Open In App

What is Recursive DNS?

Improve
Improve
Like Article
Like
Save
Share
Report

The Domain Name System (DNS) is one of the most important parts of our critical infrastructure that needs protection. The DNS is a system for naming computers, services, or networks on the Internet. There are many basic functions to any given domain name, but the recursive DNS service is an especially significant feature to understand in Ethical hacking. Many hackers utilize recursive DNS servers to resolve domains and spoof emails with little or no effort. Recursive DNS can be used in conjunction with man-in-the-middle techniques to execute phishing attacks by changing what web pages you see as you surf and making it easier for hackers to perform session hijacking as well.

Recursive DNS in Ethical Hacking

 

  • DNS cache poisoning is one of the most common vectors used to exploit recursive DNS servers. 
  • That’s because these servers are authoritative for millions of domains, so it’s likely that hackers could find one where they could add an A record, then point a reverse DNS entry to a malicious server. 
  • To make matters even worse, many ISPs do not filter or log requests and responses between the recursive DNS server and the end-user.
  • A DNS server returns the IP addresses of a domain in response to a DNS request. The requested domain name doesn’t always mean the same thing as its IP address, because it might be mapped to multiple IP addresses, or it might not exist at all.
  • The recursive resolution is a process where the DNS server will continue to search for an answer in lower-level domains until there are no further delegations. It’s also called “DNS recursion.” 

How Does Recursive DNS Work?

A Top-Level Domain (TLD) such as .com or .net, and a second-level domain such as microsoft.com or crmsoftware.net. Typically, DNS is configured at the boundary between the Internet and intranet.

But you can configure a recursive DNS server that returns all of its answers for all TLDs too. Because it’s not just used to resolve names within one network, a recursive DNS server can provide better security than configuring your firewall to block communication from them. That’s because a firewall would only be able to block traffic between your machines and the recursive DNS server, while true firewalls can also monitor incoming traffic on an inbound or outbound port by replying to any packets with no reply.

If you block the DNS replies, you’ll want to create your DNS servers differently. You might be tempted to configure a caching-only server, but those only cache replies from the primary server and not other secondary servers. If the primary server is down or unavailable, then your caching-only DNS will not be able to resolve any queries. So if you’re going to configure your own recursive DNS servers, make sure you’re running BIND (Berkeley Internet Name Domain) software.

Advantages:

  • “Recursive DNS” resolves a domain name to an IP address, which handles network traffic for that domain.
  • When a hostname, such as www.google.com, is entered into a web browser, it will ask the DNS server for the IP address of that name so that it can connect to the site where appropriate content can be found.
  • The DNS server must first attempt to find the IP address for that hostname by looking in its cache, which has been filled with previous IP address lookups. If no match is found, the DNS server will send a request to an authoritative server(s), which contain details of all domains under that TLD (Top Level Domain).
  • Once the DNS server receives a response from the authoritative servers it checks if it is correct, if not it sends another query to the authoritative servers until a correct response is received.
  • If the response is correct from the authoritative servers, then this information is sent back to the client, and they can now communicate with one another.

Disadvantages:

  • If either the cache or the authoritative servers return a wrong result, then it will take some time for it to recover because it will have to make new queries.
  • The number of queries that are made can be high if many users are attempting to connect to different sites at the same time and there is a large number of servers.
  • There is also a chance that either this information may not be correct and cause problems with connecting to that site, or if an attacker is trying to create new malicious DNS entries into the system. This would prevent access to that site for many users.
  • It is also possible that the authoritative servers may be offline or unavailable, which will cause the DNS server to return an error. This can lead to a timeout error and render the connection to that site unavailable.
  • If there are many DNS servers, it may be impossible for all of them to finish their requests within a short period of time, which means they will then each have different results and it will also slow down the process significantly.
  • If many users are trying to connect with one another at the same time, it is possible that some files may take some time to complete.  This can then cause an increase in response times for those files and slow down that website unnecessarily.

Last Updated : 21 Jul, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads