• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • DNS is the phonebook of the internet!

    Computers connect and communicate with one another to send and receive information using numbers (IP Addresses). Each device connected to the internet has a unique address as an identity, which the other devices use to identify and communicate.

    In contrast, humans communicate with each other using their names, which is much easier to remember to call someone than numbers.

    Domain Name System (DNS) was introduced to bridge the communication gap between humans and computers. DNS resolves names to numbers, in straight human-friendly domain names to computer-friendly IP addresses.

    Domain Name System

    What is a Domain Name?

    A domain name is a unique string that recognizes a particular resource on the internet. It denotes which web application server is currently being requested. Although you haven’t heard about domain names, you might have used a zillion of them. Yes! google.com, yahoo.com, geekflare.com, etc., are all domain names.

    root domain

    What is DNS and Why We Need it?

    Humans access information online using domain names like amazon.com, geekflare.com, etc. via browsers. But web browsers communicate only by Internet Protocol Addresses (IP Address).

    DNS helps us by translating the provided domain names to their respective IP address so that browsers can load the requested resource.

    dns

    Now, let’s take an analogy to demonstrate the need of DNS:

    If you want to call someone’s phone, you’ll take your phone first, then scroll or search the list of saved contacts, and you’ll make a call.

    Even though we can call someone, only by using their phone numbers, it’s really hard to memorize them for all of our contacts. This is the main reason why we save mobile numbers using names in our phonebooks.

    DNS uses the same mechanism, assume that it has a database that contains the list of IP addresses with corresponding domain names.

    In today’s world, there are around 1.5+ billion websites on the World Wide Web. We use some of them in our regular day-to-day life. It is impossible to remember all the site’s IP addresses. DNS remembers them to make our life easy.

    How does it work?

    When the user types the URL (domain) in the browser, let’s say geekflare.com, the browser needs to find the IP address of Google to connect to it. This process of finding the IP address from the given domain name is known as DNS Resolution.

    AddressBar URL

    Computers recognize the website locations by IP addresses, not by domain names. When you type geekflare.com, the browser does DNS lookups to fetch the corresponding IP address then forward our request to the Geekflare server, which sends back the landing page of the Geekflare.

    DNS lookup happens in web browser behind the scenes which requires no interaction from the user who typed geekflare.com.

    To get the IP address of a website, try the following command in the command prompt or terminal:

    nslookup www.example.com

    You can directly type the IP address from this result in your browser. But some websites might have blocked the direct IP access, in which you would not get the expected results.

    DNS Workflow

    Now, we got an idea that an IP address is being requested every time we type domain names. Let’s look at how this process happens.

    When a domain name is entered in the browser to get its IP address, first it’ll look for it in the local cache. This local cache data might be available in any of the following two places:

    • Web browser cache.
    • Operating system’s cache.

    DNS Query Resolver

    In the process of DNS lookup for finding IP, when there is no cache data available for the requested domain name, a set of DNS servers work together to find the IP address.

    An excessive communication with remote DNS servers is a time-consuming process that results in low performance. In order to prevent this, the resultant IP address will get stored in the OS cache, browser cache, DNS resolver cache.

    Types of DNS servers

    DNS servers are of four types:

    • Recursive Resolver
    • Root Nameserver
    • Top-Level Domain (TLD) Nameserver
    • Authoritative Nameserver

    Let’s take an example of how these DNS servers work by coordinating with each other:

    Assume, you need a book, so you go to buy it from a local bookstore, then contact the owner of the store by telling him the book you want, where you act as a client and shop owner is the recursive resolver.

    Then the owner went to look at the index of the store (root nameserver) that points to a different set of racks (TLDs).

    After finding the right rack, he goes to that specific rack (TLD) and he tries to find the perfect shelf where the book is available (authoritative nameserver) and finds the appropriate book requested by the client.

    DNS Recursive Resolver

    If the IP is not available in local cache data, it forwards the request to DNS Recursive Resolver also called DNS Recursor. This method of sending the request to DNS Recursor for finding IP is termed as DNS Query.

    DNS recursor is a special server designed to receive client’s DNS query requests and make some additional requests, if needed, to satisfy the requested client.

    It is usually the DNS server of your Internet Service Provider (ISP).

    How DNS Works Steps
    Image by Varonis

    These DNS servers provided by your ISP will also have caches in their database. If the expected IP for the given domain is in the cache memory, then it will simply provide it to the requested client.

    Else, the following steps happen in finding the IP:

    • DNS Recursor will send the request to the root nameserver. (DNS Recursor → Root Nameserver)
    • Root nameserver will not have the IP information of the domain name, but it will provide the information of the corresponding TLD server, which can help us find it. (Root Nameserver → DNS Recursor)
    • Now, the recursor asks the TLD server for the IP of the provided domain. (DNS Recursor → TLD server)
    • TLD server will give the information of the corresponding Authoritative nameserver which has the IP, and it is the final stop in the DNS query. (TLD Server → DNS Recursor)
    • At this time, the recursor asks the Authoritative server, for the IP address of the domain name. (DNS Recursor → Authoritative Nameserver)
    • Finally, the authoritative nameserver finds the IP address of the given domain name and sends it to the recursor. (Authoritative Nameserver → DNS Recursor)
    • At last, the recursor stores the result in its cache database and sends back the IP address to the requested client. (DNS Recursor → Client)

    Root NameServer

    The root nameserver (aka, ‘.’ nameserver) is the first step in the domain translation process. Let’s presume that the received request is www.google.com, now the root nameserver will search for the appropriate .com TLD server and sends that TLD server IP to the recursor.

    The root nameserver is at the top of the domain hierarchy. Recursive resolvers do not know how to dispatch the request to root servers.

    Because of this, every recursive resolver has a list of 13 IP root server addresses configured to it. Whenever the DNS lookup occurs, the recursive resolver’s first communication would be with one of those 13 addresses.

    DNS Domain Levels Hierarchy
    Image by netnod

    There are more than 1300 root servers available across the globe, which are operated by 12 different organizations. But they are accessible by only these 13 numeric addresses.

    Since there are only 13 root server IP addresses, only 13 root nameservers can be seen from any single location at any given time.

    TLD Nameserver

    Top-Level Domain nameserver maintains information of all the domain names that share a common extension. It is the second step in finding the IP address.

    Subsequently, the TLD server will check the received domain name (google.com) from the DNS recursor and search for the appropriate authoritative nameserver.

    After finding the authoritative server for google.com, it will send back its IP address to the DNS recursor.

    Top Level Domains

    There are different kinds of TLDs out there, some are:

    • gTLD – generic TLD (.com, .net, .org, etc.)
    • ccTLD – country code TLD (.in, .us, .uk, etc.)
    • sTLD – sponsored TLD (.edu, .gov, etc.)

    Authoritative Nameserver

    Authoritative nameserver contains the information specific to particular domains. And it is the final stop in the DNS query journey.

    Authoritative servers are asked for the A record (stands for ‘Address’ record) of the domain, which contains the IP address of the server at which the website is hosted.

    If it has the information of the requested domain records, it will return its IP address to the recursor, which further returns it to the requested client.

    Conclusion

    Domain Name System is one of the important aspects of the internet. It is the first step in making the connection to the internet. It ensures the internet is not only user-friendly but also helps in loading the requested content efficiently.

    Without DNS, it would be a heavy burden for all of us, while we are living in the internet world with countless websites.