What is Domain Name System (DNS)?
Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates human readable domain names into the numerical identifiers associated with networking equipment, enabling devices to be located and connected worldwide. Analogous to a network “phone book,” DNS is how a browser can translate a domain name (e.g., “facebook.com”) to the actual IP address of the server, which stores the information requested by the browser.
DNS Basics
The domain name system (i.e., “DNS”) is responsible for translating domain names into a specific IP address so that the initiating client can load the requested Internet resources. The domain name system works much like a phone book where users can search for a requested person and retrieve their phone number. DNS servers translate requests for specific domains into IP addresses, controlling which server users with access when they enter the domain name into their browser.
A Brief History of DNS
When the Internet started, it was easier for people to correspond to specific IP addresses with specific computers, but that didn’t last long as more devices and people joined the growing network. While it’s still possible to type a particular IP address into a browser and reach a website, users wanted website names that would be easier to remember. When the Internet started, Stanford’s Elizabeth Feinler personally assigned those names and addresses in a master list of every Internet-connected computer. This text file was called “hosts.txt”.
As the Internet grew to millions of domains, this was not sustainable. In 1983, Paul Mockapetris, a USC researcher, was tasked with developing a solution. His solution was a new system that he named DNS, which remains based on Mockapetris’ fundamental principles. Today, the standards for DNS are maintained by the Internet Engineering Task Force (IETF) in RFC 1035.
How DNS Servers Work
The DNS directory is distributed worldwide, stored in special servers called dns servers (i.e., “domain name servers”) that are interconnected and communicate regularly to synchronize directory information and create redundancy.
DNS servers and IP addresses
A DNS server stores specific information that pairs a domain name with particular IP addresses. A domain may have one or hundreds of IP addresses associated with it. Amazon.com, for example, has thousands of servers across the globe, and the physical server that a user connects within one country is likely completely different from another user elsewhere around the world. The global nature of Internet services requires a network of distributed and scalable DNS servers to ensure that users can quickly look up and resolve the requested server’s location, wherever they are around the globe.
The DNS Lookup Process
The purpose of DNS is to translate a domain name into the appropriate IP address. This is done by looking up the dns records of the requested domain. There are typically eight steps in this DNS lookup process that follow the information path from the originating web browser to the DNS server and back again. In practice, DNS information is often cached to reduce the DNS lookup response time. When the DNS information is not cached, the eight-step lookup process is as follows:
The eight steps in a DNS lookup:
1. A user enters a domain name (e.g., facebook.com) into their browser, and the browser sends the query via their internet service provider isp to a DNS recursive resolver.
2. The DNS recursive resolver, in turn, sends a query to the root DNS nameserver (.).
3. The root server returns to the resolver the address of the top-level domain (i.e., “TLD”) DNS root server, which has the needed information for the facebook.com domain. (Examples of a top- level domain tld include “.com”, “.net”, and “.org,” which each TLD having it’s own root DNS server.)
4. In turn, the resolver then sends the information request to the Top-Level Domain server (In this case, the “.com” TLD nameserver).
5. The TLD name server responds to the resolver with the targeted IP address of the domain’s nameserver. (In this case, the DNS server for “facebook.com”.)
6. Next, the DNS recursive resolver sends the query to the domain’s DNS server.
7. The domain’s DNS server then returns the IP address to the DNS resolver for the requested domain (e.g., “facebook.com”.
8. Finally, the DNS resolver returns the IP address of the requested domain to the requesting web browser. The browser sends the HTTPS request to the targeted IP address, and the server with that address returns the webpage, which renders in the user’s browser.
Types of DNS Services
There are two primary types of services that DNS servers provide: Authoritative DNS and Recursive DNS. Both are integral to the DNS infrastructure, but each serves a different purpose during a DNS query. The recursive DNS server at the beginning and the authoritative DNS server at the end of the DNS query.
Recursive DNS Server: As discussed in the DNS lookup process description, the recursive DNS server responds to a request from the client and returns the IP address for the requested domain name. The recursive resolver server makes a series of requests until it reaches the authoritative DNS nameserver for the requested domain.
Authoritative DNS Server: The authoritative DNS server is the server that actually holds and maintains the record for the requested domain. The authoritative DNS server also has an updated mechanism, allowing administrators to manage their public DNS names. The authoritative DNS server is the final source of truth for a domain’s DNS information and is responsible for providing the domain’s IP address information back to the requesting recursive DNS server.
FROM THE INFOBLOX COMMUNITY
- Still Using DHCP On Your Routers? You Can’t Do That With IPv6
- How Docker Networking Works and the Importance of IPAM Functionality
- Don’t Forget One Critical Piece When Modernizing Service Providers’ NFV and SDN Architecture
- DNS for Early Threat Detection – Breaking the JinxLoader Kill Chain
- New CISA, FBI, and MS-ISAC Alert on Defenses Against Distributed Denial of Service (DDoS) Attacks
- DNS Early Detection – Breaking the GoldFamily Kill Chain
- Five Eyes Joint Advisory on Volt Typhoon Chinese State-Sponsored Threat Actor
- How to Implement Commercial Data Protection for Copilot using Infoblox DNS
- DNS Early Detection – Breaking the BlackCat Ransomware Kill Chain
- DNS Early Detection – Breaking the Fake Web3 Gaming Kill Chain
- DNS Early Detection – Breaking the Coral Raider Kill Chain
ABOUT INFOBLOX
Infoblox unites networking and security to deliver unmatched performance and protection. Trusted by Fortune 100 companies and emerging innovators, we provide real-time visibility and control over who and what connects to your network, so your organization runs faster and stops threats earlier.