-1

Easy question about how dns works.

In simple form: What prevents inserting a taken domain name to a dns system?

Let's take an example:

I have bought a domain from domain registrar, let's pretend it's example.com.

Then I have a website at ip EXAMPLE_IP. For that app, I have cloudbased DNS system, where I have put dns record for example.com to match EXAMPLE_IP. Which means all requests to that domain will find their way to my website.

Now what would prevent someone to use that same example.com in some other dns system, and point it to some other website? What I don't yet know is where does the ownerhsip query of a domain name occur?

Please don't close, I just want to understand.

Ville Miekk-oja
  • 18,749
  • 32
  • 70
  • 106

2 Answers2

1

When you buy example.com your registrar registers that domain with the .com domain. When someone then looks for example.com they query the .com name servers. This is the ownership part.

The .com name servers are very well managed and deployed. Using DNSSEC cryptography to ensure they aren't compromised.

A few years a go a place I worked at implemented a badly thought out security procedure, to explain how this could be exploited I created a DNS name server which hosted the Google.com domain, and pointed it to a fake (this is google.com) webpage.

Anyone using that DNS server would be directed to my fake site, it is getting people to use that DNS server that is the issue. You can also redirect people using the Hosts file. (and a large number of viruses etc do this)

There is a range of attacks against the DNS infrastructure that come under the broad banner of DNS Spoofing

To answer your question, there is nothing stopping you creating a google.com domain on a nameserver you own. It is just unlikely to ever be used by anyone outside of people who trust you to manage such things.

Community
  • 1
  • 1
Michael B
  • 11,887
  • 6
  • 38
  • 74
  • This answer looks pretty good! I didn't realise that the registrar is linked to the .com name servers, but it sounds logical now that I think about it. Can you tell me how the first dns server is determined? Is it always what comes after the last dot from left to right? – Ville Miekk-oja Mar 28 '16 at 15:08
  • @VilleMiekk-oja have a read of my answer on this question - http://stackoverflow.com/questions/34878780/how-dns-servers-work-know-the-ip-address-of-website/34880612#34880612 – Michael B Mar 28 '16 at 15:25
  • Thanks, I think I might have got it! So the first dns server where the query goes is the your configured dns server. Either you have configured it manually, or it comes through the service, where they have configured some dns server to your network. And its job is to find you the ip of domain name. If it doesn't have it in cache, it asks it from the root domain ".", and so on... Then there's iterative and recursive way of doing it etc.. Hey, thanks a lot for this! – Ville Miekk-oja Mar 28 '16 at 16:28
0

I think that the simple and not technical response is: because the second-level domain registrant must be qualified to do that and so if someone build a DNS server it doesn't propagate his content.

conventi
  • 430
  • 3
  • 8