DNS - Domain Name System
Is a Server which can be in-house or with an ISP, which caches in the IP addresses of the frequently visited web pages.
DNS Server - can be configured for recursive search, which forwards the request to other DNS servers.
Why the browser/DNS client contacts the DNS server?
To fetch the IP address of the web server to which the client needs access.
Why IP addresses are required by the client and server?
To help two computers connect and transfer data.
What is DNS Spoofing?
- Overriding the DNS server with the server information which the attacker wants the client to connect to.
- Overwrite the DNS settings on your computer.
What happens if the DNS server is unavailable?
The user will not be able to access the internet.
How can this add on from Firefox: Flagfox be used?
Flagfox provides the user with the server location, domain name and the IP address of the requested webpage (and much more).
Configure the host file to include this information: IP address and the corresponding domain name.
No longer will the requests be forwarded to the DNS server if configured in the host file.
Is it preferred to do this for all sites? NO.
The client will look for the IP address in the host file. If not found sends out the request to the preferred DNS which if cached in sends out the IP address to the client.
Client/Browser uses this IP address and places a call to the server. Server responds with the requested page to the client.
If the preferred DNS server does not have the requested IP address in its cache, the preferred DNS server performs a recursive search (if configured to perform recursive search) on other DNS servers until a response(positive/negative) is obtained, which is then sent to the requested client.
Beware of malwares that could alter the DNS server settings on your computer/network.
What to do if infected by such a malware?
Issue this command from the command prompt
flushes the DNS resolver cache, on the computer this command is issued.
Reset the host file.
Useful link to compare anything
Thank you Teemu Vesela (twitter handler- @teemuvesela )for helping me in my learning journey and for providing crisp and clear answers for the questions about DNS Servers.
This and the past week we shared knowledge on the below:
- Live HTTP Headers
- Edit Cookies
- Agile Testing
- Soak Testing
- SQL Injection Tool - Havij
- Google dorks - http://www.exploit-db.com/
Why should we be part of the testing community?
- Get to learn and share the testing discipline from this community comprising of members from across the globe.
- Discuss testing challenges and how to overcome or understand others perspective on the same.
- I met people who inspire me and helped expand and broaden views.
- Learn from many who are willing to share.
- This community is for us. Come be a part of this community.