What is DNS?

Enterprise 1280x720 1

Do you know how domain names, like microsoft.com, are translated into IP addresses? The Internet uses a service called the Domain Name System (DNS). In this article, you will learn what DNS is and it translates domain names into IP addresses, so that browsers and other Internet-connected apps and services can find webservers.

Plus, check out our useful infographic below to quickly understand how DNS works.

What is DNS?

The Domain Name System is a server where domain names are converted into IP addresses so that browsers can load information. More specifically, DNS finds a domain name’s corresponding IP address (IPv6 or IPv4 address), so that web browsers can locate and provide the information attached to the domain.

Domain names (or website domains) are web addresses. Domain names are used in Uniform Resource Locators (URL) for websites. For example, you need to enter ‘www.google.com’ in a web browser to visit Google’s website. And ‘www.facebook.com’ for Facebook’s website.

IP addresses

An IP address is a unique address used to identify resources like a device or server on the Internet. An IP address is a number that facilitates devices connecting to each other over the internet or a local network. Much like a telephone number helps you dial a specific person.

There are two types of IP addresses: IPv4 and IPv6.

IPv4 addresses

IPv4 is a 32-bit address scheme. It uses dot-decimal notation. IPv4 has the addressing capability of more than 4.2 billion addresses. For example, an IPV4 address might look like

IPv6 addresses

IPv6 is a 128-bit address method. It uses alphanumerical notation instead of the dot-decimal notation in IPv4. It also has the capacity to accommodate approximately 3.4×1038 unique IP addresses. Or in other words, 340 trillion trillion trillion IP addresses!

IPv6 is more advanced and secure than IPv4 by design. An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

What is DNS used for?

Although the main use of DNS is to translate domain names into IP addresses, it has many other uses. DNS servers ensure quick access to the information resource you are searching for, and they facilitate routing mails to Internet mail servers. DNS is also what makes possible the communication between servers and Internet of Things (IoT) devices.

How does DNS work?

To understand how DNS works, it’s important to learn about the processes that take place behind the scenes. Here are the steps involved in resolving domain names to IP addresses.

How is DNS used to resolve domain names to IP addresses?

The primary role of DNS is to translate the domain names that you type into your web browser into IP addresses. The process of translating domain names into IP addresses is called DNS lookup, or DNS resolution. DNS uses several different components, including:

  • Domain Name Servers
  • DNS queries
  • DNS records
  • DNS caching
  • DNS propagation
  • And more
How DNS queries work infographic
How DNS queries work infographic

The 4 Domain Name System components for loading a web page

DNS uses four different services to resolve a domain name to an IP address.

DNS resolver

A DNS resolver, also known as a DNS recursive resolver, is the primary function of a DNS query. It either directly provides the required information from its stored cache, or it sends requests to other DNS servers including the root nameserver, top-level domain (TLD) nameserver, and authoritative nameserver.

DNS root server

The Root nameserver, or DNS root server, accepts queries from the recursive resolver and directs the recursive resolver to the TLD nameserver, where the recursive resolver can find the matching IP address.

TLD nameserver

The top-level domain (TLD) nameserver is responsible for maintaining all the information related to the domain names based on its top-level domain such as .com, .net, .org, etc. For example, the .com TLD nameserver keeps all the information for the domains that end with .com.

There are two types of TLD server groups: Generic top-level domains such as .com, .edu, .gov, etc., and Country code top-level domains such as .uk, .us, .ru, etc.

Authoritative nameserver

The Authoritative nameserver is the last stage in the journey to resolve an IP address. It can provide a recursive resolver with the matching IP address to a specific domain name from its DNS record.

If a domain has an alias of another domain, the authoritative nameserver uses the Canonical Name Record (CNAME) to find the resources from a record. For example, if your DNS query is ‘blog.google.com’, ‘google.com’ is the canonical name or the alias of blog.google.com.

The 3 types of DNS queries

DNS queries are the requests sent from a DNS client to a DNS server for specific information. Primarily, a DNS query is the request for IP addresses related to a domain name.

Here are the top three types of DNS queries:

Recursive Query

In this type of query, a DNS server answers the query by asking other DNS servers on your behalf. A DNS server can either provide you with the requested resource from a DNS record, or an error message if the recursive resolver can’t find related information to the query.

Iterative Query

In an iterative query, a DNS server returns your query with the answer if it can. If a recursive DNS query didn’t return the respective IP address for your request, it refers to another authoritative DNS server or root server that can provide the answer to your query.

Non-recursive Query

A non-recursive query occurs when a DNS server answers your query from a record that exists in its cache. An immediate response is available with non-recursive queries as they are stored the necessary information is stored locally.

What are Domain Nameservers?

Domain nameservers are responsible for storing and maintaining all DNS records of domain names, including A records, CNAME records, and MX records (We’ll explain below what these are). There are multiple nameservers that relies on, and typically there is one primary and several secondary .

The availability of multiple nameservers increases the reliability of DNS as it can use other nameservers if one nameserver becomes unavailable. Nameservers store and maintain accurate information for all DNS records.

What is a DNS zone?

A DNS zone is a specific portion of the namespace in DNS. And it’s managed by an administrator or organization. DNS zones provide better control over DNS components such as TLD nameservers, authoritative nameservers, and more.

A DNS zone is implemented in a domain name server and it includes a zone file that contains all DNS records of domains in a zone. Domain name servers can contain multiple DNS zones. And a DNS zone can contain several subdomains.  

What are the main types of DNS records?

DNS records provide all the details related to domain names and the details of these DNS records can be found in DNS zone files. DNS records help DNS respond to queries.

Here are the different types of DNS records:

  • A record: An A record includes IPv4 addresses for FQDNs (Fully Qualified Domain Name). An FQDN has four parts: hostname (www, ftp, etc.), domain name (Google, Facebook, etc.), Top Level Domain (.com, .org, etc.), and a period (.).
  • AAAA record: In contrast to A record, AAAA records (or quad A) maps domain names to IPv6 addresses.
  • MX record: A Mail Exchange (or MX record) points to a mail server instead of an IP address to facilitate email routing.
  • TXT record: This record allows administrators to store text in a DNS record. Although it’s mainly notes written in a friendly language, you can also enter machine-readable text in DNS. TXT records are mainly used to verify domain name ownership and to prevent spam emails.
  • NS (Name Server): NS records direct to the authoritative name servers for a domain or subdomain.
  • CNAME: A Canonical Name (or alias) record is an alias that maps domain names to other domains or subdomains.

What is DNS caching?

DNS caching refers to the process of storing information on DNS records for a temporary period to reuse them whenever the same query is made in the near future. Caching can be enabled at either the operating system or the web browser level. Therefore, DNS servers do not need to process a DNS lookup each time your device wants to query DNS or you visit a website.

How does DNS propagation work?

DNS propagation refers to the time it takes for DNS records to be updated across all DNS servers on the Internet or local network. Propagation is started when somebody adds new DNS records to a name server.

Propagation may take up to 72 hours as domain name servers have different time to live (TTL) values configured for DNS records.

Can you set up your own DNS server?

Generally, DNS servers are provided by Internet Service Providers (ISPs). However, running your own DNS server may provide you with better control over your system and network. You can set up your own DNS server by installing DNS server software like Windows DNS Server, PowerDNS, and Technitium. DNS server software is available for different operating systems including Windows, Linux, iOS, etc.

DNS and security

Like some other Internet protocols, DNS was not designed with security in mind. However, DNS security plays a significant role in protecting DNS components from all levels of attacks that affect the stability and availability of the DNS service. Therefore, developing an effective security strategy, including DNSSEC, DNS logging, and more, is essential to protect DNS infrastructure.

Does DNS have security vulnerabilities?

DNS is vulnerable to various security threats, and hackers find advanced ways to target and attack DNS servers. Some of the common DNS attacks include:

DNS cache poisoning

DNS cache poisoning or DNS spoofing is a type of DNS attack in which attackers redirect web trafic to malicious web pages by adding false information into the DNS cache.

DNS tunneling

DNS tunneling exploits the DNS protocol to tunnel sensitive data in DNS queries or response packets.

Phantom domain attack

A type of Denial of Service (DoS) attack in which attackers create a bunch of phantom domains that restrict servers from responding to DNS queries.

Random subdomain attack

A random subdomain attack is a type of Distributed Denial of Service (DDoS) attack in which many queries are sent to a targeted domain. Due to the high volume of traffic from multiple sources, requested information or services become unavailable to users.

What is DNSSEC?

DNS Security Extensions (or DNSSEC) is a security measure developed to protect DNS components from attack by implementing a digital signing process. In this process, signing takes place at each stage of the DNS lookup process to ensure the validity of DNS records returned and secure the lookup process.

The future of DNS

The future evolution of DNS is highly concentrated on security, partly as DNS in its original form is fundamentally insecure. Although encrypted queries may protect secure DNS to some extent, confidentiality issues remain with DNS servers because they are widely accessible on the public Internet.

The initial step of a DNS query is unencrypted, and it remained visible to everyone. Therefore, the encryption of DNS records would increase security and it would be effective in preventing domain attacks.

The introduction of resolver-less DNS may provide improved performance and privacy. It will reduce the time spent to perform DNS lookups and it can deliver accurate and validated DNS records.