> [!Info] > This page is currently a work in progress. ## What is DNS? DNS is the 'Domain Name System'. It acts like a phonebook for the internet and translates a domain name, such as `google.com`, into IP addresses that machines can understand. ## How does DNS work? Your device will have access to a DNS server (DNS recursive resolver) that is assigned based off your network settings. Often on your home router it will be your ISP's own DNS however it could also be public DNS server's like Google's `8.8.8.8` or Cloudflare's `1.1.1.1`. When you enter a domain name into a web browser, a DNS query is made to your assigned DNS recursive resolver. If the domain name is not already cached locally on the device (browser/OS), the DNS recursive resolver queries the DNS root nameserver (`.`). This DNS root nameserver responds back to the resolver with the address of the appropriate Top Level Domain (TLD) server (`.com`, `.org`, etc) which stores the information for its domains authoritative nameservers. Finally, the resolver sends a request to the authoritative nameserver (where the DNS A record is actually stored) and is returned the IP address of the requested domain. The answer is returned to the browser and then cached locally for faster future lookups. ## DNS Attack Types - [[DNS-Cache-Poisoning]] (DNS Spoofing) - [[DNS-Tunnelling]] - For C2 - For Exfiltration