Introduction
The Domain Name System (DNS) is the reason we can type URLs into a browser and get to the website we want to access. Although the process seems instantaneous, many communication steps happen along the way. A key player in the process is the Domain Name System.
This article explains what the domain name system (DNS) is and how it works.
What is DNS?
A domain name system (DNS) is a system that stores domain information in a distributed database. The main function of a DNS is to translate domain names into IP addresses and vice versa.
DNS enables using easy-to-remember domain names instead of IP addresses for each website or server.
Domain Name System Example
The domain name system functions like a phonebook. When we enter a URL (such as www.phoenixnap.com) into a browser, the DNS server resolves the name into an address.
The resolved address allows the browser to contact the correct web server for information and retrieve the queried website.
How DNS Works?
The domain name structure is a key concept in explaining how DNS works. A domain name consists of two or more parts separated by periods. For example, the address bmc.phoenixnap.com splits into three parts:
1. Top-level domain (com).
2. Second-level domain (phoenixnap).
3. Subdomain (bmc).
The DNS space uses a client-server architecture:
- DNS servers have a hierarchical tree-like structure. Every domain has one or more authoritative DNS servers that store information about the domain. The topmost nodes in the structure contain the root servers, which are responsible for resolving top-level domains.
- DNS resolvers are the client components that contact a DNS server to get an address resolution for a domain name. The resolver is an indirectly used system component (e.g., through a browser). Typically, a DNS resolver stores one or two addresses of DNS servers.
DNS Lookup Process
When a web browser sends a request to resolve a domain name into an IP address, the DNS goes through a lookup process. If the example address is phoenixnap.com, the process goes through the following steps:
1. The client query (phoenixnap.com) goes to a DNS resolver.
2. The resolver sends a request to the root nameserver to ask for the top-level domain resolution.
3. The root server responds with an IP address of a top-level domain server for resolving .com domains.
4. The resolver sends a request to the top-level domain server.
5. The TLD server responds with an IP address of the authoritative nameserver (domain's nameserver).
6. The resolver sends a final query to the authoritative nameserver.
7. The authoritative nameserver returns the IP address for the domain name (phoenixnap.com) to the resolver.
8. The resolver returns the IP address of the domain to the client.
9. The client sends an HTTP request to the provided IP address of the web server.
10. The web server returns the webpage to the client.
The lookup process steps differ based on caching levels and the DNS query type.
Note: Learn how to set DNS nameservers.
Types of DNS Queries
DNS uses different query methods when resolving a domain name. The query type depends on what information the DNS resolver already has available, and the type of response the DNS server provides.
Overall, there are three distinct types of DNS queries:
- Recursive. A DNS resolver asks a DNS server to resolve an IP address into a domain name. If the server does not have the address, it returns an error. The resolver asks for another DNS server and continues the process until a DNS server has an IP address to return.
- Iterative. A DNS client asks the server to provide an IP address for a given domain name. The resolver either gets an address as a response, or the IP address of another DNS server that potentially has the answer. The resolver repeats the process until the address resolution happens.
- Non-Recursive. A DNS resolver knows either the IP address or the authoritative server where the information resides. When a client query requests an address resolution, the resolver either returns the IP address immediately from a cache or queries an authoritative DNS server for the record.
DNS Records
DNS records store information about domains and reside on DNS servers or in caches. There are many different DNS record types. The most common types are:
- A record contains the IPv4 address for a domain.
- AAAA record contains the IPv6 address for a domain.
- CNAME record contains the alias for a domain.
- MX record is the mail server address for accepting emails on behalf of a domain.
- PTR record maps an IP address to a domain name for reverse DNS lookup.
- TXT record stores descriptive text for a domain.
Types of DNS Servers
Various DNS server types play a different role in resolving a domain name into an IP address. Below is a brief overview of the several types of DNS servers and their function in DNS resolutions.
1. Recursive DNS Server
A recursive DNS server (or recursive DNS resolver) resolves DNS queries by querying other DNS servers. The recursive server performs this task until it locates the IP address of a domain name. The server acts as a mediator between the client and other DNS servers.
2. Root DNS Server
The first point of contact from a recursive DNS server is the root DNS server. There is a total of thirteen root server types dispersed across multiple locations. Root DNS servers are named [A-M].root-server.net and every recursive DNS resolver knows all thirteen root server types.
The root DNS server provides IP addresses for top-level domain (TLD) servers to a recursive DNS resolver based on the final part in the domain name query. The Internet Corporation for Assigned Names and Numbers (ICANN) manages root nameserver databases.
3. TLD (Top-Level Domain) DNS Server
The top-level domain (TLD) servers resolve queries for top-level domains. For example, a .com TLD server contains information for all websites ending in .com. The TLD server points the resolver to an authoritative server.
Internet Assigned Numbers Authority (IANA) is a branch of ICANN that oversees the TLD nameservers. All the domains in this category divide into three groups:
- Generic top-level domains are common and not geographically specific. Examples include .com, .edu, .org, .gov, and similar.
- Country-code top-level domains are specific to a country or state. Examples include .uk, .us, .ru, and others.
- Infrastructure domains are transitional domains with a historical significance used for reverse DNS lookup. The domain is .arpa.
4. Authoritative DNS Server
An authoritative DNS server provides answers for DNS queries from a TLD server. The answer is based on the DNS records that it has for a specific subdomain. The authoritative DNS server is the last step before a DNS resolution.
Multiple domain names reside on authoritative DNS servers, and a single domain name may also reside on multiple authoritative servers.
What Is DNS Caching?
DNS caching is a process where DNS query results are temporarily stored for future reference. The caching process occurs at diverse levels, such as on a client device, local network, and DNS servers.
The DNS resolver first checks the cached values to find an IP address for a domain name. If the address is in the cache, the resolver returns the IP without having to query other DNS servers.
The caching process significantly reduces DNS lookup times. DNS caching can also cause problems if the information is outdated or tampered with, which is why it's good to flush DNS cache.
Browser
Every browser caches DNS information for recently searched queries. If the corresponding IP address for a domain name is found in the browser's cache, the page loads immediately without having to forward the information further.
If the browser's DNS cache does not contain the record, the request forwards to the operating system's DNS cache.
Operating System
All operating systems have internal DNS cache. The cache contains a table with DNS record values and the time the records are kept (TTL). An administrator sets the TTL value for each domain, and after the time runs out, a new query updates the DNS cache information.
Note: See how you can utilize a hosts file on macOS.
Router and ISP
The final point of DNS caching is on the router level. Some routers have built-in DNS cache, which is typically set up by the internet service provider (ISP). Alternatively, the router uses the ISP's DNS cache to check for cached values.
DNS Vulnerabilities
DNS participates in the majority of IP network and internet communication. However, DNS is notorious for various vulnerabilities and issues. The system is hard to avoid and difficult to monitor, making it a major network security challenge.
Some examples of DNS vulnerabilities are:
- DNS cache poisoning is a malicious attack in which false information is added to the cache. For example, an attacker can inject a false entry to redirect all traffic to a malicious website or block traffic.
- DNS spoofing is a man-in-the-middle attack where an attacker sends a false DNS response to a victim. The false response contains an incorrect IP address for the given domain, leading to malicious websites which conduct a phishing attack or similar.
- DNS amplification is a type of DDoS attack where an attacker sends requests with spoofed IP addresses to slow down a server or take it down completely.
To address DNS vulnerabilities, apply DNS security best practices and focus on network infrastructure security.
Conclusion
After reading this guide, you know how the domain name system (DNS) works. Next, see how to configure a DNS server.