What is DNS and How Does It Work? : A Definitive Guide with Best Practices & REAL-TIME Examples

Last updated on 30th Dec 2021, Blog, General

(5.0) | 19739 Ratings 995

Share:

The Internet’s DNS system works much like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser. These requests are called queries.

• DNS Basics
• Types of DNS Service
• How Does DNS Route Traffic To Your Web Application?
• How does DNS work?
• There are 4 DNS servers
• What’s the difference between an authoritative DNS server and a recursive DNS resolver?
• How DNS Works – 10 Steps to DNS Query
• What are the steps in a DNS lookup?
• What is a DNS resolver?
• What are the types of DNS queries?
• Conclusion

DNS Basics:

• All computers on the Internet, from your smartphone or laptop to servers serving content for large-scale retail websites, find and communicate with each other using numbers. These numbers are known as IP addresses. When you open a web browser and visit a website, you don’t need to remember and enter a long number. Instead, you can enter a domain name like example.com and still land in the right place.


• A DNS service like Amazon Route 53 is a globally distributed service that translates human readable names like www.example.com into numeric IP addresses like 192.0.2.1 that computers use to connect to each other. The Internet’s DNS system works like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server the end user will access when they type a domain name into their web browser. These requests are called queries.

Types of DNS Service:

Official DNS: An official DNS service provides an update mechanism that developers use to manage their public DNS names. It then answers DNS queries, translating domain names into IP addresses so that computers can communicate with each other. Authoritative DNS has ultimate authority over a domain and is responsible for providing replies to recursive DNS servers with IP address information. Amazon Route 53 is an authoritative DNS system.




Recursive DNS: Clients usually do not directly query official DNS services. Instead, they usually connect to another type of DNS service called a resolver, or a recursive DNS service. A recursive DNS service acts like a hotel concierge: while it does not have a DNS record, it acts as an intermediary who can obtain DNS information on your behalf. If a DNS reference is cached, or stored for some time, in a recursive DNS, it answers the DNS query by providing the source or IP information. If not, it sends the query to one or more authoritative DNS servers to find the information.

How Does DNS Route Traffic To Your Web Application?

The following diagram gives an overview of how recursive and authoritative DNS services work together to route an end user to your website or application. how-route-53-route-traffic:



• A user opens a web browser, enters www.example.com in the address bar, and presses Enter.
• The request for www.example.com is sent to a DNS resolver, usually managed by the user’s Internet Service Provider (ISP), such as a cable Internet provider, DSL broadband provider, or corporate network.
• The DNS resolver for the ISP forwards the request to www.example.com to the DNS root name server.
• The DNS resolver for the ISP re-requests www.example.com, this time to one of the TLD name servers for the .com domain. The name server for the .com domain responds to the request with the names of the four Amazon Route 53 name servers that are associated with the example.com domain.
• The DNS resolver for the ISP chooses an Amazon Route 53 name server and forwards the request to www.example.com to that name server.
• The Amazon Route 53 name server looks for the www.example.com record in the example.com hosted zone, retrieves the corresponding value, such as the IP address for the web server, 192.0.2.44, and returns the IP address to the DNS resolver
• The DNS resolver for the ISP ultimately has the IP address the user needs. The resolver returns that value to the web browser. The DNS resolver also caches (stores) the IP address of example.com for a period of time that you specify so that it can respond more quickly the next time someone browses to example.com. For more information, see Time to Live (TTL).
• The web browser sends a request for www.example.com to the IP address it received from the DNS resolver. This is where your content is, for example, a web server running on an Amazon EC2 instance or an Amazon S3 bucket configured as a website endpoint.
• The web server or other resource returns the web page of www.example.com on 192.0.2.44 to a web browser, and the web browser displays the page.

How does DNS work?

• The process of DNS resolution involves converting a hostname (such as www.example.com) to a computer-friendly IP address (such as 192.168.1.1). Each device on the Internet is assigned an IP address, and that address is needed to find the appropriate Internet device – just as street addresses are used to find a particular home.


• When a user wants to load a webpage, there must be a translation between what the user types in their web browser (example.com) and the machine-friendly address needed to locate the example.com webpage.


• To understand the process behind DNS resolution, it is important to learn about the various hardware components between which a DNS query must pass. For web browsers, DNS lookup occurs “behind the scenes” and does not require any interaction with the user’s computer other than the initial request

There are 4 DNS servers:

Involved in loading a webpage:

DNS Recursor – The recursor can be thought of as a librarian is asked to find a particular book somewhere in the library. A DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Usually the recursor is responsible for making additional requests to satisfy the client’s DNS query.




Root Name Servers – The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to the various racks of books – usually this serves as a reference to other specific locations.




TLD Name Servers – Top Level Domain Server (TLD) can be thought of as a typical rack of books in a library. This nameserver is the next step in discovering a specific IP address, and it hosts the last part of the hostname (for example, the TLD server is “com”).




Official name server – This last nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The official nameserver is the last stop for the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname to the DNS recursor (librarian) that made the initial request.

What’s the difference between an authoritative DNS server and a recursive DNS resolver?

Both concepts refer to servers (groups of servers) that are integral to the DNS infrastructure, but each play a different role and reside in different locations within the pipeline of a DNS query. One way to think of the difference is that the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.




Recursive DNS resolver

The recursive resolver is the computer that responds to a recursive request from the client and takes time to track down DNS records. It does this by making a series of requests until it reaches the authoritative DNS nameservers for the requested record (or times out or returns an error if no records are found). Fortunately, the recursive DNS resolver doesn’t always need to make multiple requests to track down the records needed to respond to the client; Caching is a data persistence process that helps in short-circuiting required requests by first serving the requested resource record in a DNS lookup.




How DNS Works – 10 Steps to DNS Query:

Authoritative DNS server

Simply put, an authoritative DNS server is a server that actually maintains, and is responsible for, DNS resource records. It is the server at the bottom of the DNS lookup chain that will respond with the queried resource record, ultimately allowing the web browser to request access to the IP address needed to access a website or other web resources. An authoritative nameserver can satisfy queries from its own data without querying any other source, as it is the ultimate source of truth for some DNS records.




DNS query diagram

It is worth mentioning that in cases where the query is for a subdomain such as foo.example.com or blog.cloudflare.com, an additional name server will be added to the sequence after the authoritative nameserver, to store the subdomain’s CNAME record Is responsible.




DNS query diagram

There is a significant difference between the many DNS services and the services provided by Cloudflare. Various DNS recursive resolvers such as Google DNS, OpenDNS, and providers such as Comcast all maintain data centre installations of DNS recursive resolvers. These resolvers allow quick and easy queries through optimised clusters of DNS-optimised computer systems, but they are fundamentally different from the nameservers hosted by Cloudflare.

Develop Your Skills with Advanced BIND DNS Administration Certification Training

Weekday / Weekend BatchesSee Batch Details

What are the steps in a DNS lookup?

For most situations, DNS is concerned with the domain name being translated to the appropriate IP address. To know how this process works, it helps to follow the path of a DNS lookup as it travels through the DNS lookup process, from a web browser, and back again. Let’s take a look at the steps. Often DNS lookup information is cached either locally inside the computer doing the query or remotely in the DNS infrastructure. DNS lookup usually consists of 8 steps. When DNS information is cached, steps from the DNS lookup process are omitted which makes it faster. The example below outlines all 8 steps when nothing is cached.




Steps in DNS Lookup:

• A user types ‘example.com’ into a web browser and the query goes into the Internet and is received by a DNS recursive resolver.
• The resolver then queries the DNS root name server (.).
• The root server then responds to the resolver with the address of a top-level domain (TLD) DNS server (such as .com or .net), which stores information for its domain. When searching for example.com, our request is pointed to the .com TLD.
• The resolver then requests the .com TLD.
• The TLD server then responds with the IP address of the domain’s nameserver, example.com.
• Finally, the recursive resolver sends a query to the domain’s nameservers.
• The IP address of example.com is then returned from the nameservers to the resolver.
• The DNS resolver then responds to the web browser with the IP address of the domain initially requested.



Once the 8 steps of DNS lookup has returned the IP address for example.com, the browser is able to make a request to the web page:

• The browser makes an HTTP request to the IP address.
• The server on that IP returns the webpage to be rendered in the browser (Step 10).

What is a DNS resolver?

The DNS resolver is the first stop in the DNS lookup, and is responsible for dealing with the client that made the initial request. The resolver initiates a sequence of queries which eventually translates a URL into the required IP address.

Note: A typical uncached DNS lookup will include both recursive and iterative queries.

It is important to differentiate between recursive DNS queries and recursive DNS resolvers. Query refers to a request made to a DNS resolver that requires resolution of the query. A DNS recursive resolver is a computer that accepts a recursive query and processes the response by making the required requests.

What are the types of DNS queries?

There are three types of queries in a typical DNS lookup. By using a combination of these queries, an optimised process for DNS resolution can result in a reduction in the distance travelled. In an ideal case the cached record data would be available, allowing the DNS name server to return a non-recursive query.

Types of DNS Query:

Recursive Query – In a recursive query, a DNS client requires that a DNS server (usually a DNS recursive resolver) respond to the client with the requested resource record or an error message if the resolver cannot find the record.




Iterative Query – In this case the DNS client will allow a DNS server to give the best answer it can. If the queried DNS server has no match for the query name, it will return a referral to the authoritative DNS server for the lower level of the domain namespace. The DNS client will then perform a query on the referral address. This process continues further down the query chain with additional DNS servers until an error or timeout occurs.




Non-recursive query – typically this will occur when a DNS resolver client queries the DNS server for a record that it has access to because it is authoritative for the record or the record exists inside its cache. Typically, a DNS server will cache DNS records to prevent additional bandwidth consumption and load on the upstream server.




What is DNS Caching? Where does DNS caching happen?

The purpose of caching is to temporarily store data in that location resulting in improved performance and reliability of data requests. DNS caching involves storing data closer to the requesting client so that DNS queries are resolved first and to avoid additional queries further up the DNS lookup chain, thereby improving load times and reducing bandwidth/CPU consumption. DNS data can be cached in various locations, each of which will store DNS records for a set amount of time as determined by time-to-live (TTL).

Browser DNS caching:

Modern web browsers are designed by default to cache DNS records for a certain amount of time. Here the objective is clear; The closer DNS caching is to web browsers, the less processing steps must be taken to check the cache and make the correct requests to the IP address. When a request is made for a DNS record, the browser cache is the first place to search for the requested record. In Chrome, you can check the status of your DNS cache by visiting chrome://net-internals/#DNS.




Operating System (OS) Level DNS Caching:

The operating system level DNS resolver is the second and last local stop before a DNS query leaves your machine. The process inside your operating system that is designed to handle this query is usually called a “stub resolver” or DNS client. When a stub resolver receives a request from an application, it first checks its cache to see if it has a record. If it does not, it sends a DNS query (with a recursive flag set) outside the local network to a DNS recursive resolver inside the Internet Service Provider (ISP).

Conclusion:

This article explains what a Domain Name System is and how it works. It covers essential DNS functions and what needs to happen before you can connect to an online server using your domain name. Today we looked at what DNS is, the principles of how it works, and the intricacies that can lead to misuse and abuse.




The topic is quite broad and full of technical specifications, but this information should be more than enough for you to have an educated conversation about DNS with your friends and colleagues.




As a cornerstone of the Internet as a whole, domain name service is a topic that every professional and hobbyist should understand at least a little bit. Hopefully, you now have that essential understanding and if this article has piqued your interest then you can venture deeper into DNS specifications.