Domain Name System hierarchy

I'm having trouble understanding how the DNS resolution system actually works. I would like to know the functional relationship between these:
DNS server, root nameserver, gTLD, ccTLD, domain name registrar and domain name registry.

I know there is a hierarchy from the root servers down to DNS servers but quite do not understand the role of registrars for example (functionally, as in when resolving a URL).

I actually do have a pretty good knowledge but the top servers and registrars started confusing me after reading about botnets resolving their own DNS queries (from a 2005 source, not sure if they still do) to prevent people from shutting down the DNS servers and that registrars are difficult to deal with. So that means they relied on dynamic DNS in the past and now register a whole domain in the registrar and registrars refuse to block those addresses? What's the role of root servers then and why can't they block these DNS servers? And I'd imagine that registrars do not do dynamic DNS and the IPs of those servers could easily be revealed and shut down as they would be static.

I'm doing research on botnets and the information is very scattered so it's difficult to put everything together. Would really appreciate some help.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Registrars take your money and maintain a record in their database that says you own a particular domain.  You can query that database with WHOIS.

Root nameservers take certain information from these databases (nameserver names and addresses) and answer DNS queries.

"botnets resolving their own DNS queries" is quite vague.  Botnet owners can, however, frequently change NS records in registrar's database, and use DNS proxies to conceal true identity of their DNS servers.
the root servers are the know it all machines, aka gods of dns infrastructure. they are the master list of every single websites that is on the internet. every domain controller have a cheat sheet list of these 13 root server's ip address.

registars such as godaddy basically takes your info about a website and inserts this info into the root servers and dns server around the world so people can find you. so now you have a dns record in the root hint file that says, to find about, go to this address.

the root name server does not have everything for a domain. entries such as mx records or name records fo your domain don't exist on root name servers. instead, the root name server says "go ask xxxx nameserver" about this domain, he will know more about it."

each of the 13 root server have its own dedication. 1 server does .com, other one, etc

the . notation just means that you are part of something. so means that google is part of .com section, and the dns server will ask the .com root name server about the info. just means that there is a server named www within the google domain under the com top level.

as for botnet, you can easy write your own software to specifically go to an ip address to look up other names, depend on how you do it. some of the bot net are controled via IRC, it is not hard to program a piece of software to phone home a specific ip and ask for instruction.

programs can be written so instead of using the default ip resolving theme, it can specifically look for information somewhere on the internet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ezgigurkanAuthor Commented:
yeah I know it's vague and it's all I have, in a 2005 paper.

Apart from the registrar part I knew most of that. About the frequent changing of NS records and using proxies, isn't that fast flux which I thought was first used by the Storm (Peacomm) botnet? And even though, isn't caching or TTL a problem for this approach?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

I guess that TTL would be sufficiently short.

Can you give a link to that 2005 paper?
ezgigurkanAuthor Commented:

You can look at the third page, under Recent Developments and Decentralised Naming Resolution. It's just a short sentence, without much detail. The references given aren't any good either.
Let me be blunt -- are you designing your own botnet? :-)
ezgigurkanAuthor Commented:
Hehehehe... I think I'm flattered in a weird way:)

I'm a computer science (in fact AI) student doing an MSc and I need to write a long report on a distributed system of my own choice. I'm hoping to get into the security industry so trying to choose my research topics accordingly. My first choice was distributed IDS but there are at least 5 other students doing that so decided to do something more interesting. I'll mainly talk about how botnets manage to conceal their C&C servers (or any other server like phishing sites).

The resources for this topic are very scattered and mainly include AV websites and such so I'm having trouble getting a chronological account of how botnet infrastructures (from a distributed network point of view) evolved over the last decade. That's why I'm also reading old papers. Not that useful for designing a new botnet:)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.