What Is DNS, How Does It Work, And How to Use Your DNS Zone
Updated · Apr 06, 2022
Imagine having to use your phone, but you can’t use any contact storage – you need to remember and dial every single person’s phone number. Sounds tedious, right? This is what a world without DNS would look like!
Although its practical use can be explained in just the above sentence, the domain name sytem has many interesting intricacies which we’ll explore in depth throughout this article. Stay tuned and keep scrolling for some interesting facts and useful knowledge about how DNS works!
Back in the 80s before DNS was introduced, computers on a network were being accessed through their IP address, which is much like a phone number.
It’s just digits.
This was useful for some time when the internet was quite small. And yes, it was small enough for this system just a couple of decades ago. With its growth though, this approach became less and less practical. We all know our closest friends’ phone numbers, but imagine what would happen if your friend circle grew to several million people in just a couple of years.
The domain name service routes traffic throughout the global network.
Well, this happened with the internet and remembering or writing down numbers wasn’t quite possible, practically speaking, anymore.
At one point, the scientists at MIT realized that the human brain is perfectly capable of memorizing words or phrases, and not all that potent when it comes to random number sequences. This logical, yet crucial, realization gave birth to the predecessor of DNS – the hostname service.
It was a crude solution but did serve its purpose. The hostname was just a huge file named “hosts” that every operating system has, even nowadays. It was being used during the times of the ARPANET (the biggest network before the internet came to be.)
The next logical step of this train of thought was to centralize or globalize this system. This is how the Domain Name Service (or Servers, or System) or DNS for short, came into existence. It’s a global, centralized system that gives “names” to IP addresses and makes them easier for humans to interact with and memorize.
When you type “google.com” into your browser, your browser *knows* which computer(s) that phrase is referring to. There are several steps as to how this is realized, and we’ll go through them in the next chapters.
2. What is DNS
DNS is the backbone of the internet. That statement is far from a precise DNS definition, but its truthfulness cannot be disputed. Without the domain name system, the entire internet wouldn’t work at all, along with all the gruesome consequences that this will cause.
The domain name service operates on several levels of abstraction, which allow for the domains to be categorized properly, in a strict hierarchical structure. These abstractions are called namespaces and are separated by the dots found in every domain. If you take for example the domain www.hostingtribunal.com you have the following layers:
This is the “.com” portion of the domain. Unless you grew up under a rock, you would have definitely heard about “.com”, “.net.”, “.org”, and other popular top-level domains. They are the most common and also the oldest ones. There are currently more than 342.4 million domain name registrations, and “.com” and “.net” combined amount for 151.7 million of them.
Some top-level domains are globally usable like the aforementioned, but there are also those that are restricted to specific organizations or countries. The “.edu” gTLD is reserved for educational facilities, the “.gov” for government organizations, and so forth.
Fun fact about gTLDs: The extremely popular .TV gTLD which is being widely used as a reference to “television”, is actually the country-code TLD (ccTLD) for the country Tuvalu, which generates a considerable amount of its national net worth purely because of this coincidence!
Country-code Top Level Domains
Country-code TLDs are top-level domains used to describe sites that operate in (or from) specific countries and regions. They are useful for branding, local businesses, and for international sites with numerous local iterations.
The online giant Amazon has a dot-com version, dot-de for Germany, dot-uk for the United Kingdom, and so forth. This approach boosts local market penetration, bypasses language barriers, and makes calculating shipping costs (and customs taxes) much easier.
Mind, ccTLDs are still TLDs and not secondary domains.
Second-level domains come before the dot in dot-com or dot-us. In our example, this is the “hostingtribunal” part of www.hostingtribunal.com. If you take www.bbc.co.uk as an example, though, the “.co” part would be the second-level domain.
New gTLDs are created through a lengthy, expensive application process and evaluation done by ICANN (the regulatory body for all domain names, among other things), and you, as a user, can only use the existent set.
Ultimately, ICANN regulates all domain names in existence.
On the other hand, second-level domains can be whatever you want it to be. As long as the name is free you can register it. However, considering the size of the internet, this is not always an easy task.
Fun fact about second-level domains: The shorter and more recognizable the domain is, the more valuable it is. There are a huge number of companies and people who profit from registering domains which might generate commercial interest and then selling them for a huge gain. A new domain name registration usually costs between $1 and $100, but buying a “premium” domain from someone who obtained it for the sole purpose of reselling it can often come in the tens or hundreds of thousands of dollars!
Subdomains are governed by the owner of the second-level domain, and they can create any number of subdomains in the DNS zone. For this reason, you will quite often see utility subdomains like “shop.mydomain.com” or “blog.mydomain.com”.
Creating subdomains is free and they are very useful for providing additional information in the URL bar. In companies, you would see them nested even more frequently, where location, type, purpose, etc., are being referenced in there too. For example “servers.storage.eu-west.region1.google.com” could easily be a legitimate domain name for a Google server.
3. How DNS works
There and back again – the lifecycle of a DNS request
When you submit your request for the domain www.hostingtribunal.com your browser first checks the local operating system for any entries of it.
Remember the “hosts” file we mentioned earlier? It’s still around and it’s the first thing place where the OS looks for IP addresses bound to that domain.
If it doesn’t find a reference in there, then the OS checks with your internet service provider.
This is the beginning of a process called DNS record lookup, as the ISP sends the request to the global network to locate the resource (website, typically) the end-user wants. Due to the amount of DNS lookups being performed for each provider (literally, millions per second), ISPs usually keep a cached version of the entries so they don’t have to make the lookups every single time the same resource is requested.
This cable is the beginning or the end of a DNS query.
This step of the process is handled by the recursive resolver. A noteworthy fact about the resolver is that it groups the requests it receives in batches. Essentially, this creates a cache database so that a small number of requests can serve a considerable amount of users. This saves network traffic, which is extremely important when we keep in mind the scale of the internet.
If your internet service provider doesn’t have the IP you OS wants then your request is propagated further up the chain by the ISP (which will then add the return to its DNS cache database.)
If your request doesn’t find an answer anywhere in the cached data along the route, it gets to the root nameservers. They are the authority that contains every single DNS record and are responsible for controlling the authenticity and availability of all of them. The root servers redirect the traffic for each gTLD to the respective authority.
Once your query gets to the root nameservers, they check for the respective gTLD authority. They scan the domain name from the right-hand-side first. (Technically, domain names are read from right to left.) For example, for any “.com” domain name, they redirect the query to the “.com” TLD name servers – those of VeriSign.
The TLD name servers already know which gTLD they are responsible for, so they check the second-level domain. In the case of our www.hostingtribunal.com query, the TLD name servers will check for “hostingtribunal” and through their optimized algorithms will return the result.
During the return of the request, our intermittent servers (the recursive servers) will store the obtained DNS values for a specific period of time. This is called the “time-to-live” (TTL) that any domain record has. The TTL duration is set with the record itself.
If you want to have your record refreshed often by the DNS chain of servers, you can set a short time-to-live. This is quite often unnecessary since DNS records don’t change frequently for a working domain.
After all this, the request makes it back to your computer, where you save the record in your browser as a local reference, and the browser itself sends a request to the IP that you received for that domain.
What a ride, eh!
Considering that data exchange on the internet is close to the speed of light over fiber cable, this whole series of technically complex events only takes milliseconds.
Fun fact about the root nameservers: There are only 13 root nameservers! In reality, each of them is comprised of a cluster of machines to provide the necessary computational power, security, redundancy, and bandwidth. If even one root server happens to be down, the impact on the internet is huge. Countless websites will stop resolving; even huge ones that are always available will be down. The 13 servers are operated by:VeriSign, Inc., University of Southern California (ISI), Cogent Communications, University of Maryland, ASA (Ames Research Center), Internet Systems Consortium, Inc., US Department of Defense (NIC), US Army (Research Lab), Netnod, VeriSign, Inc., RIPE NCC, ICANN, and WIDE Project
4. DNS Zone Dissection - Types of Records
A term you might encounter while setting up your website, especially if the domain name is registered at one place and the hosting is provided at another, is A record or DNS records. All website-related DNS records are part of the site’s DNS zone.
In turn, the DNS zone serves an administrative and technical function. Strictly speaking, the DNS zone definition states that this is a segment of the entire domain name system that is under the managerial authority of a single administrator, be that a legal or private entity.
I know, it sounds like technical nonsense.
A detailed DNS zone with numerous entries. Tread carefully.
All the same, I’ll leave it at that and will focus on the practical DNS zone aspects that concern website hosting directly.
In web hosting, several interconnected services need to be directed to the proper servers for a hosting service – website, database, email – to work, and that coordination is regulated by the data stored in the DNS zone. The zone is a collection of DNS records sorted by their individual types; the content is called a DNS zone.
For example, the record that tells a domain name from where (from which server, that is) to load content (also known as “the website) is stored in the main A record. Quite often the www record also gets an A record.
However, there are other types of records for the mail services, for the additional services, ownership authentication, and others.
5. Main Types of DNS Records
The A record is a DNS record that relates a domain name to an IP address. This is how your website’s home server can be found on the internet. It is the A record that associates the website (the content) with its designated domain name (address).
The AAAA records are exactly the same as the A records, but instead of using IPv4 addresses, they use IPv6, which is already a necessity. When the internet was created, the amount of 4 billion addresses provided by IP version 4 seemed orders of magnitude greater than what would ever be needed. However, with the exponential growth of the internet and the explosion of devices connected to it, this is no longer the case. IPv6 was introduced to battle the exhaustion of the IPv4 pool without changing much how DNS works as a whole.
The CNAME record is quite similar to the A record, but it binds a domain name to another domain name. This way you can hook subdomains of your domain to external domains without worrying about changing their IP addresses – you will be referenced directly to the other domain name instead.
The MX record is the one that directs where the mail server, and quite often “servers” are located. In order for your website to open, there needs to be a web server that serves the website data; however, the emails are sent and received by a mail server, hence the purpose of the existence of the MX record.
MX records have a specific property called priority. The MX server priority is designated with digits, starting with zero. This is done for redundancy reasons, mostly, so that several mail servers can be associated with a single domain name. If the server with priority 0 doesn’t reply to the request, the one with the next number is being queried, and so on.
SPF records is a TXT record (a text-based record) used for determining the authenticity of the mail services. As the mail protocol is quite old and hasn’t seen many (if any) updates over the last decades, additional security measures are introduced every now and again. Most of them help determine whether the sender of the email is the person he claims to be. SPF records are one of those mechanisms.
PTR records are reverse DNS records which are the exact opposite of A records. They bind IPs to domains. This way when you query an IP, you can get meaningful information as to what domain name it’s associated with.
The nameserver records are one of the most important ones as they tell the domain name which DNS zone to use. Generally, you can create a DNS zone in any DNS server and have different records for it. For example, you can create a valid DNS zone for “google.com” and send it to your website. Does this mean that all the traffic for Google is now yours? Well, no, because the authentic Google.com NS (nameserver) records are saying which exact nameservers are containing the correct DNS zone. Quite handy.
6. What is DNS Caching
Throughout this article, we’ve been talking about huge (and I mean HUGE) numbers, which give us a real impression of the scale of the internet.
In that sense, it’s extremely important to manage resources properly. Having one unoptimized request is alright in many systems, having 1000 – sometimes. But having millions upon millions per second… Well, that’s when every single link in the chain needs to be perfectly optimized for it to serve its purpose.
This is where DNS caching comes in. Instead of having every single request reach the TLD name servers we mentioned above, the vast majority of them are served intermittently by cached results.
There’s no need for the request to travel all around the world if your home internet service provider already has the answer.
There are several layers of DNS caching, the first one of which is right in your browser. Every single one (at least among the more popular ones) has DNS caching built-in.
This means that when you visit a website often, your DNS query doesn’t even leave your computer.
The browser knows the IP of that car dealership website you’ve been visiting secretly from your wife. Instead of performing a full lookup throughout the domain name system, it requests the site content directly.
If your browser doesn’t have a particular record cached, it will check with the operating system. Even if you don’t frequent the internet much, you will still be amazed at the amount of DNS cache your OS has.
All of the servers through the request pathway are caching results for a time equal to the TTL we mentioned earlier. This minimizes the total amount of requests that go all the way through the DNS hierarchical chain because each user request gets a shorter path from and to the browser.
DNS cache can also be manually purged. This process is called flushing. Server administrators can do this manually, or it can be scheduled. In simple words, it's the removal of all cached entries in the system and awaiting fresh ones.
7. Security Concerns
As is with every system on the internet - there are always security issues and considerations involved and DNS is no exception. In this chapter, we'll take a look at the most popular exploits used today.
A particularly common exploit is DNS cache poisoning. This happens when an authoritative server is maliciously set to provide wrong results for a DNS query. A simple way to explain it would be that "google.com" always points to the Google servers and opens the infamous website.
If a particular server or set of servers provides wrong records to the upstream servers, though, then google.com can resolve to any IP that the hackers have set. This is usually accomplished through viruses or glitches in the DNS protocol.
Another exploit is the DNS amplification attack, where the servers are spoofed the wrong query requester address and they all return data to the same IP. This way, thousands of servers can send a response query to a particular machine until its available resources are depleted.
In this type of malicious exploit, the attack isn't toward the DNS servers themselves; instead, they are being used to bring down other servers.
DNS tunneling is another common exploit of DNS servers. Basically, it is a way of transferring malicious data from one machine to another. The data itself is encoded in the request sent to the server. Upon responding, the server creates a two-way connection for data transfer and this often enables remote unauthorized access to the server itself.
A type of local DNS exploit is DNS hijacking. This involves editing the networking information on a particular machine so that it will resolve its queries toward a malicious server. Generally, your system would use trusted DNS servers to obtain records upstream. However, if that data has been altered, you can end up with any DNS records that the attacker has set onto the malicious server.
A DDoS (Distributed Denial of Service) attack is an NXDOMAIN attack, which uses a huge number of servers to make requests toward a non-existent domain, flooding the DNS servers with requests in the process.
Every machine has limited resources and can perform a limited number of queries before it starts adding delay or services start crashing. Once the server is overwhelmed with requests from the attackers, it cannot serve any legitimate user requests anymore.
Today we looked over what is DNS, the principles of how it works, and the intricacies that can lead to misuse and abuse.
The topic is quite broad and filled with technical specifications, but this information should be more than enough for you to have an educated conversation regarding DNS with your friends and colleagues.
As a cornerstone of the internet as a whole, the domain name service is a topic that every professional and hobbyist should understand at least a bit. Hopefully, you now have that necessary understanding and can venture deeper into the DNS specifications if this article has sparked your interest.
Unaware that life beyond the internet exists, Nick is poking servers and control panels, playing with WordPress add-ons, and helping people get the hosting that suits them.