What is DNS?

What is DNS?

DNS or Domain Name System is one of the most used protocols on the internet because it turns human-readable names, like the ones we use for web browsing, into IP addresses. Our computers need these addresses because they are used for accessing web content on the internet. The DNS resolves names every time you type something into your browser. For instance, when you type google.com into your browser's address bar, the browser tries to find its IP address through the domain name system.

The Recursive Process

It is common to use a local DNS server (Recursive DNS Server) for sending name resolution queries. The DNS server's task is to send out requests to see if the request we sent has an IP address (it's called a recursive process). When it's done with the name resolution, it will inform us of any findings. Also, it has a huge cache of these results to work with. So if the next user requests this recursive request, it may answer back instantly without having to go through the procedure all over again.

It Remembers

There is a TTL (Time To Live) value for each DNS record. In seconds, this indicates how long the response should be stored locally for until we need it again. Caching eliminates the need to repeatedly send a DNS request to a server.

A Simple Example

Security Mindset-DNS.drawio.png

Source: Author's own

You want to access the google.com website, but you don't know the IP address of it. It's true that you yourself don't need this information, but as said previously, your computer does. This is how it works: your computer first checks if the address has been previously searched locally; otherwise, it sends a request to a Recursive DNS Server (1) . The IP address of the Recursive DNS Server is normally given to you by your internet service provider, but you can also set your own.

The Recursive DNS server also has a local cache of domain names that have been recently looked up. If a local result is found, your computer gets the IP address and our request ends here (8). If the request can't be found locally, the search for the right address continues with the Root DNS Servers (2) .

When a Root DNS Server is queried for a domain name, it directs the recursive server requests to the appropriate Top-Level Domain DNS Server (3). In case of google.com, the root server will recognise that the Top-Level Domain is .com and direct the Recursive DNS Server to the appropriate TLD server that deals with .com addresses (4).

The TLD server maintains a list of Authoritative DNS Servers that may respond to DNS queries (5). It is common to refer to the Authoritative DNS Server simply as the domain's Name Server. There can be several Name Servers for a domain name like google.com, it serves as a backup in the event that one of them goes down. In this turn the Recursive DNS server sends a request to the Authoritative Server (6).

The server that is in charge of holding the DNS records for a certain domain name and the location where any modifications to those DNS records for your domain name would be made is referred to as the Authoritative DNS server. At the end of this process, the DNS record with IP address (142.250.180.196 for google.com) is transmitted back to the Recursive DNS Server (7), where, depending on the type of record, a local copy will be cached for future queries. The record is then relayed back to the initial client that initiated the request (8).