Domain Name System - technical definition

Any machine on the Internet has its own address, called the Internet Protocol Address (IP Address). The IP address looks something like this: 123.123.123.123—four numerical segments with a value range between 0 and 255 (one byte) separated by dots. Any computer is reachable through its IP address.

Because users cannot remember these numerical strings of IP addresses, an alternative system was needed. For this reason, IP addresses were translated into more logical text strings for humans to remember, such as cs.yale.edu—which means computer science department at Yale University, a U.S. educational institution.

During ARPANET’s development, one file called host.txt existed, and it was here that all IP addresses were listed. At the end of each day, all computers connected to the Internet would get the list from a central server where it was kept. With time, the number of connected hosts increased to such a degree that the size of the host file was huge and the system became inefficient. Thus, the DNS (Domain Name System) was invented—a hierarchical domain-based structure in which the Internet is divided into pieces called “domains.” The pieces are categorized as top-level domains and sub-domains. The top-level domains include generic and country domains.

The generic domains are com (a commercial enterprise), edu (an educational institution), gov (a government agency), int (an international institution), mil (the military institutions), net (a network institution), and org (a nonprofit organization).

The country domains, allocated one per country, look like this: au for Australia, ca for Canada, uk for the United Kingdom, and us for the United States. The details are defined in ISO 3166.

Each top-level domain is divided into several sub-domains, with each domain having control over its own sub-domains. For example, the edu domain covers all of the educational institutions or sub-domains—such as Yale University, Princeton University, Rutgers University, and Harvard University. Moreover, the country domains have sub-domains. For example, the uk (the United Kingdom) and the jp (Japan) domains have two common sub-domains: ac (which stands for academic) and com (which stands for commercial). Each domain has a particular server with a table containing all IP addresses and domain names belonging to its domain.

An organization called the Internic maintains a database having all registered domains for the world. Anyone can query its database by means of whois. Although several organizations maintain whois databases, the Internic has the main database. Any company, institution, or organization wanting to have its own domain name has to register it with the Internic or one of the other registries.

Many whois servers exist around the globe. For example, in Amsterdam, there is the European whois server at RIPE (Reseaux IP Europeans).

During the week of March 7, 2005, cyber scam artists manipulated the Internet’s directory service and capitalized on a hole in Symantec Corporation’s Gateway Security Appliance and Enterprise Firewall products to trick Internet users into installing adware and other programs on their computers. These DNS “poisoning attacks” caused Web browsers pointed at Google.com, eBay.com, and Weather.com, for example, to go to malicious Web pages that installed undesirable programs.

In such “poisoning attacks,” malicious crackers use a DNS server they control to transmit erroneous addresses to other DNS servers. Thus, users relying on a poisoned DNS server to manage their requests may discover that entering the URL of a popular Website sends them to some other unexpected and likely malicious Web page. Besides being a nuisance, DNS poisoning could be a tool for conducting online identity theft. Cybercriminals could, in fact, construct phishing Websites identical to popular sites such as Google and eBay to secretly capture online users’ personal data.

See Also: Advanced Research Projects Agency Network (ARPANET); Browser; Identity Theft or Masquerading; Internet; IP Address; TCP/IP or Transmission Control Protocol/Internet Protocol; Whois.