- 2.5: DNS — the Internet’s directory service
- Cookies:
- Small string stored in client
- Must be sent with every request
- Supposed to be a secret
- Obtaining cookies enables impersonation
- Have expiration dates
- Are isolated by domain
- Cross-site request forgery (CSRF) attack
- Get browser to send a malicious request to another domain
- The request is sent with the domain’s cookies, resulting in an authenticated request
- Inject via images, web forms, etc
- Domain name service (DNS)
- Maps human-readable hostnames to IP addresses
- Is a layer of indirection
- “Global internet directory”
- IP addresses are for routing
- Originally, similar numbers were physically closer together
- DNS is hierarchical
- At top level is a root DNS server
- These are run by ICANN
- 13 of them globally
- They tell you where to find the DNS servers for TLDs
- TLDs tell you where to find the DNS servers for domains
- DNS servers for domains tell you the DNS for subdomains, etc
- At top level is a root DNS server
- DNS entries are cached to reduce network load
- TTL trades off network load for propagation delay
- DNS indirections enables network optimizations:
- Load balancing
- Content delivery networks
- Layer 7 load balancers are actually nameservers
- DNS indirection enables various network optimizations:
- Load balancing
- CDNs work through geographic routing and caching
- Examine requester IP address
- Route request to closest cache
- DNS can also be hijacked
- Google runs DNS to monitor your behavior
- Starbucks, hotels, etc. send all DNS requests to their portal
- When your Internet seems “down,” it’s often DNS
- Try sending a request to a specific IP address