the internet uses dns (domain name system) records to translate host names into ip addresses (in this case 193.202.110.175) and in some cases vice versa too. when you type the dns of a website into your browser (which i would hope is firefox or opera, and not ie) it begins looking up the host. to do this, it sends a packet of data to one of 13 pre-programmed root nameservers. surprisingly, there are only 13 root nameservers in the world! some are government operated (e.g. nasa, disa) and some are run by large companies such as verisign and cogent. just in case you think “oh, that seems easy to attack”, it’s not – they run load distribution systems that can repel more than a 5tb/s ddos with little more than a slight slowdown in service. the purpose of these name servers is to tell clients (e.g. your web browser) where the name server is for the host you are requesting, so that it can go ask that server for more information. these requests are made using udp (user datagram protocol) port 53. sometimes this process is recursive, propogating down multiple levels of dns servers before you get an authoratitive response. here’s an example:


1) your web browser asks a root nameserver about www.hackapc.com
2) it replies: the nameserver ns01.one.com has that information.
3) your web browser asks ns01.one.com about www.hackapc.com) it replies: the nameserver ns1.tucows.com has that information.
5) your web browser asks ns1.one.com about www.hackapc.com
6) it replies: the nameserver ns1.one.com has that information.
7) your web browser asks ns1.one.com about www.hackapc.com
it replies: the authoratitive ip address of www.hackapc.com is 193.202.110.175


see how that works? each name server passed the buck to the next one, until you finally got an answer from someone who knows it. the authorititive ip address, also known as the a record, is stored as a dns entry on the name server. other records, such as mx (mail server) and cname (canonical name, i.e. an alias) are also stored in the domain record. a service called ‘whois’ exists to get the contents of these records. there are hundreds of websites that let you perform a whois. my favourite is http://whois.domaintools.com/ but as i said there are hundreds out there. these records often include the name, address and telephone number of the person who registered the domain, as well as the name and telephone number of the company that leases the domain to that person. private individuals can opt out of the whois lookup to prevent privicy issues.


if you were to attack a nameserver, you could flood it with udp packets on port 53 in order to cause large amounts of processing to be done on the server that runs it. this would mean that normal dns traffic would not always get processed and the users would not be able to resolve the domain’s ip, resulting in a denial of service. in combination with a tcp syn flood on port 80 of the server itself, a dns flood can take out a website completely, given enough resources.


enjoy...