Do you know how domain names, like microsoft.com, are translated into IP addresses? The Internet uses a service called the Domain Name System (DNS). In this article, you will learn what DNS is and it translates domain names into IP addresses, so that browsers and other Internet-connected apps and services can find webservers.
Plus, check out our useful infographic below to quickly understand how DNS works.
The Domain Name System is a server where domain names are converted into IP addresses so that browsers can load information. More specifically, DNS finds a domain name’s corresponding IP address (IPv6 or IPv4 address), so that web browsers can locate and provide the information attached to the domain.
Domain names (or website domains) are web addresses. Domain names are used in Uniform Resource Locators (URL) for websites. For example, you need to enter ‘www.google.com’ in a web browser to visit Google’s website. And ‘www.facebook.com’ for Facebook’s website.
An IP address is a unique address used to identify resources like a device or server on the Internet. An IP address is a number that facilitates devices connecting to each other over the internet or a local network. Much like a telephone number helps you dial a specific person.
There are two types of IP addresses: IPv4 and IPv6.
IPv4 is a 32-bit address scheme. It uses dot-decimal notation. IPv4 has the addressing capability of more than 4.2 billion addresses. For example, an IPV4 address might look like 192.0.2.1.
IPv6 is a 128-bit address method. It uses alphanumerical notation instead of the dot-decimal notation in IPv4. It also has the capacity to accommodate approximately 3.4×1038 unique IP addresses. Or in other words, 340 trillion trillion trillion IP addresses!
IPv6 is more advanced and secure than IPv4 by design. An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Although the main use of DNS is to translate domain names into IP addresses, it has many other uses. DNS servers ensure quick access to the information resource you are searching for, and they facilitate routing mails to Internet mail servers. DNS is also what makes possible the communication between servers and Internet of Things (IoT) devices.
To understand how DNS works, it’s important to learn about the processes that take place behind the scenes. Here are the steps involved in resolving domain names to IP addresses.
The primary role of DNS is to translate the domain names that you type into your web browser into IP addresses. The process of translating domain names into IP addresses is called DNS lookup, or DNS resolution. DNS uses several different components, including:
DNS uses four different services to resolve a domain name to an IP address.
A DNS resolver, also known as a DNS recursive resolver, is the primary function of a DNS query. It either directly provides the required information from its stored cache, or it sends requests to other DNS servers including the root nameserver, top-level domain (TLD) nameserver, and authoritative nameserver.
The Root nameserver, or DNS root server, accepts queries from the recursive resolver and directs the recursive resolver to the TLD nameserver, where the recursive resolver can find the matching IP address.
The top-level domain (TLD) nameserver is responsible for maintaining all the information related to the domain names based on its top-level domain such as .com, .net, .org, etc. For example, the .com TLD nameserver keeps all the information for the domains that end with .com.
There are two types of TLD server groups: Generic top-level domains such as .com, .edu, .gov, etc., and Country code top-level domains such as .uk, .us, .ru, etc.
The Authoritative nameserver is the last stage in the journey to resolve an IP address. It can provide a recursive resolver with the matching IP address to a specific domain name from its DNS record.
If a domain has an alias of another domain, the authoritative nameserver uses the Canonical Name Record (CNAME) to find the resources from a record. For example, if your DNS query is ‘blog.google.com’, ‘google.com’ is the canonical name or the alias of blog.google.com.
DNS queries are the requests sent from a DNS client to a DNS server for specific information. Primarily, a DNS query is the request for IP addresses related to a domain name.
Here are the top three types of DNS queries:
In this type of query, a DNS server answers the query by asking other DNS servers on your behalf. A DNS server can either provide you with the requested resource from a DNS record, or an error message if the recursive resolver can’t find related information to the query.
In an iterative query, a DNS server returns your query with the answer if it can. If a recursive DNS query didn’t return the respective IP address for your request, it refers to another authoritative DNS server or root server that can provide the answer to your query.
A non-recursive query occurs when a DNS server answers your query from a record that exists in its cache. An immediate response is available with non-recursive queries as they are stored the necessary information is stored locally.
Domain nameservers are responsible for storing and maintaining all DNS records of domain names, including A records, CNAME records, and MX records (We’ll explain below what these are). There are multiple nameservers that relies on, and typically there is one primary and several secondary .
The availability of multiple nameservers increases the reliability of DNS as it can use other nameservers if one nameserver becomes unavailable. Nameservers store and maintain accurate information for all DNS records.
A DNS zone is a specific portion of the namespace in DNS. And it’s managed by an administrator or organization. DNS zones provide better control over DNS components such as TLD nameservers, authoritative nameservers, and more.
A DNS zone is implemented in a domain name server and it includes a zone file that contains all DNS records of domains in a zone. Domain name servers can contain multiple DNS zones. And a DNS zone can contain several subdomains.
DNS records provide all the details related to domain names and the details of these DNS records can be found in DNS zone files. DNS records help DNS respond to queries.
Here are the different types of DNS records:
DNS caching refers to the process of storing information on DNS records for a temporary period to reuse them whenever the same query is made in the near future. Caching can be enabled at either the operating system or the web browser level. Therefore, DNS servers do not need to process a DNS lookup each time your device wants to query DNS or you visit a website.
DNS propagation refers to the time it takes for DNS records to be updated across all DNS servers on the Internet or local network. Propagation is started when somebody adds new DNS records to a name server.
Propagation may take up to 72 hours as domain name servers have different time to live (TTL) values configured for DNS records.
Generally, DNS servers are provided by Internet Service Providers (ISPs). However, running your own DNS server may provide you with better control over your system and network. You can set up your own DNS server by installing DNS server software like Windows DNS Server, PowerDNS, and Technitium. DNS server software is available for different operating systems including Windows, Linux, iOS, etc.
Like some other Internet protocols, DNS was not designed with security in mind. However, DNS security plays a significant role in protecting DNS components from all levels of attacks that affect the stability and availability of the DNS service. Therefore, developing an effective security strategy, including DNSSEC, DNS logging, and more, is essential to protect DNS infrastructure.
DNS is vulnerable to various security threats, and hackers find advanced ways to target and attack DNS servers. Some of the common DNS attacks include:
DNS cache poisoning or DNS spoofing is a type of DNS attack in which attackers redirect web trafic to malicious web pages by adding false information into the DNS cache.
DNS tunneling exploits the DNS protocol to tunnel sensitive data in DNS queries or response packets.
A type of Denial of Service (DoS) attack in which attackers create a bunch of phantom domains that restrict servers from responding to DNS queries.
A random subdomain attack is a type of Distributed Denial of Service (DDoS) attack in which many queries are sent to a targeted domain. Due to the high volume of traffic from multiple sources, requested information or services become unavailable to users.
DNS Security Extensions (or DNSSEC) is a security measure developed to protect DNS components from attack by implementing a digital signing process. In this process, signing takes place at each stage of the DNS lookup process to ensure the validity of DNS records returned and secure the lookup process.
The future evolution of DNS is highly concentrated on security, partly as DNS in its original form is fundamentally insecure. Although encrypted queries may protect secure DNS to some extent, confidentiality issues remain with DNS servers because they are widely accessible on the public Internet.
The initial step of a DNS query is unencrypted, and it remained visible to everyone. Therefore, the encryption of DNS records would increase security and it would be effective in preventing domain attacks.
The introduction of resolver-less DNS may provide improved performance and privacy. It will reduce the time spent to perform DNS lookups and it can deliver accurate and validated DNS records.