The internet has countless websites, applications and on-line services, that all depend upon computers communicating with each other. It is far easier for people to remember names like “example.com” than numerical addresses such as “192.0.2.1.” that is where DNS (Domain Name System) comes in. DNS serves as the internet’s phonebook by translating domain names into IP addresses so devices can connect quickly.
It is important to understand how DNS works for anyone who wants to understand how the web really works, speed up browsing, or enhance online security.
What Is DNS?
DNS (Domain Name System) is a hierarchy-based method of connecting “domain name” and “IP address.” Essentially, it is a method of associating each website you visit with an IP address which is the unique number assigned to a server hosting that website.
If there was no DNS, you would have to memorize all of the IP addresses for websites in order to access them. This is why DNS has made the Internet so much easier to use, and provides a very simple way to maintain the technical functionality of the Internet.
How DNS Works
In general when you enter a web site as www.example.com within your browser the system performs many steps:
- DNS Resolver Request: A query is sent from your PC to a DNS resolver usually provided by your ISP or an outside 3rd party DNS provider such as Google DNS or Cloudflare.
- Recursive Query Process: The resolver will attempt to find the correct IP address using multiple DNS servers.
- Root Server Referral: The resolver may query a Root DNS Server if it does not have the IP cached. The Root DNS Server will tell the resolver which TLD (top level domain) server has the correct IP address for example .com, .org or .net.
- TLD Server Query: The resolver then contacts the TLD server for the correct authoritative DNS server that serves the specific domain.
- Authoritative DNS Server Response: The authoritative DNS server responds with the IP address of the domain.
- Browser Resolution: Once the resolver receives the IP address it is forwarded to your PC so your PC can connect to the server hosting the web site content and begin to render.
The entire process occurs in a matter of milliseconds allowing nearly instant access to web sites.
Types of DNS Servers
DNS has been divided among several kinds of servers. Each type of server performs a certain role in the DNS architecture.
- Root DNS Servers: The first level of the DNS hierarchy. Roots direct resolvers to the TLD servers for each domain name system.
- Top Level Domain Servers: Manage all sub-domains that are registered under a particular TLD.
- Authoritative DNS Servers: Store the actual mappings from domain names to their corresponding IP addresses.
- Caching DNS Servers: Cache the result of previous DNS queries so that future queries can be resolved faster by reducing traffic.
Public vs. Private DNS
Typically, your Internet Service Provider will provide a default DNS Server, however you may also use a public DNS Server. The most popular choices are:
- Google’s Public DNS (8.8.8.8, 8.8.4.4)
- Cloudflare DNS (1.1.1.1)
- OpenDNS (208.67.222.222, 208.67.220.220)
Public DNS Servers may enhance your performance, reliability, and security, specifically when your ISP’s DNS server is experiencing delays in response time or is unreliable.
Common DNS Issues
While DNS is generally reliable, problems can occur:
- DNS Caching Problems: There are times when you have old records stored on your computer or router and those old records will keep you from reaching a website that has been recently updated.
- DNS Spoofing/Poisoning: Hackers are able to alter your dns response so they can point your browser to their malicious site.
- Authoritative Server Downtime: Anytime one of the authoritative servers used by the internet to answer a request is down, there are a lot of sites (depending on the number of authoritative servers) that are unavailable until the downtime ends.
You can resolve some of the above mentioned issues by clearing out your DNS Cache and use a secure DNS service.
Security Considerations
Cybercriminals frequently target DNS. However, there are a number of methods to enhance security when utilizing DNS:
- Encrypt DNS queries by using DNS over HTTPS (DoH) or DNS over TLS (DoT).
- Utilize secure or known DNS servers in order to avoid using potentially malicious DNS servers.
- Track unusual redirects or frequent DNS error messages, as these may be signs that someone has compromised your DNS.
DNS and Online Privacy
Each time you send a DNS query to the DNS resolver, it identifies the website(s) you have visited. Therefore, each time you do this, your ISP and the DNS service provider will know exactly what you have been doing online. Secure or privacy-focused DNS services are available, and they may assist in reducing or eliminating the ability of ISPs and other third parties from monitoring your internet activity. In addition, many temporary email services, such as Evap Mail, utilize DNS to allow users to verify their email address and receive emails in their inbox without revealing their identity.
Final Thoughts
The Domain Name System (DNS) is an integral part of the Internet; it provides for the translation of human-readable domain names to machine readable IP addresses that allow communication between various devices. In order to choose faster speeds, better security, and/or greater privacy on-line, individuals need to have an understanding of the way in which DNS operates. Understanding DNS allows individuals to improve their ability to browse the Internet securely and efficiently, regardless if they consider themselves a casual user of the Internet or an individual interested in learning about the technologies that enable the Internet.