# DNS

The **Domain Name System** protocol acts like a phonebook for the Internet by translating human-friendly domain names into IP addresses, being a critical part of how the Internet functions. It  operates in the Application layer, usually on UDP port 53

For example, when users enter a domain name in their browser, such as *google.com*, the DNS queries multiple servers to resolve the name into the corresponding IP address *8.8.8.8* related to this domain. It's also possible that various IP addresses are related to the same domain name.

## <mark style="color:blue;">Work Flow</mark>

* A computer makes a DNS Query to ask for the IP of a domain, first checking the cache and then reaching out to a DNS resolver
* The DNS Resolver makes a recursive lookup through the domain Hierarchy until it finds the corresponding IP or hits the root server.
* Root Name Server indicates which server knows the IP and points the resolver in that direction, passing through the TLD Name Server and reaching the corresponding Authoritative Name Server
* The authoritative name sends back the correct IP to the resolver, which gives it to the computer. This is saved in the cache to remember it in the short term, and finally, the computer connects directly to the web server hosting the application

## <mark style="color:blue;">Domain Types</mark>

* **Authoritative Nameserver:** Holds authority for a particular zone, only answering queries from its area of responsibility, and its information is binding. If an authoritative name server cannot answer a client's query, the root name server takes over at that point
* **Non-authoritative Nameserver:** Not responsible for a particular DNS zone, they collect information on specific DNS zones themselves, which is done using recursive or iterative DNS querying
* **Caching DNS Server:** Caches information from other name servers for a specified period. The authoritative name server determines the duration of this storage
* **Forwarding Server:** Forward DNS queries to another DNS server
* **Resolver:** Non-authoritative DNS server that performs name resolution locally in a computer or router

## <mark style="color:blue;">Domain Hierarchy</mark>

The Domain Hierarchy organizes domain names on the Internet. It is structured like an inverted tree with multiple levels, where each level represents a domain, and the entire system is organized from the most general to the most specific.

Each part of a domain name corresponds to a level in this hierarchy and conforms to what is known as a Fully Qualified Domain Name (FQDN), the absolute domain name that specifies the exact location of a host within the DNS hierarchy.

### <mark style="color:purple;">Root Level</mark>

* The top level of the DNS Hierarchy
* Represented as an invisible dot (`.`) hidden in domains
* It is managed by root name servers that direct queries to the appropriate TLD servers
* There are just 13 root servers in the world

### &#x20;<mark style="color:purple;">Top-Level Domain (TLD)</mark>

* Is the right-hand part of a domain name
* They can only be composed of a-z, 0-9, and hyphens, and can't start or end with hyphens or have consecutive hyphens
* Can be classified into two types:
  * ***gTLD:*** Generic Top-Level Domain, tells the user the domain name's purpose, for example, the *.edu* domain for sites related to education
  * ***ccTLD:*** Country Code Top-Level Domain, used for geographical purposes, for example, the *.uk* for sites from the United Kingdom

### <mark style="color:purple;">Second-Level Domain (SLD)</mark>

* Also known as Authoritative Name Server
* It is the most typical part of the domain, which specifies the name of the page
* Consists of a maximum of 63 characters
* They are registered by individuals or organizations through domain registrars

### <mark style="color:purple;">Subdomain</mark>

* They are optional and normally describe the specific application of a page
* Multiple subdomains can be used, but the length must be kept to 253 characters or less
* There is no limit to the number of subdomains you can create for a domain name

## <mark style="color:blue;">Record Types</mark>

The records are entries in a DNS server that map domain names to IP addresses and other information. They have some types that define specific classes of information stored about a domain name, each one serving a different purpose. Here are the most common DNS record types:

* **A Record (Address):** Resolve to IPv4 addresses
* **AAAA Record (IPv6 Address):** Resolve to IPv6 addresses
* **CNAME Record (Canonical Name):** Resolve to another domain name, then the DNS request redirects to the second domain to work out the IP address
* **MX Record (Mail Exchange):** Resolve to the address of the servers that handle the email for the domain you are querying. Includes a priority flag that tells the client which mail server should be contacted first
* **NS Record (Name Server):** Indicates the authoritative DNS servers for a domain
* **TXT Record (Text):** Stores human-readable or machine-readable text. Commonly used for security. Help to list servers that have the authority to send an email on behalf of the domain.\
  It can be used to verify ownership of the domain name when signing up for third-party services, and there are also some standard records to protect against email spoofing and phishing:
* **DMARC:** Specifies how mail servers should handle messages that fail SPF or DKIM. Can be consulted under *\_dmarc.domain* or shown as `v=DMARC1` on the TXT record
* **DKIM:** Uses a selector prefix to allow multiple keys. Can be consulted under *default.\_domainkey.domain* or shown as `v=DKIM1` on the TXT record
* **SPF:** Defines which IPs or domains are allowed to send email for the domain. Can be consulted under *\_spf.domain* or shown as `v=spf1` on the TXT record
* **PTR Record (Pointer):** Applies reverse lookup to convert IP addresses into valid domain names
* **SOA Record (Start of Authority):** Provides information about the corresponding DNS zone and email address of the administrative contact
* **SRV Record (Service):**  Defines the hostname and port number for specific services


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kryptocoder.gitbook.io/hacking-knowledge/networks/protocols/dns.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.