• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

WHAT is a DNS and HOW that will help you

Discovery

Developing myself
Joined
Apr 16, 2010
Messages
561
Solutions
11
Reaction score
262
Location
Neverland
Hi fellow CPU abusers and byte fans,

Today I found something who people ask me about traffic filters, ddos, and load balancers in modern applications.
The knowledge about DNS can solve your issues with players connection, and improve the quality between user->server (web, login, game servers).

The repository containing all this information is available on my for fork, and original wrote by DonneMartin (github).

Domain name system (D N S)

1590601192855.png
A Domain Name System (DNS) translates a domain name such as www.example.com to an IP address.

DNS is hierarchical, with a few authoritative servers at the top level. Your router or ISP provides information about which DNS server(s) to contact when doing a lookup. Lower level DNS servers cache mappings, which could become stale due to DNS propagation delays. DNS results can also be cached by your browser or OS for a certain period of time, determined by the time to live (TTL).
  • NS record (name server) - Specifies the DNS servers for your domain/subdomain.
  • MX record (mail exchange) - Specifies the mail servers for accepting messages.
  • A record (address) - Points a name to an IP address.
  • CNAME (canonical) - Points a name to another name or CNAME (example.com to www.example.com) or to an A record.
Services such as CloudFlare and Route 53 provide managed DNS services. Some DNS services can route traffic through various methods:
  • Weighted round robin
    • Prevent traffic from going to servers under maintenance
    • Balance between varying cluster sizes
    • A/B testing
  • Latency-based
  • Geolocation-based
Disadvantage(s): DNS
  • Accessing a DNS server introduces a slight delay, although mitigated by caching.
  • DNS server management could be complex and is generally managed by governments, ISPs, and large companies.
  • DNS services have recently come under DDoS attack, preventing users from accessing websites such as Twitter without knowing Twitter's IP address(es).
DNS Providers Latency Speed List
1590601778783.png
 

Attachments

Last edited:
The latency is negligible. The latency is going to just depend on where you're connecting from.

Further to that, players connecting to your serve will only need to resolve the host name of your server once and then once again every time the TTL (time to live) expires. Then another few milliseconds to resolve the host name again. This isn't EVER going to cause dropouts or lag. With DNS, it either WILL resolve and connect, or it wont.
 
The latency is negligible. The latency is going to just depend on where you're connecting from.

Further to that, players connecting to your serve will only need to resolve the host name of your server once and then once again every time the TTL (time to live) expires. Then another few milliseconds to resolve the host name again. This isn't EVER going to cause dropouts or lag. With DNS, it either WILL resolve and connect, or it wont.

Well, I'm talking about different parameters.

Latency is related to the distance between the user and server (physically) and response of them - Val/ms
You're pretty right about it, I'm saying put a GeoDNS for different regions to connect primary static authentications, like website, login servers (not about dynamic sockets). In-game the unique change will be related to stability of the connection applying filters.

Thanks @pink_panther
 
Or just host your own DNS on your VPS :D


quickedit: you can see traffic on the pihole panel, allowing you to blacklist easily ddos attacks gg

I'm not fully sure you understand the concept of a DDOS attack properly.

You might be able to block some IPs performing a lookup, but it's still VERY VERY easy to find your IP and perform A DDOS attack.

For example, if your name servers were pointing at your VPS that you use to host the server, then the attacker already has your IP

This wouldn't really help you prevent a DDOS attack.
 
Last edited:
I'm not fully sure you understand the concept of a DDOS attack properly.

You might be able to block some IPs performing a lookup, but it's still VERY VERY easy to find your IP and perform A DDOS attack.

For example, if your name servers were pointing at your VPS that you use to host the server, then the attacker already has your IP

This wouldn't really help you prevent a DDOS attack.

Why wouldnt I understand a DDOS if I can script a botnet to do so?

There's several types of DoS and they all have something in common and that my friend is OSI model.

Depending on the layer of the attack there's several ways to drawback the attack.

Using pihole might be the easiest way to resolve a DDOS if you're not a experienced SOC analyst because you can easily notice the different type of query those IPs are performing.

Hell you can even download a list of already known botnet booters and add them to your blacklist.

It has a friendly GUI for non-experienced users and it's really intuitive.

If you get to mess up with someone that has over 1 million IPs to boot your server, then just watch the graph below, catch all those network queries into a blacklist and you're basically done.

You can even blacklist botters/hackers/idk bro you name it, I just dont understand how you could tell I don't understand denial of service architecture since I am a pentester :eek:

KbKW2tZ.png
 
Why wouldnt I understand a DDOS if I can script a botnet to do so?

There's several types of DoS and they all have something in common and that my friend is OSI model.

Depending on the layer of the attack there's several ways to drawback the attack.

Using pihole might be the easiest way to resolve a DDOS if you're not a experienced SOC analyst because you can easily notice the different type of query those IPs are performing.

Hell you can even download a list of already known botnet booters and add them to your blacklist.

It has a friendly GUI for non-experienced users and it's really intuitive.

If you get to mess up with someone that has over 1 million IPs to boot your server, then just watch the graph below, catch all those network queries into a blacklist and you're basically done.

You can even blacklist botters/hackers/idk bro you name it, I just dont understand how you could tell I don't understand denial of service architecture since I am a pentester :eek:

I'm not trying to attack you. I'm just trying to explain. I just said I wasn't sure if you fully understood the concept of exactly how a distributed denial of service attack works and that while dns can help with an attack, but not a solution to them.

I also wouldn't brag about creating or using a botnet, because it is a felony to do so. If you're just scripting it from 1 ip, it's just a DOS attack.

A DDOS wouldn't nessessariuly even NEED to perform a DNS lookup to attack you. That's the point I'm trying to make.

Furthermore, blocking an IP address at your VPS level, is not preventing the attack. If the attacker has your IP, that's all they need. They send packets to your IP to deny the service. It doesn't matter if the firewall lets them into the VPS, they already made it to your door. The point of the D-DOS is that it's spamming network traffic from muiltiple locations and it takes down your service by comsuming 100% of bandwith, so that legitmate packets can't make it in.

Again, blocking this traffic at your VPS level does not mitigate the attack. To stop the attack, you need to block the route from the attacking IPs from being able to reach your VPS in the first place. This is why the DDOS protection will usually be a service provided by your service provider, if they do at all.
 
Last edited:
Here's a small article related of what I meant, not bragging about botnets but you can make a clickbait and perform a DDoS with javascript easily.

If you decide to read it you'll understand why I adviced using pihole
 
You are simplifying the whole topic a bit much.
But let me say the most important things first:
@pink_panther is right, it's not really going to help you or the latency and after all it's just 1 short request. It's not like the client needs to resolve the domain every second. And as you said yourself, it works hierarchically. Most resolvers actually know most servers, so it's not an issue. But technically first the root server gets asked, then the top level domain dns, then the second level domain and so forth until it's resolved. Of course it gets cached so... in the end there isn't really a difference in latency anyways.
And DNS runs on UDP, which makes the request even more lightweight and faster (typically, also oversimplifying since there is a scenario where DNS actually switches to TCP)

You are completely right about security concerns as well but forgot to mention 1 important factor: DNSSEC. Encrypted name resolving is important and I wouldn't guarantee that anyone can "just do it".
Hosting a DNS itself is simple, it's not really big magic. But there is a lot more to it than the surface shows :p

Also storytime of a dumb wow server owner:
I was bored and looked into the server, noticed he was running his own DNS. So I managed to trick the DNS into giving me all entries for the domain.
Figured out he was hosting the website for his actual company on that server as well using some reverse DNS-lookups after that. Had to go around a few corners but I mean how dumb can you be?
People get careless and do this stuff thinking no one will figure it out. But this can have serious consequences for you IRL.
Whatever you host yourself. Be fucking careful!

Edit:
Oh yeah and I didn't really care to read that off-topic discussion about PI-Hole. I mean it's a nice thing for your home network but yeah... For the professional world it's not that simple :)
 
Last edited:
Back
Top