DNS stands for domain name system, which is the database responsible for storing all of the information pertaining to IP addresses and domain names online. DNS servers are used to carry and transmit this data from one computer to another. All of this data is stored on a network that is backed up by thousands of separate DNS servers and stored on single root DNS servers in the United States, Japan, London and Sweden.
These servers carry tremendous volumes of data, and every day, the network is growing. Fortunately, there is a way to conduct a DNS lookup to obtain some of this data for whatever reason you see fit. The following information outlines the process of conducting a DNS lookup and some of the reasons why people usually use DNS lookup services.
The database previously mentioned that stores all of the DNS records of the world is called the WHOis database and can be searched through several different web sites. The main site for WHOIS lookups is Network Solutions, Inc.'s site (a company that is partially responsible for maintaining the records). Whois.net is also commonly used to obtain domain registration details and DNS records.
Unfortunately, there is no way to verify whether the information you find in the WHOis database is accurate or truthful, as there are no requirements for providing authentication of data when registering a domain name. In other words, anyone can register practically any site they would like in any name, with any address, with the exception of government or military sites.
Nonetheless, many times, the WHOis database will return enough information to proceed with your investigation.
One of the reasons why people use the WHOis database to look up information is to prevent spam attacks from a particular web server or IP address. When your site is attacked by spam repeatedly, it is possible to obtain the IP address(es) of the attackers and then use a reverse DNS lookup tool to obtain site registration information of that IP address (if there is any).
It is important to note that these reverse lookup tools differ from the conventional WHOis searches because you are obtaining information based on the IP address, instead of an actual domain name. It may be very difficult to obtain the identity of the spammer, but it is possible to contact their web host and have them shut down if the right information is obtained from the reverse lookup service.
Maintaining Site Security
Even more violent than spam is the dreaded DDoS attack , which is basically a security attack on your web site from dozens or even hundreds of IP address simultaneously. The DDoS (Distributed Denial of Service) attack in particular is geared towards causing your server to crash due to an overload of fake traffic in a short period of time. However, some hackers will use the same method to guess your site's passwords by repeatedly sending requests until the correct password is retrieved.
If you notice an unusual amount of traffic suddenly, then you may want to conduct a reverse DNS lookup and get to the root of it before it becomes a problem, especially if the traffic is originating from a group of similar IP addresses.