Loading Now

What Does DNS Do and How Does It Work?

Uncategorized

What Does DNS Do and How Does It Work?

What is DNS?

DNS stands for Domain Name System is essentially like the internet’s phonebook.. When you access a website, you use this service to locate the server where the domain’s website is.
Its primary function is to translate human-readable domain names (like example.com) into IP addresses (like 192.0.2.1) that computers use to identify each other on the network.
When browsing the web, you usually type in a domain name like www.google.com into your browser. This is better than trying to remember an IP address linked to a Google server.

Behind the scenes, a conversion happens using this service, which converts www.google.com to 172.217.12.46. The IP address determines the location of a web server on the internet, and the nameserver that the domain is using is queried for any entries for the domain. This conversion process is called DNS resolution.

This is an integral part of how DNS works to help devices communicate over the internet. Here is a review of the step-by-step query process to better understand exactly how it works.

How Does the DNS Process Work?

  1. Request Initiation: When you type a domain name into your web browser (e.g., www.example.com) or use any internet service that requires domain name resolution, your device initiates a DNS lookup request.
  2. Local DNS Cache Check: Your device first checks its local DNS cache to see if it already has the IP address corresponding to the domain name. If it finds a match, it doesn’t need to perform a full DNS lookup, saving time.
  3. Recursive DNS Servers: If the IP address is not found in the local cache, your device sends a DNS query to a recursive DNS server. This server typically belongs to your Internet Service Provider (ISP) or another DNS provider.
  4. DNS Root Servers: If the recursive DNS server doesn’t have the IP address cached, it starts the process of finding the IP address by querying root DNS servers. These root servers are a crucial part of the DNS hierarchy. There are 13 sets of root servers strategically distributed across the globe.
  5. Top-Level Domain (TLD) Servers: The root server doesn’t have the specific IP address, but it directs the recursive DNS server to the appropriate TLD server based on the domain extension (.com, .org, .net, etc.).
  6. Authoritative DNS Servers: The TLD server then directs the recursive DNS server to the authoritative DNS server responsible for the specific domain name queried. These authoritative DNS servers store DNS records for specific domain names.
  7. IP Address Resolution: The recursive DNS server queries the authoritative DNS server for the IP address associated with the domain name. Once it receives the IP address, it caches it for future reference and returns the IP address to your device.
  8. Return Response: Your device now receives the IP address and can use it to establish a connection to the desired website or service.

Types DNS Servers

  1. Recursive DNS Servers: These are the servers that respond to DNS lookup requests from client devices or other DNS servers by querying other DNS servers on behalf of the client until they find the IP address associated with the requested domain name. Recursive DNS servers typically belong to ISPs or third-party DNS service providers.
  2. Root DNS Servers: These servers are the top level of the DNS hierarchy and are responsible for directing DNS queries to the appropriate Top-Level Domain (TLD) servers. There are 13 sets of root DNS servers distributed worldwide, each managed by different organizations.
  3. Top-Level Domain (TLD) DNS Servers: These servers are responsible for managing the domain names associated with specific top-level domains such as .com, .org, .net, and country-code TLDs like .uk, .de, etc. There are multiple TLD servers for each top-level domain, and they maintain information about the authoritative DNS servers responsible for individual domain names within their respective TLDs.
  4. Authoritative DNS Servers: These servers hold the definitive DNS records for specific domain names. They are responsible for providing DNS resolution for the domain names they are authoritative for. Authoritative DNS servers can be further categorized into primary (master) and secondary (slave) servers. Primary servers store the original copies of DNS zone files, while secondary servers obtain DNS zone information through zone transfers from primary servers.
  5. Caching DNS Servers: These servers store DNS records in cache memory for a certain period of time to improve DNS query response times and reduce the load on higher-level DNS servers. Caching DNS servers can be either recursive DNS servers or DNS resolver caches maintained by client devices.
  6. Forwarding DNS Servers: These servers are configured to forward DNS queries to other DNS servers, typically recursive DNS servers provided by an ISP or third-party DNS service. Forwarding DNS servers are commonly used in local network environments to improve DNS resolution performance and provide additional features like content filtering or security filtering.

DNS Record Types

Authoritative servers store DNS records. The DNS records provide attributes associated with a domain, which include the IP address for each domain.

All domains will have a specific set of default DNS records. The list below provides the most common record types. The most frequently used DNS records are described in detail for the benefit of the reader.

Here’s an overview of the components typically found in a DNS zone file:

  1. Start of Authority (SOA) Record: The SOA record appears at the beginning of the zone file and specifies administrative information about the zone, such as the primary authoritative name server for the domain, the email address of the responsible party, the serial number of the zone file (used for versioning), and other parameters related to zone maintenance.
  2. Name Server (NS) Records: NS records specify the authoritative name servers for the domain, indicating which DNS servers are responsible for providing DNS resolution for the domain.
  3. Address (A) Records: A records map domain names to IPv4 addresses. They specify the IP addresses of hosts or servers associated with the domain.
  4. IPv6 Address (AAAA) Records: AAAA records perform the same function as A records but map domain names to IPv6 addresses.
  5. Canonical Name (CNAME) Records: CNAME records define an alias for a domain name, redirecting queries for the alias to the canonical (true) domain name. They are commonly used for creating subdomains or for load balancing purposes.
  6. Mail Exchange (MX) Records: MX records specify the mail servers responsible for receiving email messages addressed to the domain. They contain information about the priority of mail servers and their corresponding domain names or IP addresses.
  7. Pointer (PTR) Records: PTR records map IP addresses to domain names and are used in reverse DNS lookup (rDNS) to resolve IP addresses back to domain names.
  8. Text (TXT) Records: TXT records can contain arbitrary text information associated with a domain. They are commonly used for domain verification, anti-spam measures, and other purposes.
  9. Service (SRV) Records: SRV records define the location of specific services within a domain, such as SIP, XMPP, or LDAP services.

DNS zone files are typically maintained by the administrators of the domain and are hosted on authoritative DNS servers responsible for providing DNS resolution for the domain. They are crucial for translating human-readable domain names into IP addresses and ensuring the proper functioning of the Domain Name System.

DNS Propagation

When you change your nameservers, you need to wait for the nameservers to propagate. The propagation can take 24 to 48 hours to complete across the internet fully.

Check to see if you have high TTL (Time to Live) values. If you update an A record that has a default TTL value of 86400 seconds (24 hours), propagation will then take 24 to 48 hours to disperse. It is better to change the TTL value to 300 seconds, which is 5 minutes. It is important to learn more about TTL values to know how to reduce the amount of time that any change will take to propagate.

Great resources to help with DNS propagation are:

  • whatsmydns.net
  • intoDNS

DNS Cache Poisoning

Occasionally, hackers can infiltrate the DNS process and manipulate it to gain control of vital DNS servers. This attack method is known as cache poisoning.

With all these DNS queries and transmissions happening in milliseconds, it can be challenging to decipher whether a server communication is valid. The best solution for troubleshooting cache poisoning at this point is using a Domain Name System Security Extension (DNSSE).
DNS Spoofing

DNS spoofing is similar to cache poisoning, but they’re not the same. Cache poisoning attacks DNS servers that contain IP addresses. On the other hand, DNS spoofing attacks focus on DNS records.

Spoofing can also be handled by using a DNSSE. You can also protect yourself against one of these attacks by ensuring the website you’re connecting to is secure. If you’re using the Chrome browser, a gray lock icon will show up in the URL bar if you’re on a secure site.

The other precaution web users can take is to mask their identity when surfing the web. Using a VPN is the most typical and straightforward way to do this.

Editing Your Host File

If you use a third-party proxy server, and your website is not displaying, you can use the local host file to see where the issue occurs. For example, the website is called dnswebtest.com, and this domain is using a third-party proxy server.

It is usually possible to locate where the error originates if there’s a connection error. To locate the issue with the host or the proxy server, you must investigate. To troubleshoot, modify the local host file. Then, add the website dnswebtest.com as an entry to the host file. Then, point it to the web hosting company’s IP address (e.g., 98.129.229.4).

If you visit the website and it displays correctly, you know the issue is with the third-party proxy server. Learn more about how to edit your host file. There are many tools available to see who is hosting a website that will show what IP address a website is resolving to.

Related Posts

You May Have Missed