What Is DNS and How Does It Work?

Read it in 5 Mins

Last updated on
11th Mar, 2021
Published
30th Aug, 2019
Views
8,087
What Is DNS and How Does It Work?

DNS stands for “Domain Name System”, which is a massive directory distributed across the world. In other words, DNS serves the purpose of the phonebook for the internet. It functions so instantaneously and seamlessly that we don’t realize how much we use it every day. 

We can understand DNS through a basic analogy. In a phonebook, we usually type a name whose number we need to check, we need not memorize the person’s contact number. The same service is provided by a DNS. Every device connected across the internet has a unique IP address. This IP address is used by the machines to interact with each other. Domain names are human-readable names that we enter into a web browser to access a website. Domain names are analogous to the names in the phonebook, while the IP address is the corresponding contact number. Computers interact through IP addresses which are complex strings of alphanumeric characters. Basically, DNS translates domain names to corresponding IP addresses to identify the different computers across the world. There can be more than one IP address associated with a domain name.

A Brief History of DNS

Around thirty years back, when the internet was introduced, people needed to memorize the IP address of the website that they wanted to visit. Computers being digital machines were able to communicate only through numbers. As the internet age began, the number of websites started to grow from hundreds to tens of thousands. The increasing number of IP addresses made it difficult for people to memorize. Paul Mockapetris in early 1980s introduced a system that was able to automatically map the domain names to its corresponding IP addresses. This led to the birth of the DNS which serves as a backbone of Internet till today.

Do You Want to Make Career in Cloud Computing? Find a list of top AWS Certifications.

Types of queries:

There are mainly 2 types of queries:

  1. Recursive DNS query: When the DNS user directly gets the IP address of the desired domain by querying the corresponding name server, this is called recursive query. During this process, the DNS server might also query other DNS servers on the internet.
  2. Non-recursive query: The DNS user navigates through various levels of servers like root name servers, TLDs, and authoritative name servers to query the required IP address corresponding to the domain name.

How does DNS work?

How does DNS work?

The basic function of a DNS is to convert the user-friendly domain name into a corresponding computer-friendly IP address. Let’s look at the various steps:

  1. Information request: When you type the domain name while visiting a website, you are asking your computer to resolve a particular hostname. The first step performed by your computer is that it looks for the IP address corresponding to your domain name in the local DNS cache, which stores information regarding your previously visited websites. In case you have not visited that website before, the computer performs a DNS query.
  2. Ask recursive DNS servers: If the information is not stored locally, your computer contacts the recursive DNS resolvers or servers from your Internet Service Providers(ISPs). These resolvers have their own cache. Since many users use the same ISP, chances are that the common and popular websites are already cached. In this case, the required information is returned to the user and the process ends here.
  3. Ask root name servers: In case the information is not provided by recursive servers or the data is outdated, they query the root name servers. The root name servers publish root zone file contents to the internet. The root name servers do not provide the IP addresses but redirect queries to other servers that might provide the required answer.
  4. Top-level domain(TLD) name servers: The root name servers read the request from right to left and direct you to the top-level domain name servers. For example, information like .com, org, etc, corresponds to a TLD which has its own set of servers for these. The TLDs don't provide the IP address directly but direct your queries to the appropriate server.
  5. Authoritative name servers: The TLD servers read the next part of the query and direct it to the particular name server called authoritative name servers. These DNS servers are configured for different zones and provide related information. They store the original zone records and don’t cache the query results. These name servers can be present at the DNS provider or where the website is hosted. The authoritative name servers have different kinds of records, for example, we want to know the IP address, so we ask for the address record. This server lies at the bottom of the DNS lookup chain.
  6. Retrieve the record: The recursive server retrieves the required record from the authoritative name servers and stores it in its local cache. This serves to reduce the effort for a new lookup process while visiting the same website again. All the records maintain a time to live (TTL) value, which determines when the data will get expired, which helps ensure the data is up to date always.
  7. Receive the answer: The recursive server returns the required answer to your local computer which further caches this record. Your computer reads this record and returns the IP address to your browser. The browser opens a particular website by connecting to the webserver. This entire process is completed within a fraction of a second.

What is a DNS address?

To understand this even better, we must have a precise knowledge of domain name and IP address. An Internet Protocol address (IP address) is a unique numeric address that is accredited to every single device that uses an Internet Protocol-based network. Basically, with the help of an IP address, devices recognise each other on a network. A simple example of an IP address is 67.81.32.3.

A domain name is an understandable way of identifying entities on a network; any particular website can be accessed by a domain name. For example, Microsoft is the domain for the website microsoft.com.

Every domain name has one or more than one IP addresses assigned to it. DNS matches the domain name with the IP address accredited to it and fetches the right webpage for the user. For a user, it is more convenient to remember a domain name than an IP address but the computer understands only in binary numbers hence the DNS transcripts the domain into IP addresses with the help of DNS servers.

What is a DNS server?

A DNS server is a vast storehouse of domain names and their relevant IP addresses and helps to retrieve the IP addresses from the domain name or the hostname. We can deduce that the DNS server is the major element that incorporates the DNS protocol and serves the Web Hosts and clients on an IP based network. It bridges the gap between the humans and the computers.

Primary and Secondary DNS server

There are two basic types of DNS servers: Primary and Secondary servers.

A primary server is responsible for the administration of the domain and it gets its information directly from the local files. It hosts the controlling zone file whereas Secondary servers get their information from a primary server in communication known as a zone transfer and contain read-only copies of the zone file.

DNS root servers

The Domain Name System is organised in a hierarchy with different managing areas also known as zones and root servers are at the top of this hierarchy. Thirteen root servers are used to query the different root server networks. These are arranged in alphabetical order from A to M, the first 13 letters of the alphabet.

Resolving DNS Server Queries

A DNS query without any caching is solved by the help of mainly four servers which are recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers. The query from the client is received by the DNS resolver which then looks up the IP address. The resolver then itself starts enacting as a client and then asks the rest three servers to fetch the correct IP address.

First, the root server converts the domain into IP address and responds the resolver with the Top Level Domain servers that stores all the details of the domain servers. Now the TLD responds to the resolver with the IP address of the domain’s authoritative nameserver. The authoritative nameserver responds with the IP address of the origin server on the query of the recursor.

Finally the resolver sends the origin server IP address to the client and in turn, the client can directly resolve its query with the origin server.

DNS caching

Cached data can also be used to resolve DNS queries apart from the above process used by the recursor. Once an IP address is obtained for the website, it can be saved as a cache for about 24 hours so that meanwhile any other user requests for the same IP address, it can be directly retrieved from the cache thus avoiding all the hassle. But after 24 hours, the resolver has to create a new cache.

DNS Server Failure

DNS server could fail due to varied reasons such as:

DNS Server Failure

  1. Hardware malfunctions
  2. Malware attacks
  3. Power outage
  4. Cyber attacks etc.

Earlier DNS server outage had a significant impact on the business but today due to server monitoring TLD nameservers, root DNS servers and backup recursive, it has become more efficient in resolving the issues. Though most of the outage and failure may be solved, one must have a DNS failover implemented so that if there are any DNS server outage, one can very easily be transferred to another DNS server without the knowledge of the end-user.

DNS attack
DNS attack

  1.  DNS spoofing - Also known as cache poisoning, DNS spoofing is a form of computer system hacking in which the malware creator secretly gains access to the information and alters the cache, such that the user may type an authentic domain name but the manipulated DNS  system transfers the user to an alternate server fraudulently. Keeping your antivirus and anti-malware up to date and running a scan on a regular basis will help avoid the spoof.
  2.  DNS Hijacking - It is a malicious attack in which the malware attacks the local computer and manipulates the TCP/IP settings and transfers the user to the hacker’s server. This can be easily prevented by the use of an antivirus.
  3.  Phishing - It is a cybercrime in which atrocious hackers develop spam websites, which is similar to the common bank webpages, payment sites, or gaming sites to lure individuals into providing sensitive data such as passwords, banking details, etc. Many antivirus solutions provide a layer of protection designed to prevent phishing attacks. Also, it is important to keep an eye on the domain address and not fall for the fake ones.
  4.  DNS reflection attacks - The malware creator floods the user with innumerable messages from DNS resolver servers and the attackers ask for large DNS files from the resolver using the fraud IP address of the victim. On responding to the messages by the resolver, the victim’s machine is swarmed by the unrequested DNS data which overburdens the machine.

How can you protect yourself?

These are the few precautions that can help you mitigate the effects of an attack. Some of these are:

Ways to Protect from Attack

  1. Monitor DNS servers for abnormal behaviour like: Increase in the number of unique subdomains being queried or increase in the number of timeouts or delayed response.
  2. Restricting packets with a spoofed IP address from exiting your network.
  3. Updating antivirus and anti-malware regularly.
  4. Keeping a keen eye on the address bar.

DNSSec

Internet Corporation for Assigned Names and Numbers (ICANN), the organization in charge of the DNS system invented DNS Security Extensions to secure and ease up the interaction between the various levels of servers during lookup. DNSSEC devised a system where each level of DNS server digitally sign its requests, which makes it certain that the requests sent in by end-users aren’t appropriated by attackers. Moreover, DNSSec can verify whether a domain name exists and if it doesn’t then it protects the client and the servers from the infiltrated domain.

Profile

Joydip Kumar

Solution Architect

Joydip is passionate about building cloud-based applications and has been providing solutions to various multinational clients. Being a java programmer and an AWS certified cloud architect, he loves to design, develop, and integrate solutions. Amidst his busy work schedule, Joydip loves to spend time on writing blogs and contributing to the opensource community.