DNS (Domain Name System) — A Comprehensive Guide to

Image Source: https://performanceconnectivity.com/wp-content/uploads/DNS-Explained.jpg

1. Introduction to DNS

The Domain Name System (DNS) is a decentralized naming system used to resolve human-readable domain names (e.g., example.com) into numerical IP addresses (e.g., 192.168.1.1). Since computers and network devices communicate using IP addresses, DNS serves as the “phonebook of the internet,” making it easier for users to access websites without remembering numerical values.

2. How DNS Works: Step-by-Step Resolution Process

When you enter a website address in your browser, the system follows these steps to resolve the domain name into an IP address:

Image Source: https://www.linkedin.com/pulse/how-does-dns-process-work-mohamed-ayman-elshazly-/

Step 1: User Request (DNS Query)

• The user types www.example.com into a browser.
• The browser checks its local cache to see if it already knows the IP address of example.com.
• If the address is not found in the cache, a DNS query is sent to the local DNS Resolver.

Step 2: Recursive Resolver (DNS Client)

• The recursive resolver is responsible for finding the IP address.
• It may already have the required information cached. If not, it initiates a series of queries to locate the correct IP address.

Step 3: Root Nameserver

• If the resolver does not have a cached answer, it queries one of the root nameservers.
• The root nameserver does not store specific domain IP addresses but directs the resolver to the correct TLD (Top-Level Domain) nameserver.

Step 4: TLD Nameserver

• The TLD nameserver manages domain extensions like .com, .net, .org, etc.
• It directs the query to the Authoritative Nameserver for the specific domain.

Step 5: Authoritative Nameserver

• This server holds the actual IP address of example.com.
• It returns the IP address to the resolver.

Step 6: Returning the IP Address

• The resolver sends the retrieved IP address back to the browser.
• The browser connects to the website’s server using the IP address.

Step 7: Page Load Completion

• Once the connection is established, the website content is fetched, and the page loads for the user.

3. Types of DNS Queries

DNS queries play a crucial role in resolving domain names. There are three main types:

3.1. Recursive Query

• The DNS resolver takes full responsibility for obtaining an answer.
• If the resolver does not have a cached answer, it queries multiple DNS servers until the final IP address is found.
• The resolver then returns the final answer to the user.

3.2. Iterative Query

• The DNS resolver does not search for the final answer itself.
• Instead, it queries multiple servers one by one, and each server directs the resolver to the next server in the hierarchy.
• The resolver stops once it gets a valid response.

3.3. Non-Recursive Query

• The resolver immediately returns an answer if it already has the requested IP address cached.
• No additional queries are needed, making this the fastest method.

4. DNS Caching: Improving Performance

To speed up the domain resolution process and reduce network load, DNS caching is implemented at multiple levels.

4.1 Levels of DNS Caching

1. Browser Cache — Browsers temporarily store DNS responses to avoid repeated lookups for frequently visited websites.
2. Operating System (OS) Cache — The OS maintains a cache of recently accessed domains.
3. Router Cache — Home and enterprise routers often store DNS records to reduce network traffic.
4. ISP & Public DNS Cache — Internet Service Providers (ISPs) and public DNS services (e.g., Google DNS, Cloudflare DNS) cache responses for commonly accessed domains.

4.2 Time-to-Live (TTL) and Cache Expiry

Each DNS record has a Time-to-Live (TTL) value, which determines how long the record remains in the cache. Once the TTL expires, a fresh lookup is performed to get updated information.

5. DNS Record Types

DNS records define how domain names are mapped to different services. The most commonly used record types include:

5.1. A Record (Address Record)

• Maps a domain name to an IPv4 address.
• Example: example.com → 192.168.1.1.

5.2. AAAA Record

• Maps a domain name to an IPv6 address.

5.3. CNAME Record (Canonical Name)

• Redirects one domain to another domain instead of an IP address.
• Example: blog.example.com → example.com.

5.4. MX Record (Mail Exchange)

• Specifies the mail servers responsible for handling email for a domain.

5.5. TXT Record (Text Record)

• Stores arbitrary text, often used for verification and security.

5.6. NS Record (Name Server)

• Specifies which nameservers are authoritative for a domain.

5.7. PTR Record (Pointer Record)

• Used for reverse DNS lookups (IP to domain resolution).

6. DNS Security and Challenges

While DNS is a critical part of internet infrastructure, it faces various security threats.

6.1 Common DNS Security Threats

1. DNS Spoofing (Cache Poisoning) — Attackers manipulate cached DNS records to redirect users to malicious websites.
2. DDoS Attacks on DNS — Attackers overwhelm DNS servers with traffic to disrupt services.
3. Man-in-the-Middle Attacks — Attackers intercept DNS queries and modify responses.

6.2 Security Enhancements

• DNSSEC (DNS Security Extensions) — Adds cryptographic signatures to DNS records to ensure data integrity.
• DoH (DNS over HTTPS) and DoT (DNS over TLS) — Encrypts DNS queries to prevent eavesdropping.

7. Public DNS Providers

Several organizations offer public DNS resolvers that are faster and more secure than ISP-provided DNS services.

DNS is an essential part of how the internet functions, allowing users to access websites easily without remembering complex IP addresses. From resolving domain names efficiently to securing online communications, DNS plays a vital role in keeping the web accessible and secure.

Feel Free to Reach me on LinkedIn: Ashish Misal.