Scribd
Upload
51 views21 pages

DNS Structure and Email Authentication

The document discusses the working of DNS (Domain Name System). It describes the hierarchical and inverted tree structure of DNS namespaces. It explains that root servers are overseen by ICANN and use Anycast routing. It discusses top-level domain servers for generic and country code top-level domains. It also describes authoritative servers that contain specific domain information and can provide IP addresses through DNS records. Finally, it outlines the purpose and implementation of SPF, DKIM, and DMARC records to authenticate email senders and protect against spoofing.

Uploaded by

rajveertomar524
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views21 pages

DNS Structure and Email Authentication

The document discusses the working of DNS (Domain Name System). It describes the hierarchical and inverted tree structure of DNS namespaces. It explains that root servers are overseen by ICANN and use Anycast routing. It discusses top-level domain servers for generic and country code top-level domains. It also describes authoritative servers that contain specific domain information and can provide IP addresses through DNS records. Finally, it outlines the purpose and implementation of SPF, DKIM, and DMARC records to authenticate email senders and protect against spoofing.

Uploaded by

rajveertomar524
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Working of DNS

Ansh Bhawnani
Working of DNS

▰ DNS Namespace Hierarchical Inverted-tree structure

2
Working of DNS

3
Working of DNS

4
DNS Nameservers

Ansh Bhawnani
Working of DNS

▰ Root Servers
▻ The root nameservers are overseen by a nonprofit called
the Internet Corporation for Assigned Names and Numbers
(ICANN).
▻ There are 13 types of root nameservers, but there are
multiple copies of each one all over the world, which use
Anycast routing

6
Working of DNS

▰ Top Level Domain (TLD) Servers


▻ A TLD nameserver maintains information for all the domain
names that share a common domain extension, such as
.com, .net, etc.
▻ For example, a .com TLD nameserver contains information
for every website that ends in ‘.com’
▻ Two types:
▻ Generic top-level domains: (.com, .org, .net, .gov)
▻ Country code top-level domains: (.uk, .us, .ru)
7
Working of DNS

▰ Authoritative Servers
▻ The authoritative nameserver contains information specific
to the domain name it serves (www.google.com)
▻ It can provide a recursive resolver with the IP address of
that server found in the DNS A record.
▻ If the given record has a CNAME to another domain, the
resolver will do lookup for the new one

8
Working of DNS

9
Working of DNS

10
Working of DNS

11
Working of DNS

12
SPF, DKIM and
DMARC records

Ansh Bhawnani
Working of DNS

▰ SPF Record
▻ “Sender Policy Framework”. As with all three checks, SPF is a DNS TXT record
that specifies which IP addresses and/or servers are allowed to send email
“from” that particular domain.
▻ “If they know who sent them the letter, the recipient is more likely to open it.”
▻ An SPF record is only necessary for the top level domain (i.e., your-
domain.com). An SPF record for a top level domain automatically authenticates
any subdomains under it (e.g., mail.your-domain.com).
▻ Cannot generally exceed 255 characters.
14
Working of DNS

15
Working of DNS

▰ DKIM Record
▻ “DomainKeys Identified Mail”. Also a TXT record. DKIM’s intent is to prove that
the contents of an email message haven’t been tampered with, and headers of
the message have not changed (e.g., adding in a new “from” address) and that
the sender actually owns the domain with the DKIM record, or is at least
authorized by the owner of the domain.
▻ Unlike SPF, DKIM uses an encryption algorithm to create a pair of public and a
private key.
▻ The private key remains on mail server. The public key is what’s placed in the
DNS TXT record. Public key is pasted into a TXT record with that domain’s DNS
provider (e.g., GoDaddy, eNom, DynDNS, etc.). 16
Working of DNS

17
Working of DNS

▰ DMARC Record
▻ “Domain-Based Message Authentication Reporting and Conformance”, a
technical standard for email authentication that helps protect email senders
and recipients from spam, spoofing, and phishing. DMARC itself is not an email
authentication protocol, but it builds on key authentication standards SPF and
DKIM.
▻ In order for DMARC to pass, both SPF and DKIM must pass, and at least one of
them must be aligned.
▻ For SPF to align, the message’s From-domain and its Return-Path domain
must match. For DKIM to align, the message’s From domain and its DKIM d=
domain must match. 18
Working of DNS

19
Working of DNS

20
HACKING
Is an art, practised through a creative mind.

21

You might also like