- Root Server →
A DNS root server is a known location where the Recursive Resolver can start looking for the answer to its query.
It is known because its address is in the Recursive Resolver's memory, so the Recursive Resolver always knows how to find it. There are currently 13 root servers in the global DNS. The RIPE NCC maintains the K-root server.
- TLD (Top-Level Domain) Server →
A Top-Level Domain (TLD) Server is known to the root servers. It is authoritative for TLDs (for example .com, .org, .net)
- SLD (Second-Level Domain) Server →
A Second-Level Domain Server has information about specific domains which are not top level. The information about the IP address of a website resides in a Second Level Domain Server, for example ns.example.net.
- Stub Resolver →
The Stub Resolver cannot query anything else other than the Recursive Resolver. The application will ask its query to the Stub Resolver and this one will forward it to the Recursive Resolver, which will get the answer from the global DNS.
- Recursive Resolver →
The Recursive Resolver is the one that will get queries from a group of clients and ask around the Internet in search of the answers. It is usually a service provided by ISPs and it serves several clients. It can store answers in its memory (known as cache) for a period of time. If it receives a query whose answer is already stored in the cache, the Recursive Resolver will answer from the cache.
- Attacker →
The purpose of an attack on the DNS is usually to poison the Recursive Resolver's cache. That is, to make the Recursive Resolver think that an IP address of a server belonging to the Attacker is the IP address of another website (a bank, for example). If an attack is successful it may misdirect a user to the Attacker's website, causing it to give away confidential information.
- Address (A) Record →
An A record is the most common type of DNS record; it matches a domain name to an IPv4 address. There are many other types of DNS records, such as AAAA for an IPv6 address, or MX for mail servers.
- DNS →
The Domain Name System (DNS) is a hierarchical distributed naming system for Internet resources. Its main purpose is to translate domain names to IP addresses.
- Authoritative Server →
A DNS server is said to be authoritative when it is the one that knows the right answer to a specific query.
- Cache →
The Recursive Resolver's cache is its memory where the answers for recent queries are stored. If the answer to a query is on the Recursive Resolver's cache, the Recursive Resolver will not query any other server, but will give out the stored answer.
- IP Address Matching →
When the Recursive Resolver receives an answer packet it will check if it matches the IP address to whom the query was sent. The idea is to ensure that the answer came from the expected source address. However, this IP address can be faked.
- UDP Port →
The Recursive Resolver is expecting the answer packet on the same UDP port from where the query was sent.
- Query ID →
A Recursive Resolver generates a unique identifier (ID) for every packet that it sends. The identifier on the response packet needs to match the identifier that the Resolver generated for the query.
- TTL (Time to Live) →
One of the fields in the DNS records is the TTL (Time-To-Live) field. This is the number of milliseconds corresponding to the amount of time that the Recursive Resolver should keep the answer in its memory.