How DNS Works ?

Ananay Ojha
7 min readOct 8, 2021

--

Table of contents :

What is DNS

DNS GLOSSARY

How DNS WORKS

More about DNS

We learnt in childhood that computer only understands binary (0 and 1). Then when we type `www.facebook.com` in search bar, how do computers understand that ? Answer: DNS makes this possible. In this blog, we will develop a basic understanding of DNS , How it works and discuss some DNS commands for the terminal. We assume that you are familiar with basic terms like IP Addresses, Client , Server & Domain Names . So, Let’s start !

What is DNS ?

Computers & other devices uses IP Addresses to identify each other on internet. DNS (Domain Name System) is a method which converts machine readable IP ADDRESS to human readable search query (website names like www.microsoft.com)& vice versa. It helps our browser (the client) to find the Server (like Apache server)

In recent shutdown of Facebook , The end result was that Facebook’s DNS servers became unreachable even though they were still operational. This made it impossible for the rest of the internet to find their servers.

So,You see how important DNS is...

The DNS Glossary

Here we will discuss about common Terms and commands used when working with DNS. With some bonus info .

DNS Query :

Also known as DNS Request, Is a demand for information sent from a user’s computer (DNS client) to a DNS server.

Name Resolution :

The process of getting IP Address from Domain Name.

DNS Zones :

A DNS ZONE .A DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. All DNS Zone contains Zone files (that contains all DNS records).

DNS Records :

Also known as ‘Zone files’. These are the files stored in a DNS Server. This helps in delivering requested information.

Most popular DNS RECORDS are :

A Record : contains IPV4 IP address (like 192.168.1.1)

AAAA Record : Also known as quad A contains IPV6 Address

CNAME (Canonical Name)Record : Redirects traffic from one domain to another.Like www.azure.com points to microsoft.azure.com and finally microsoft.azure.com is resolved

MX (Mail Exchange)Record : Directs to the email server of the company.

TXT (Text)Record : Lets an admin store text notes in the record. These records are often used for email security.

SOA (Start Of Authority)Record: Stores Admin information about a domain (like owner, their email id)

PTR(Pointer): Provide Domain Names in case of Reverse Lookup.(i.e you searched about IP instead of domain Name)

SRV (Service)Record : Specifies a host & port for a specific service like Voice Over IP (VoIP).

💡 Azure DNS Uses TXT & MX Record for Domain Verification.

DNS Resolver :

Also known as ‘a Recursor' ,DNS resolver is a type of server that manages the “name to address” translation. The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.

Root Server :

The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books - typically it serves as a reference to other more specific locations.

TLD Server :

The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In google.com, the TLD server is “com”.)

Name Server :

This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

DNS Round Robin :

Load balancing method in DNS. Like if a domain has 3 Name servers (N1, N2,N3) Query 1 directed to N1, Query 2 directed to N2 for balancing traffic.

HOW DNS WORKS ?

The Finding of IP ADDRESS from a DNS query is known as DNS RESOLUTION. It is as follows -

  1. After user searches any URL(like www.google.com) then firstly the browser & operating system check their cache memory.
  2. When both are unable to find the requested IP, Request is forward to DNS query (with a recursive flag set), outside the local network to a DNS recursive resolver inside the Internet service provider (ISP).
  3. Resolver checks it’s cache first. The resolver server is usually your ISP (Internet Service Provider like JIO, AIRTEL). It may or may not know the IP. All resolvers must know one thing: where to locate the root server.
  4. The root server knows where to locate the `.com` TLD server. TLD stands for Top-Level Domain
  5. The `.com` found the authoritative name servers for the domain `google.com`
  6. Finally IP Address for the server is given to the resolver. It then shares it to the browser. They also cache it for speedy resolution next time.
  7. At last, the content is requested to the server and delivered to the user.

How could the .COM TLD server point me to the authoritative name servers?
There are too many . Com domains

When a domain is purchased, the domain registrar(like GoDaddy) reserves the name and communicates to the TLD registry the authoritative name servers.

DNS COMMANDS

Dig : It is used to gather DNS information.

Above Image shows that DNS uses port 53 (highlighted in yellow circle) ; the IN here stands `Internet`
The image shows the Record Types namely CNAME and A Record along with their values in the DNS Records

From the above two screenshots, we can observe that since I visit www.google.com oftenly name Resolution was faster( since It was cached)

NSLOOKUP (NameServer Lookup): Is helpful from getting information from the DNS Server.

nslookup command in a windows powershell
nslookup can be used to find every record type ; this shows CNAME record
This shows different NameServers alloted for this domain
This shows whom to contact in case you didn’t find any particular record

More about DNS

Port and Protocol of DNS

PORT — 53

Protocol — Generally UDP, But can also use TCP

DNS is a application layer Service that uses UDP to serve faster. According to Microsoft Docs, DNS uses TCP for Zone transfer and UDP for name, and queries either regular (primary) or reverse. UDP can be used to exchange small information whereas TCP must be used to exchange information larger than 512 bytes. Because UDP can’t transfer large packets. UDP packets can’t be greater than 512 bytes. So any application needs data to be transferred greater than 512 bytes require TCP in place.

Types of DNS Service

There are two types of DNS Services

  • Authoritative
  • Recursive

Amazon Route 53 is an authoritative DNS system.

Similarly Google Cloud Platform offers Cloud DNS and Microsoft Azure Offers Azure DNS service with almost similar features.

What is DNS caching? Where does DNS caching occur?

The purpose of caching is to temporarily stored data in a location that results in improvements in performance and reliability for data requests. improving load times and reducing bandwidth/CPU consumption. each of which will store DNS records for a set amount of time determined by a time-to-live (TTL).

Is DNS Secure ?

Computers aren’t smart enough ; Our Devices will blindly send traffic to the IP received as Answer. These attacks can redirect a website’s inbound traffic to a fake copy of the site, collecting sensitive user information .So, we have DNSSEC (Domain Name System Security Extensions)as a dedicated protocol for this. Read more here

Thanks for reading !!! Hope you like it

Connect with me on -

--

--

Ananay Ojha

Hey 👋 With this blog I will be sharing my knowledge and experience with Cloud & related fields. Summarised from my own experiences. In a beginner friendly way.