Internet Basics #5: How DNS works
- 10 months ago
- 5 min read
The internet seems so effortlessly simple; you type in a website's name, and it magically appears. However, behind all of this lies a complex system – the Domain Name System (DNS). In this post we’ll dive into the intricacies of the DNS, what it is and how it works.
As humans we are much better at remembering names, like dataprovider.com or wikipedia.org than remembering a sequence of numbers. Computer algorithms, however, are much better at processing numbers. When it comes to communication across the internet, each connected device, including the servers that host websites, has a unique numerical identifier called an IP address. So when you put dataprovider.com into your browser's address bar, it needs to be translated into a number. That’s where the DNS comes into play. It is often likened to a massive, ever up-to-date phone book, that translates the domain names into computer-friendly IP addresses.
Understanding DNS server roles
The DNS relies on a distributed, hierarchical system of servers, each with a specific function in the process of resolving domain names:
- Root servers: They are at the base of the DNS hierarchy. Root servers provide the initial starting point for DNS queries, directing them towards the appropriate top-level domain (TLD) servers.
- TLD servers: These servers manage collections of domains organized by their TLDs, such as, .com, .uk, .info. In a second step, they offer a more precise direction for the query, narrowing down the search towards the correct authoritative server.
- Authoritative servers: These servers store the DNS records that definitively map domain names to IP addresses. Typically managed by domain owners or their web hosting providers, they provide the final answer to any DNS query.
- Recursive resolvers: The workhorses of the DNS. Usually configured on a local device or provided by an internet service provider, they initiate the lookup process, diligently contacting other DNS servers and caching the results for future efficiency.
In Figure 1 you can see the process for the domain name www.abc.com. First, the root servers provide the information for the location of the TLD servers, in this case .com is located at 1.1.1.1. In a second query the .com TLD server is now queried for the location of abc.com which returns the address of the authoritative server, here 2.2.2.2. Lastly, the authoritative server is queried and returns the full address of www.abc.com.
Authoritative vs. recursive resolvers
Understanding the difference between authoritative and recursive resolvers is crucial for understanding the workings of DNS. Let's break down their roles.
Authoritative servers
Think of authoritative servers as holding the master key for specific domains. They store the official DNS records, providing the final, definitive answer when someone ask for a website's address. Because they are managed by domain owners themselves, they ensure traffic is directed to the genuine, real location of the website. But authoritative servers are more than simple address books. They store various DNS records that serve different purposes:
- A Record: The cornerstone – this maps a domain name to its IPv4 address (example: www.xyz.com = 231.345.378.39).
- AAAA Record: Like an A Record, but for the newer IPv6 addresses.
- MX Record: Crucial for e-mail delivery. It indicates which mail servers handle incoming emails for a specific domain.
- CNAME Record: Creating aliases – allows multiple domain names to ultimately point to the same IP address. For example, multiple subdomains such as team.abc.com or shop.abc.com will have a CNAME record that points to the root domain abc.com.
- TXT Record: Flexible and versatile, used for things like domain ownership verification, security mechanisms, and other custom data.
Recursive resolvers
Recursive resolvers are usually operated by an internet service provider or public services. Their purpose is to speed-up the lookup process. To do so they track down the answer to the DNS query and then store this information temporarily in a cache of recent lookups, making repeat visits to websites much quicker.
Efficiency through caching
A key feature that optimizes DNS performance is DNS caching. DNS caching shortens the look-up process and makes internet browsing quicker and more efficient. It temporarily stores recent DNS query results, enabling faster access to frequently visited websites. When a user requests a specific website, the DNS resolver checks its local cache first. If the IP address is found, the resolver returns it immediately, bypassing the full DNS look-up process.
Caching can occur at multiple levels, including at your device, at the internet service provider, and the recursive resolver level, each maintaining its own cache for a specific Time-to-Live (TTL). After TTL expiration, the cached record is discarded, and a new DNS look-up is performed. In essence, DNS caching streamlines the look-up process, ensuring quicker website access and reduced load on the DNS infrastructure.
Keeping DNS secure with DNSSEC
DNS Security Extensions (DNSSEC) plays a crucial role in making the DNS look-up process more secure by preventing malicious activities like DNS spoofing or cache poisoning. For instance, let's say you want to visit "abcbank.com" to access online banking services. In a DNS spoofing attack, the attacker intercepts your DNS query returning a false IP address that points to a fake "abcbank.com" website under their control, ultimately stealing your login credentials. DNSSEC combats this issue by incorporating cryptographic signatures into the DNS system, allowing DNS resolvers to confirm the authenticity and integrity of DNS responses.
When a DNS resolver receives a DNSSEC-enabled response, it can validate that the information originates from the correct authoritative DNS server and hasn't been tampered with during transmission. This ensures that users reach the intended, genuine websites rather than being misled to potentially harmful ones designed for phishing or other nefarious purposes. In essence, DNSSEC bolsters the reliability of the DNS infrastructure and provides a more secure internet browsing experience by verifying DNS responses through cryptographic signatures.
As an individual internet user, understanding the DNS might not seem like a top priority, but it plays a crucial role in your daily online activities. Every time you visit a website, send an email, or access online services, the DNS works behind the scenes to ensure smooth and secure communication. Recognizing the importance of DNS caching, for instance, can help you understand why you might occasionally need to clear your browser's cache or flush your DNS resolver cache to resolve website access issues. Moreover, awareness of DNS security extensions highlights the significance of safeguarding your online activities from malicious attacks, such as DNS spoofing and cache poisoning.