DNS and Domains Glossary

An authoritative Domain Name System (DNS) server is where your computer or browser will find the Internet Protocol (IP) address of the website or application you want to visit. It serves as a phonebook containing the machine-readable IP address equivalent of a human-readable domain name. This function is central to what is an authoritative DNS server.

For example, if you type google[.]com, your browser has to find the domain’s IP address by performing a DNS query. Your computer first contacts your Internet service provider (ISP) for that.

Sometimes, your ISP’s DNS resolver, the server tasked to perform DNS queries, has the IP address cached. In this case, your computer can obtain the IP address without contacting the authoritative nameserver. In most instances, the DNS resolver would need to query other DNS servers until it is finally directed to Google’s authoritative DNS server (e.g., ns1[.]google[.]com) and obtains Google’s IP address (e.g., 8[.]8[.]8[.]8).

A country code top-level domain (ccTLD) refers to an Internet TLD primarily used or reserved for a specific country, sovereign state, or dependent territory identified with a country code. All American Standard Code for Information Interchange (ASCII) ccTLD identifiers comprise two letters. As such, all ccTLDs also comprise two letters.

DNS latency is the time it takes for digital data to reach its intended destination and return to the sender. It determines the efficiency of information exchange. The lower the latency, the faster communication occurs.

DNS latency has to do with the Domain Name System (DNS), which translates human-readable domain names into computer-readable Internet Protocol (IP) addresses. You see, it’s easier for most people to remember words instead of numbers but computers process information by turning words into numbers. That’s why for your browser to take you to the website you’re looking for, it has to translate domain names into IP addresses, which the DNS does. But since we can all be impatient, the speed or latency at which that process occurs should be fast.

A DNS lookup is a means to obtain all of a particular domain name’s available Domain Name System (DNS) records. It can tell you the resolving Internet Protocol (IP) address/es of the domain you used as a search term. It also reveals the domain name’s nameserver/s, mail exchanger (MX) servers, and more.

Think of it as a phone book containing a person’s address and phone number. In this case, the person’s name is the domain name, his/her address is the nameserver address, and his/her phone number is the IP address.

A Domain Name System (DNS) resolver is a server tasked to receive and respond to DNS queries from a user’s web browser or an application. DNS queries are requests to translate website domains into machine-readable labels called “Internet Protocol (IP) addresses.” The main job of a DNS resolver, therefore, is to “resolve” DNS queries by looking for the IP address of a website a user wants to visit.

Think of it as a computer program or dedicated device that acts like a telephone operator redirecting callers to the correct offices or departments. For example, when visiting amazon[.]com, your web browser asks the DNS resolver for its IP address to display the website. The DNS resolver will then look for Amazon’s IP address by first checking its memory then communicating with other DNS servers if it’s not cached.

The domain life cycle refers to the different stages a domain name goes through, starting from its registration and expiration until its deletion. In general, the domain life cycle has four stages—registration or renewal period, registrant grace period, redemption period, and pending delete period.

The registration period usually lasts for one year, although the registrant can set it to renew automatically. In this case, the domain enters the renewal period for another year. The cycle remains at this stage until the owner lets the domain expire. 

A day after the expiration date, the domain name enters the registrant grace period, which lasts 30–45 days, depending on the registrar. Once this period is over, the domain enters the redemption period. Only the original registrant can redeem the domain during this stage, and their inaction would push the domain to enter the pending delete period. After five days in this final stage, the domain is deleted and sent back to the pool of publicly available domains.

Domain name history refers to information on a given domain name’s entire life cycle. It answers questions like “Who owned the domain at any time?”; “How long has the domain been in existence?”; and “Does anyone own the domain at present?” In short, it tells you almost everything you wish to know about a domain, including if it has a soiled past.

Think of it as a Wikipedia entry on a particular person that tells you important stuff about him or her—family, achievements, and current whereabouts.

Domain name monitoring is the process of constantly tracking changes made to the world’s Domain Name System (DNS) to spot signs of malicious activity. Organizations can use the tactic on the domain names they own to determine if threat actors could be attempting to compromise their network. They can also employ the technique on clients’ domain names to perform the same checks.

You can liken domain name monitoring to tracking anomalous activity related to your physical properties. Regularly checking security camera videos to see if anyone has attempted to enter your home while you were away on vacation, for instance, could fall under such a check.

A forward lookup zone lets users look up the IP address resolution of a domain from a Domain Name System (DNS) server. If you don’t already know, the DNS serves as the Internet’s phone book. Given people’s names, you can determine their phone numbers and addresses with the phone book’s help.

So, when asked what a forward lookup zone is, it’s a way for people to use a phone book (DNS) to get other people’s contact details (IP addresses) given their names (domain names).

GSLB, short for “global server load balancing,” refers to balancing the load among servers distributed worldwide. That way, application servers spread across geographies only process Internet traffic they can manage.

GSLB, in sum, makes it so that no single Domain Name System (DNS) server gets flooded with requests, causing it to overload and stop functioning.

An iterative DNS query is a request for a domain name’s IP address sent to a name server (DNS resolver) that responds with the most relevant answer. This answer could be the IP address if it is stored in the DNS resolver’s cache. Otherwise, the DNS resolver responds with another name server’s details. As the term “iterative” suggests, this referral process continues until the requesting server receives the appropriate DNS response.

An iterative DNS query is also known as a “nonrecursive DNS query” since the name servers respond to the requesting server instead of querying another name server.

A newly observed domain is a Uniform Resource Locator (URL) with a newly registered domain name that recently became active in the Domain Name System (DNS). When someone registers a domain name, he may not immediately use it. Once he creates URLs connecting to that domain and the URLs begin resolving in the DNS, they become newly observed domains.

Security products, such as enterprise firewalls, block newly observed domains since threat actors are known to use them in cyber attacks like phishing, malware distribution, and spamming.

Newly registered domains, or “NRDs” for short, have been recently created or changed their Domain Name System (DNS) records in the past few weeks. Modifications like a change in domain ownership or any data point (contact details, for instance) in a domain’s WHOIS record also make even the oldest domains “new” again.

You can determine if a domain is newly registered by looking at its WHOIS record, specifically its creation or last update date.

An NXDOMAIN attack is one of various distributed denial-of-service (DDoS) attacks targeting the Domain Name System (DNS). In it, attackers flood a DNS server with a large request volume for records that do not exist or are invalid. As a result, the target DNS proxy server uses up its resources to query an authoritative server, causing both DNS servers to slow down and eventually stop responding.

The most infamous NXDOMAIN attack to date could be that which targeted Dyn, a prominent U.S.-based DNS service provider, back in October 2016.

Passive DNS, short for “passive Domain Name System,” is a way for DNS servers to archive domain name-to-IP address resolutions as a security measure. In the process, all of the IP addresses that a domain name resolved to at some point are stored in a passive DNS server. So, if you want to retrieve IP addresses connected to a malicious domain, you can do so.

Think of it as a database where all of a person’s contact details throughout time are recorded. You can thus track where that individual lived if, say, you need to interrogate potential witnesses if he or she has been charged with committing a crime.

A resolving nameserver, also known as a “Domain Name System (DNS) resolver,” is programmed by Internet service providers (ISPs) to act as a middleman to other DNS servers. It usually sits between your computer and a top-level domain (TLD) nameserver.

DNS servers, like a resolving nameserver, translate domain names into Internet Protocol (IP) addresses. Why? Computers can’t understand domain names, so they need these translated into something they recognize—IP addresses—so you can visit a website.

You can liken a resolving nameserver to an office phone operator. If you don’t know the person’s (domain name) direct line number (IP address), the operator can connect you.

Reverse domain name hijacking refers to taking aggressive actions to acquire a specific domain name. If you don’t already know, it is a criminal offense that can lead offenders to pay hefty fines or even land them in jail.

Reverse domain name hijacking, also known as “reverse cybersquatting,” is a legal means to counter cybersquatting. But there are times when individuals and companies abuse the practice to force nonmalicious domain owners to part with the domain names the complainant is interested in obtaining. In the latter case, instead of finding the accused cybersquatter guilty, the tables get turned and the complainant gets penalized instead.

A reverse lookup zone is an authoritative Domain Name System (DNS) zone that points an IP address to a domain name. Think of it as a shared home phone number. When called, you can contact anyone who lives in the same abode.

While it’s easier for people to remember site names (domain names like microsoft[.]com) instead of number sets (IP addresses like 104[.]215[.]148[.]63), reverse lookup zones are still necessary for cybersecurity investigations. The rationale is that most people and even companies (especially small and medium-sized businesses [SMBs]) use shared IP addresses. Most IP addresses have more than one user, which means several domains are connected to each one.

Reverse WHOIS refers to retrieving all the available information about a particular domain name. For example, you can use any detail typically seen on a WHOIS record (e.g., a domain owner’s name, company name, email address, etc.) to search for all domain names that have that data point in their WHOIS records.

Think of it this way, say you witnessed a hit-and-run incident and wish to report the perpetrator to the police. You noted the car’s plate number down to do so. To find out who the driver is, investigators can run the plate number on the vehicle registration database to determine its owner. If the owner was driving, he/she could be charged. If not, he/she can point the police officers in the right direction. In this scenario, searching the vehicle registration database for the car owner’s name using his/her plate number as input is the reverse WHOIS process.

A secondary Domain Name System (DNS) server gives domain name owners additional authoritative nameservers to answer domain queries. Every domain needs a DNS server so users who wish to visit it can do so. That DNS server is called a “nameserver.” Your go-to DNS server is the primary DNS server, and it contains information that is identical to those stored in your secondary server.

You can thus think of a secondary DNS server as your backup. If one is unreachable, the other automatically steps in to answer queries. That way, your website is always accessible.

A top-level domain (TLD) server is a Domain Name System (DNS) nameserver that keeps all the information for all domain names that share a common domain extension. As such, the .com TLD nameserver contains all the data related to all the .com domains. If you want to access facebook[.]com, therefore, your browser needs to contact the .com TLD server.

A TLD server is only one of four kinds of DNS servers that your browser contacts to take you to your desired website, though. Your browser sometimes has to contact all four servers—a recursive resolver, a root nameserver, a TLD nameserver, and an authoritative nameserver—to complete requests.

Website categorization is the process of classifying sites that users access into various categories. The categories range from the industries they belong to to more specific content descriptions.

Think of it as the way products are arranged inside a grocery store. All baking supplies are in a single aisle, and so on. That way, anyone looking for ingredients doesn’t have to go from one aisle to another just to collect supplies.

Companies that supply resources to corporate clients need to classify them to push the suitable marketing materials and products that match their needs. That’s where website categorization comes in handy.