DNS
Domain Name System (DNS) is in use on virtually all TCP/IP networks as the predominant name resolution service. Although simple in design, its original specification severely lacked any security considerations. However, many innovations have been made since its original release and now DNS is far more securable than before. In addition, employing a few important best practices can keep this system reasonably safe against attackers.
What Is DNS?
DNS takes the friendly textual name of a computer, such as http://www.contoso.com, and resolves it to an IP address such as 131.107.2.200. That IP address can then be used by TCP/IP to locate and communicate with the desired computer.
DNS is important because humans do not memorize numbers well. We can remember that http://www.contoso.com is a great web site, but we cannot easily remember that to communicate with it we need to type http://131.107.2.200 into our web browser. DNS solves that problem for us.
Essentially, DNS is just a big distributed database. The data is
formatted into individual records
that store
information. DNS allows users and administrators to add records to,
manage, and retrieve records from the database it maintains. There
are numerous
record types
available in DNS, each representing the type and use of the data it
stores. In this chapter, we’re mostly concerned with
A records (Address records) that map a
hostname to an IP address and PTR records (Pointer records) that map an IP address back to a name. However, there ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.