anavem.
Back to Glossary
D

DNS (Domain Name System)

DNS is a naming system that translates human-readable domain names into IP addresses, enabling devices to locate and communicate with services on a network.

What is DNS?

The Domain Name System (DNS) is a core internet service that acts like a directory for the web. When a user enters a domain name (for example, a website address), DNS resolves it into an IP address that computers use to route traffic. Without DNS, users would need to remember numerical IP addresses instead of domain names.

Why DNS matters

DNS is critical because it:

  • Enables nearly all internet and network communications
  • Impacts performance, availability, and reliability
  • Is a key control point for security and filtering
  • Plays a central role in phishing, malware delivery, and data exfiltration

A DNS failure or compromise can disrupt entire services or organizations.

How DNS works (simplified)

A typical DNS lookup follows these steps:

  1. The client queries a DNS resolver
  2. The resolver contacts authoritative DNS servers if needed
  3. The domain name is resolved to an IP address
  4. The IP address is returned to the client
  5. The client connects to the destination service

Caching is used extensively to improve speed and efficiency.

Common DNS record types

DNS uses different record types for specific purposes:

  • A – maps a domain to an IPv4 address
  • AAAA – maps a domain to an IPv6 address
  • CNAME – alias to another domain name
  • MX – mail server routing
  • TXT – metadata (SPF, DKIM, verification)
  • NS – authoritative name servers

Misconfigured DNS records are a frequent source of outages and security issues.

DNS in cybersecurity

From a security perspective, DNS is used to:

  • Detect malicious domains and command-and-control traffic
  • Enforce content filtering and access control
  • Monitor suspicious or abnormal resolution patterns
  • Support email authentication (SPF, DKIM, DMARC)

Because DNS is often trusted and allowed, it is a common attack vector.

DNS-based attacks

Common DNS-related threats include:

  • DNS spoofing / cache poisoning – redirecting traffic to malicious sites
  • DNS hijacking – changing DNS settings to control resolution
  • DDoS attacks – overwhelming DNS infrastructure
  • Domain generation algorithms (DGA) – malware-generated domains
  • Typosquatting – lookalike domains for phishing

DNS security best practices

Effective DNS protection includes:

  • Using reputable DNS resolvers
  • Enabling DNSSEC where supported
  • Monitoring DNS logs and queries
  • Blocking known malicious domains
  • Securing DNS administration access
  • Regularly auditing DNS configurations

DNS security is a foundational part of Zero Trust networking.

DNS vs IP

  • DNS: resolves names to addresses
  • IP: routes traffic between devices

DNS provides usability; IP provides connectivity.

DNS in enterprise and cloud environments

In organizations, DNS supports:

  • Internal service discovery
  • Cloud and hybrid networking
  • Identity and authentication services
  • Email delivery and protection
  • Application availability and load balancing

Modern environments often rely on split DNS and dynamic updates.

Common misconceptions

  • "DNS is just a phonebook"
  • "If DNS works, it's secure"
  • "DNSSEC prevents all DNS attacks"
  • "Blocking domains stops all threats"