DNS can be compared to a phonebook: it is the backbone of te internet. Every device attached to the internet has a unique IP-number (user-machines, servers etc.). But this IP-number is difficult for people to remember, that's why websites have (domain-)names. When you go to a website to type in it's name and extension like exdomo.com , the DNS-system looks for the specific IP-adress that belongs to that domain and serves the content to the person that made the DNS-query (this is the name that you typed into your webbrowsers' adress-bar or the name behind the link that you clicked on).
Because the internet contains a huge amount of IP-numbers and domainnames, this DNS-lookup is not as simple as described above; when you try to go to a specific website or other sort of resource, your "query" goes through different servers in a chain, each having it's own function. Basically there are 4 types of DNS-servers and each one solves a piece of the puzzle, the last one delivers the requested content to your webbrowser. These DNS-servers are called:
- DNS recursive resolver
- DNS root nameserver
- DNS TLD nameserver
- Authoritative nameserver
When you want to be a served a subdomain, an extra nameserver is being added to the chain, this server is responsible for storing the subdomain’s CNAME record.
DNS queries are typically cached so that a query doesn't have to be a server-request every time, the results are taken from the cache to speed up the process and minimize the server-load.
DNS-spoofing is also known as DNS-poisoning or DNS-chache poisoning.
In a DNS-spoofing attack a hacker takes advantages of vulnerabilities in the DNS-system to serve another webpage than requested, for example a fake Twitter-page that looks exactly like the original but asks for login credentials. The visitor enters his username and password which is then being harvested by the hacker who afterwards redirects the visitor to the actual Twitter-website so that the victim doesn't even realise that this happened. This can be done on client-side where only one person gets redirected, or on server-side where everyone who makes the query gets redirected. DNS-spoofing can also be done to block access to an entire domain, some governments use this technique to block certain domains, like the Chinese government that blocks people from facebook because it is not allowed for them to go there.
DNS-tunneling is based on techniques to use DNS as a covert communication channel to bypass a firewall. Protocols like SSH or HTTP are being tunneled by hackers to use it as a full remote control-channel, which lets them transfer files out of the network, install new code into (malicious) applications or to have complete remote access to the system. DNS-tunneling can also be used to avoid paying for wifi-services. There are several tunneling toolkits available on the internet, so hackers don't need to be very technical to mount DNS-tunneling attacks. DNS-tunneling is difficult to detect and lots of organizations do not have sufficient security against it; it is widely assumed that DNS-traffic is secure enough.