Professional Documents
Culture Documents
Working of DNS: Ansh Bhawnani
Working of DNS: Ansh Bhawnani
Working of DNS: Ansh Bhawnani
Ansh Bhawnani
Working of DNS
2
Working of DNS
3
Working of DNS
4
DNS Nameservers
Ansh Bhawnani
Working of DNS
▰ Root Servers
▻ The root nameservers are overseen by a nonprofit called
the Internet Corporation for Assigned Names and Numbers
(ICANN).
▻ There are 13 types of root nameservers, but there are
multiple copies of each one all over the world, which use
Anycast routing
6
Working of DNS
▰ Authoritative Servers
▻ The authoritative nameserver contains information specific
to the domain name it serves (www.google.com)
▻ It can provide a recursive resolver with the IP address of
that server found in the DNS A record.
▻ If the given record has a CNAME to another domain, the
resolver will do lookup for the new one
8
Working of DNS
9
Working of DNS
10
Working of DNS
11
Working of DNS
12
SPF, DKIM and
DMARC records
Ansh Bhawnani
Working of DNS
▰ SPF Record
▻ “Sender Policy Framework”. As with all three checks, SPF is a DNS TXT record
that specifies which IP addresses and/or servers are allowed to send email
“from” that particular domain.
▻ “If they know who sent them the letter, the recipient is more likely to open it.”
▻ An SPF record is only necessary for the top level domain (i.e., your-
domain.com). An SPF record for a top level domain automatically authenticates
any subdomains under it (e.g., mail.your-domain.com).
▻ Cannot generally exceed 255 characters.
14
Working of DNS
15
Working of DNS
▰ DKIM Record
▻ “DomainKeys Identified Mail”. Also a TXT record. DKIM’s intent is to prove that
the contents of an email message haven’t been tampered with, and headers of
the message have not changed (e.g., adding in a new “from” address) and that
the sender actually owns the domain with the DKIM record, or is at least
authorized by the owner of the domain.
▻ Unlike SPF, DKIM uses an encryption algorithm to create a pair of public and a
private key.
▻ The private key remains on mail server. The public key is what’s placed in the
DNS TXT record. Public key is pasted into a TXT record with that domain’s DNS
provider (e.g., GoDaddy, eNom, DynDNS, etc.). 16
Working of DNS
17
Working of DNS
▰ DMARC Record
▻ “Domain-Based Message Authentication Reporting and Conformance”, a
technical standard for email authentication that helps protect email senders
and recipients from spam, spoofing, and phishing. DMARC itself is not an email
authentication protocol, but it builds on key authentication standards SPF and
DKIM.
▻ In order for DMARC to pass, both SPF and DKIM must pass, and at least one of
them must be aligned.
▻ For SPF to align, the message’s From-domain and its Return-Path domain
must match. For DKIM to align, the message’s From domain and its DKIM d=
domain must match. 18
Working of DNS
19
Working of DNS
20
HACKING
Is an art, practised through a creative mind.
21