# CYBER SECURITY (Penetration Testing Prerequisites) 1.9 DNS

## How does this support my pentesting career?

- SSL/TLS certificates validation relies on DNS
- Mounting spoofing attacks
- Performing information gathering

**- The Domain Name System, or DNS, is the only application layer
of the protocol you will see in this module.**

**- The DNS primarily converts human-readable names, like
www.elearnsecurity.com, to IP addresses and is a
fundamental support protocol for the Internet and computer
networks in general. It is widely recognized that the entire
internet security is relying upon DNS.**

**- You will need to know how the DNS service
provides name resolution because every common operation on
the Internet such as opening a website, sending an email, and
sharing a document involves the use of a DNS to resolve
resource names to IP addresses (and vice versa).**

**A DNS name such as www.elearnsecurity.com or
members.elearnsecurity.com can be broken down into
the following parts:**
- Top-level domain (TLD)
- Domain part
- Subdomain part (if applicable)
- Host part


![Snip20220429_1.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244016837/fecYC8c7j.png align="left")

## DNS Structure : 



![Snip20220429_2.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244071305/CnUJwrIgW.png align="left")

**- Name resolution is performed by resolvers, servers that contact
the top-level domain (TLD) DNS servers and follow the hierarchy
of the DNS name to resolve the name of a host.**


**- Resolvers are DNS servers provided by your ISP or publicly
available like OpenDNS or Google DNS.**


**- To convert a DNS name into an IP address, the operating system
must contact a resolver server to perform the DNS resolution.
**

**- The resolver breaks down the DNS name in its parts and uses
them to convert a DNS name into an IP address.**


## DNS Resolution Algorithm : 

1- Firstly, the resolver contacts one of the root name servers; these servers contain information about the top-level domains.

2- Then, it asks the TLD name server what's the name server can give
information (authoritative name server) about the domain the resolver is
looking for.

3- If there are one or more subdomains, step 2 is performed again on the
authoritative DNS server for every subdomain.

4- Finally, the resolver asks for the name resolution of the host part.

## EX : 


![Snip20220429_3.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244620540/XmY60Vp0f.png align="left")

## Then 

![Snip20220429_4.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244640448/F2A1bfi8g.png align="left")

## After That 


![Snip20220429_5.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244707972/EeZdvbf5X.png align="left")


## Finally 



![Snip20220429_6.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1651244738203/Q1rVcNm9_.png align="left")


--> How can a resolver know how to contact a root name server?

--> IP addresses of the root servers are hardcoded in the
configuration of the resolver. System administrators keep the list
updated, otherwise, the resolver would not be able to contact a
root server! 



+ The domain name system can also perform the inverse
operation; it can convert an **IP address to a DNS name**.

+ Keep in mind that this is not always the case; the administrator
of a domain must have enabled and configured this feature for
the domain to make it work.


-----------------------------------------------------------------------------------------------------------

Written by : Mohamed Abdalla Ibrahim

PMP | CISM | ITIL | CEH | Azure Architect | Azure Security Engineer | IBM Cybersecurity Analyst

