * type="[]"}

{What were the main reasons for creating DNS? + Number of users in the network was growing rapidly + A possibility of name collision may occur - Unappropriate format of host.txt file (.txt was no more in use) + Difficulties in updating file with the tables of IP addresses and domain names
 * type="[]"}

{Who was the "father of the idea of DNS" - Paul Mockapetris + David Mills - Kevin Dunlap
 * type="[]"}

{How was called an implementation of DNS for UNIX system? - JEEVES - RFC + BIND
 * type="[]"}

{The main advantages of DNS + Friendly representation of IP addresses - Its linear structure + Ability to add new domains easily + Storage of data in two or more servers
 * type="[]"}

{What is the maximum number of levels that DNS can support ? - 3 - 4 - It should be no more than 63 character for all level names + Any number
 * type="[]"}

{Match the domain name with its level --+- com --+- aero ---+ bahn -+-- fr +---. --+- org ---+ mail --+- museum -+-- uk ---+ target
 * type="[]"}
 * Root level  |   ccTLD   |   gTLD   | Subdomains

{Name the peculiarities of the primary DNS server: - It is also called caching server + It contains all the information about control zones of the server + Files are loaded into the memory when it starts up - Each domain can have any number of primary servers + It is always able to read its data from the zone file
 * type="[]"}

{Why do we need zone delegation? + To delegate management of part of your DNS namespace to another entity + To divide one large zone into smaller zones for distributing traffic loads + To enable adding numerous subdomains at once
 * type="[]"}

{Imagine the situation: you type a name of website in browser and access the DNS resolver.DNS resolver sends the query to the locally configured DNS server and it immediately gives back the IP address of the searching website. In which type of query it can happen - Only in recursive query - Only in inverse query - Only in iterative query + In iterative and in recursive queries {How is a reverse lookup zone called? - in-arpa.addr domain + in-addr.arpa zone - addr.arpa zone - addr.arpa domain
 * type="[]"}
 * type="[]"}

{Which sections from the list below are in the structure of DNS message? - Lookup + Header + Question - Method + Additional {What kinds of attacks can be used for DNS? + Cache poisoning + Hijacking + Redirection of request + Gathering the statistical information from the client. + Hindering Internet access
 * type="[]"}
 * type="[]"}

{What kinds of attacks can be used for DNS? + Zone signing key and Zone signing key - Zone request key and Key signing key + Private and Public key - Request key and Response key - Request key and Signing key
 * type="[]"}

10. References

 * Cricket Liu,Paul Albitz (2006). DNS and BIND,fifth edition.
 * Ross Wm. Rader (2001). One History of DNS.
 * Ron Aitchison (2005). Pro DNS and BIND 10.
 * Alena Kobelova,Libor Dosta ́lek (2006) DNS in Action: A Detailed and Practical Guide to DNS Implementation, Configuration, and Administration.