Open in app

Sign in

Write

Sign in

Domain, DNS and cache poisoning: Full Stack Web Development(Article:2)

Rajeev Singh
Funerds
Published in
6 min readMay 17, 2019

A domain, we all know what a domain is because you got here somehow www.medium.com is a domain. A subdomain would be funerds.medium.com.

Domains are just a high-level wrapper on an IP address. But what does that mean? Well, it's basically like any place on google maps, when we search for the Indian Museum of Arts(IMA) it tells us where it is and lets us navigate to it. Now Google has mapped the museum to its latitude and longitude. So here the Indian Museum of Arts is a domain and the latitude-longitude are IP addresses. Now it will be hard to remember so many latitude-longitude(IP addresses) and hence we name things with easy to remember names(Domain).

IP address, stands for internet protocol. It’s just the type of protocol that people agreed on years ago to say, here’s how I wanna communicate with other networks, and there are lots of different protocols, but we use something called, TCP/IP. TCP is transmission control protocol, we’re not gonna cover that because that is a totally different article in itself. If you want to dig more about it then CLICK HERE.

Now, where do we store all this mapping information? This is where DNS(Domain Name System) comes into play. It's like a Phone Book but for domains. DNS is a global system for translating IP addresses to human-readable domain names. When a user tries to access a web address like “example.com”, their web browser or application performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes the hostname and resolves it into a numeric IP address, which the web browser can connect to.

But you have caches everywhere because say you go to google.com. You don’t want to keep looking that up every time. You don’t have to resolve that to whatever the IP address every single time. So there are different layers we keep cache to store this information to cut down on the latency. So if you have visited a website then it's Domain-IP information is stored in your local cache, your router cache and all the DNS name servers between the DNS server of the site and your laptop. A component called a DNS Resolver is responsible for checking if the hostname is available in the local cache, and if not, contacts a series of DNS Name Servers, until eventually it receives the IP of the service the user is trying to reach and returns it to the browser or application. This usually takes less than a second.

Deep dive into DNS here.

Now there are several DNS servers and all of them interact with each other, keeping everything up to date. For example, when we purchase a domain online from any provider, all the DNS servers have to be updated with that information for your domain to work and this is why it takes a little time after you buy or update the IP address of your server in your domain.

If you are already overwhelmed with the voodoo that takes place under the hood then wait for the security loopholes it poses to the internet to take it to another level. Imagine a situation where one of the DNS providers is down/hacked/unavailable, what would happen then? Yes, all the sites registered at that DNS will go offline. You can always type the IP address if you remember, in that case, the site will work but let's be practical here, ain’t nobody got time to remember IP addresses. So taking down one DNS provider can result in thousands of site not working by there domain name.

Now, this is something we don’t have control over but there is something else lurking in the dark about which we need to worry and prevent from happening. Its cache poisoning. So, if someone copies amazon.com and host it on their own server(x IP) and somehow poison all this cache that we talked about earlier, to say that amazon.com isn’t 176.32.103.205, it’s actually this other x IP address. Then they can trick you to enter your login/credit card information and throw you back on amazon.com without you knowing what happened.

So, DNS pass voice is a real thing. One way to solve that is through HTTPS which is a handshake between the browser and the server, and the DNS provider says, I am where I say I am. But in the early days of the internet, this was so malicious which is why companies like Chrome and Firefox are so insistent on HTTPS.

Also, always turn on two-factor authentication on your domains as they are worth money, it’s real estate in the land of the Internet. And domain hijacking is a very real thing where people take over your domain and then sell it to somebody else before you even knew what happened.

Experiment section:

Aim: Get a domain to point to your server/application/anywhere you want to.

Assumptions:

We own a virtual private server(VPS: we’ll learn more about it in upcoming articles) with an IP address: 8.8.8.8

Procedure:

Steps of this experiment are listed below:

STEP 1:
Buy a domain from any of the domain providers online(GoDaddy, Namecheap, Squarespace etc)

STEP 2:
Open the advanced DNS settings in your respective provider’s console. Now we’ll start editing DNS record. A single DNS record holds a lot of data:

  1. Address Mapping record (A Record) — also known as a DNS host record, stores a hostname and its corresponding IPv4 address.
  2. IP Version 6 Address record (AAAA Record) — stores a hostname and its corresponding IPv6 address.
  3. Canonical Name record (CNAME Record) — can be used to alias a hostname to another hostname. When a DNS client requests a record that contains a CNAME, which points to another hostname, the DNS resolution process is repeated with the new hostname.
  4. Name Server records (NS Record) — specifies that a DNS Zone, such as “example.com” is delegated to a specific Authoritative Name Server, and provides the address of the name server.
  5. Mail exchanger record (MX Record)
  6. Reverse-lookup Pointer records (PTR Record)
  7. Certificate record (CERT Record)
  8. Service Location (SRV Record)
  9. Text Record (TXT Record)
  10. Start of Authority (SOA Record)

Among all these, at this stage, we just need A record to point the domain to our own server/app.

STEP 3:
Create two A Record for the host:

  1. Host: @
    Points to: 8.8.8.8
    TTL: 600seconds
    This record is to resolve the domain with example.com
  2. Host: www
    Points to: 8.8.8.8
    TTL: 600seconds
    This record is to resolve the domain with www.example.com

TTL: Time to live
An older common TTL value for DNS was 86400 seconds, which is 24 hours. A TTL value of 86400 would mean that, if a DNS record was changed on the authoritative nameserver, DNS servers around the world could still be showing the old value from their cache for up to 24 hours after the change.

STEP 4:
At this stage, we just hold the bucket of popcorn and let the DNS servers update the record. This may take up to 5mins to 48hours to complete. And after it's done when we type our domain name in the browser it will open our imaginary server 8.8.8.8.

Result: Working domain which points to our private server.

TL’DR

Domains: Simple name to find our server

DNS: Phone book for domains which holds information regarding where our domain points to among other things.

To point a domain to your server we need to update the DNS record with A Record which points to your VPS’s external IP address.

What next?

In the next article, we’ll read more about VPS, SSH and get our hands dirty with the command line.

Next Article:
COMING SOON.

Previous Article:
Beginners guide to the knight in the shiny armour: Full Stack Web Development (Article:1)

Table of Content:
(Article:1)

DNS
Domains
Security
Domain Names
Hosting

--

--

Rajeev Singh
Funerds

Written by Rajeev Singh

12 Followers
Editor for

Tech geek | Artistically Inclined | Android is ♥️

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams