Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Self Learning > DNS > Flashcards

DNS Flashcards

1
Q

What DNS stand for?

A

Domain Name System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What DNS does?

A

Maps ip address to domain name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is DNS Zone?

A

A small database/file that contains records for a domain name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Name Server?

A

A server that hosts one or more zones and stores one or more zone files.

Identified as NS.

NS allows to delegate ownership of subdomain to another name server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is authoritative?

A

Name servers that contain genuine records for a domain name and has authority over other NS for specific domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Non-Authoritative?

A

Name server that caches a list of records/zones to improve performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is DNS architecture?

A

Hierarchical architecture.

  1. DNS ROOT - where all the queries start “.”
  2. TOP Level domain (TLD) - for example “.com”
  3. Authoritative name servers - for example “netflix.com”
    1. contains all the records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How domain is registered?

A
  1. Registrar checks with dns registry if domain is available
  2. Registrar issues/creates public zone
  3. Registrar requests/hosts public zone in multiple name servers
  4. Registrar requests TLD to insert public zone for purchased domains name servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is domain registrar?

A

A domain name registrar is a business that handles the reservation of domain names as well as the assignment of IP addresses for those domain names.

Registrars do not actually manage and maintain domain names.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is domain registry?

A

DNS registry is a database that holds all TLD domain names associated with registrant information.

Registry is used by registrar to check if domain is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How DNSSEC works?

A

DNSSEC after executing DNS query executes another query which retrieves signature from the DNS server. Then checks if signature is valid and is signed by correct owner.

Signature is saved in RRSIG record.

DNSSEC uses chain of trust where starting from root domain there is signatures of next domain names signing key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is DNSSEC?

A

DNSSEC is a backwards compatible extension for DNS. It allows to verify if data integrity for DNS entries by using public key cryptography.

It checks if DNS data retrieved is signed with correct owner of the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is RRSIG?

A

Resource Record Signature

A record containing an RRSet’s digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How DNS can bring performance issues?

A

Having multiple subdomains will increase latency by walking the DNS tree. For each subdomain one more query is made.

This can be solved by increasing TTL, but first query still will be slow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is RRSET?

A

Resource Record Set.

A set of records with the same type and same domain zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is CNAME?

A

A Canonical Name (CNAME) record is a type of resource record in the Domain Name System (DNS) that maps one domain name (an alias) to another domain name.

17
Q

What is A and AAAA records?

A

Holds ipv4 or ipv6 addresses for servers.

18
Q

What is MX record?

A

Stands for Mail Exchange.

Contains an ip address to mail server.

19
Q

What is ZSK and how it works?

A

ZSK - zone signing key.

Used to sign or verify a domains zones nonkey records.

20
Q

What is DNESSEC and how it works?

A

Preconditions:
* recursive caching DNS Server has root PubKSK (included by OS)

  1. Client sends query to local DNS RCS for a website.
  2. RCS sends query to root DNS Server.
  3. root DNS server responds with:
    • non-secured referral for the authoritative name server for the “.com” (example) zone
    • RRSet records of the root zones PubZSK and PubKSK
    • RRSig of RRSets received (signed using roots zone PvtKSK)
    • DS record for the “.com” zone (fingerprint of “.com” PubKSK)
    • RRSig of DS records (signed using roots zone root PvtZSK)
  4. RCS verifies:
    • root zones RRSet using RRSig and PubKSK
    • root zones DS record for “.com” zone using RRSig for DS using PubZSK
    • root zone using PubKSK and received PubKSK from response
  5. RCS sends query to “.com” server (TLD)
  6. TLD server responds with:
    • non-secured referral for the authoritative name server for the “example.com” (example) zone
    • RRSet records of the TLD zones PubZSK and PubKSK
    • RRSig of RRSets received (signed using TLD zones PvtKSK)
    • DS record for the “example.com” zone (fingerprint of “example.com” PubKSK)
    • RRSig of DS records (signed using TLD zone root PvtZSK)
  7. RCS verifies:
    • TLD zones RRSet using RRSig and PubKSK
    • TLD zones DS record for “examle.com” zone using RRSig for DS using PubKSK
    • TLD zone using PubKSK and received PubKSK from response
    • TLD zone is verified by comparing previously acquired DS fingerprint and comparing it to calculated fingerprint from PubKSK
  8. RCS repeats the process until it reaches desired domain

https://app.diagrams.net/#G1Hv3_qjEXjI78lXZP9p9f8B1eK5HOaGEu

21
Q

What is KSK and how it works?

A

Used to sign or verify a domains zones keys

22
Q

What is DS record?

A

Delegation of signing.

a record containing the hash/digest of a child domains/zones PubKSK (the fingerprint of a childs PubKSK)

23
Q

What is DNS Cache poisoning?

A

Cache poisoning happens when a DNS resolver/server makes a request and a random server tries to submit a response with its DNS ip addresses, therefore populating victims cache with bad entries. And until the records expire DNS server will resolve the same bad ip addresses.

24
Q

How DNSSEC verifies integrity of records?

A

It uses public private keys to sign records in the zone. Parent zone has DS record that allows checking integrity of childs data. There is chain of trust between DNS servers starting at the root.

25
Q

What is DNSKEY?

A

Zone signing key and key signing key.

26
Q

How many ROOT DNS servers are there?

A
  • Because of some limitations..
27
Q

Who manages the DNS root server?

A

12 large organizations

28
Q

Who manages DNS root zone?

A

IANA department which is under ICANN.

29
Q

When DNS queries are requested?

A

When domain name is being resolved to ip address or TTL cache has expired.

30
Q

What usually TXT records are used for

A

To prove domain ownership.

Self Learning (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions