Strictly speaking when you ‘buy’ a domain name, you do not own it but rather own the ‘registration’ of it for a period of time (similar to leasing it), once you have paid for a domain name you become the ‘registrant’ and the company that registered it for is called the domain name ‘registrar’.
A domain name (e.g. phishdom.com) cannot function on its and is only start point in providing Internet address information for services such as your website or email.
Internet based servers and systems that actually provide email, website hosting and other services do not understand domain names easily – only numbered locations, with every single server, system and, broadband connection having a unique reference made up of four numbers like: 198.212.123.123, called an IP address (IP stands for Internet Protocol).
In order for domain names to link to services (such as a hosting server to display a website), the domain name needs to ‘point’ to the IP address assigned to that server but because a domain can be used for more than thing (for example its used in your email addresses and your website address), we need to provide a list of services and their numbers – this is where DNS or Domain Name System – comes in. Similar to a contact in address book, rather than writing Jon Doe = +1 234 321 2343 its more useful to be able to maintain a list of multiple numbers like this:
John Doe
Home number = +1 234 321 2343
Work number = +1 345 231 3455
Mobile number = +1 246 345 3921
Similarly with domain names, rather than associating one IP address with a domain name, we maintain a list of “DNS” records like this:
Acme.com
www.acme.com = 198.134.324.234 (this is a DNS record for a website)
mail.acme.com = 192.124.123.232 (this could be a DNS record pointing to the server that stores your email)
acme.com = 198.134.324.234 (this is the DNS record representing your domain name with nothing put at the beginning, often also pointed to your website).
The above examples are the simplest and arguably most common type of dns record called an A Record (sometimes referred to as a host address record) and directly map a domain name or a sub domain name to an IP address.
Why is this Important?
PhishDom monitors DNS records for a domain name because ‘hijacking’ the DNS of a domain name is one method of being able to maliciously use your domain name. For example, an attacker may not be able to get past the security of your website to plant malicious code. Instead they create a copy of your website on servers the control and hijack your DNS, pointing your domain name to their copy of the website. Without DNS monitoring, this could go unnoticed for months.
