As is known, for access to hosts on the Internet using 32-bit IP-address uniquely identifies each network computer in this global network. However, for users of the application of IP-addresses when accessing the host is not too comfortable and not
the most obvious.
At the beginning of birth for the convenience of Internet users it was decided to assign all the computers on the network names. The use of names allows the user to better navigate in cyberspace network Internet - much easier to understand and intuitive for the user to remember, for example, name www.ferrari.it, than the four-digit string IP-address.
Using the Internet mnemonically clear to the user name created a problem of converting names to IP-address. Such a transformation is necessary because at the network level addressing of packets is not by name but by IP-address, therefore, to directly address messages to Internet names do not fit. At the stage of early development of Internet, when the network was combined a small number of computers, NIC (Network Information Center) to address the transformation of names in the address set up a special file (hosts file), which were made in the names and corresponding IP-addresses of all hosts on the network .
This file is regularly updated and distributed throughout the network. But, according to Leray Development Internet, the number of networked hosts increased, and the scheme was becoming less and less workable, so a new system of name resolution that allows the user if his lack of information on compliance with the names and IP-addresses to obtain the necessary information from the nearest of the information retrieval server (DNS-server).
This system is called Domain Name System - DNS (Domain Name System).
For the implementation of the DNS system was created by a special network protocol DNS, in order to ensure their effective work in the network are allocated to specific information and search engines - DNS-servers. We explain the key objective for service DNS. In today's Internet network host when accessing a remote server typically has information only about his name and does not know its IP-address, which is necessary for the immediate addressing.
Therefore, before the host appears common problem remote search: on behalf of the remote host to find its IP-address. The solution to this problem and is engaged in the DNS Protocol-based DNS.
Consider DNS-search algorithm for the remote IP-address on behalf of a network of Internet:
Host sends IP-address of the nearest DNS-server (it is installed when you set up a network operating system)
DNS-query, which specifies the server name, IP-address of which must be found;
DNS-Server receives a request it searches its database of names for the presence therein specified in the query name. If the name is found, and thus found and the corresponding IP-address, it requests
Host DNS-server sends a DNS-response, which indicates the required IP-address. If specified in the request the name of DNS-server is not found in its database of names, the DNS-query is sent to DNS-server on one of the root
DNS-servers whose addresses are contained in the configuration file, DNS-server root. cache, and is described in this section, the procedure is repeated until the name is not found (or not found).
Analyzing the security vulnerability of this scheme remote search using the protocol DNS, we can conclude about the possibility of implementing a network that uses the protocol DNS, the standard remote attack false objects viz.