Domains

What is DNS? An Introduction to What It Is and How Domain Name System Works

by Francis King

Just what is DNS? Well, if you’ve ever had to set up a WiFi router or configure your local network, you’ll have seen Internet protocol (IP) addresses. To access the network admin panel, you type a string of numbers like 192.68.0.1 into your web browser, and these numbers are the online location of your router.

So, the entire Internet works in the same way. When you visit a website, you connect to the IP address of the relevant server hosting the site. But when have you ever typed numbers and periods to access a website?

Instead, you would type in a phrase like “onlydomains.com” to get to where you want to be. For us mere humans, it’s so much easier to remember words and phrases rather than a long list of meaningless numbers. 

That said, the luxury of using names for websites instead of IP addresses is often taken for granted. Many people know nothing about the infrastructure that makes it all so convenient. The architecture behind all this is the Domain Name System (DNS). 

So, what is DNS, and how does it work? In this article, we’ll explain all that you need to know.

What is a Domain Name System (DNS)? Say Hello to the ‘Internet Directory’

Basically, the Domain Name System is like a group of phone books for IP addresses. Every device and website has a unique IP address. DNS is almost like a virtual Yellow Pages that allows you to connect your computer to server-hosted websites.

DNS processes maintain a user-friendly Internet that lets businesses choose words and phrases during domain registration. The DNS also enables users to type “google.com” instead of a massive string of numbers. 

What is the Function of the DNS? Talking the Basics

Simply put, the function of the Domain Name System is to have an updated list of every device and website connected to the Internet. Websites come and go. Businesses migrate their content from one web hosting service to another. Yet, when users type microsoft.com, they expect it to take them to the same web page every time. 

The smooth experience of connecting to a website through your browser is only possible because of DNS servers. One server doesn’t contain the IP address of every website that ever existed. But, one DNS server can start and finish the process and does this by connecting to other DNS servers.

What is a DNS Server? The DNS Hierarchy: Examining the Types of Server and Services

DNS servers are a big deal when it comes to domain name system infrastructure. A chain of events begins when you enter a site address into your web browser. These actions aim to connect you to the website you want, and the DNS server hierarchy makes sure you get to the right place.

What is the DNS server hierarchy? In basic terms, it’s a system of information exchange between IP address sources. 

Four main servers make up the DNS hierarchy:

  • DNS recursor or resolver: This server receives a DNS query and sends it to another server, looking for the right IP address. Internet service providers (ISPs) or third-party services provide DNS resolvers. If an IP address isn’t stored locally, a DNS recursor is often the first point of contact.
  • Root name server: This server contains information about the domain roots. Root name servers are a directory of DNS servers containing top-level domains (TLDs) like .com, .org, .co.uk, etc. These servers direct a query to the relevant TLD server.
  • TLD DNS server: Specific to top-level domains. Each TLD has a corresponding DNS server that acts as their directories. These servers have IP address information for websites in their domains. They don’t have the IP address for a website but the address of the corresponding authoritative server.
  • Authoritative name server: The final stop in the search for an IP address. The authoritative DNS server is managed by domain registrars or private organisations. Once a request reaches the naming server, a website’s IP address is sent back to the DNS recursor.  

How DNS Resolving Works: Introducing the Middleman

Ok, so, you’ve put a lot of thought into choosing a name for your website. But what happens when users type the domain name into their web browser? 

When you type a web address into your browser, a sequence of events begins. The goal is to locate the IP address of the website, and the first place your browser looks is for authoritative information stored locally.

DNS caching is all about storing IP addresses. Caches are found in two main locations:

Browser DNS caching: Aka a DNS resolver cache. Your browser stores website and IP address information. This saves time and gets users to their favourite websites quickly. First, a DNS request resolves. Next, browsers such as Google Chrome store this information for future requests.

Operating System DNS caching: The next place a request search goes for DNS resolution is the local cache of your device. This is known as the operating system (OS) cache.

If a DNS request can’t be resolved from local DNS information, the DNS recursors step in to find a solution. The DNS recursor mediates between your web browser and DNS servers until resolution.

DNS resolution follows these steps:

  1. The request for a domain is routed to a DNS resolver, either with your ISP or a DNS service such as Google DNS.
  2. If an identical request was made recently, the DNS resolver may have a match already cached. If not, it will query a root server for more information.
  3. The DNS root server will find a TLD server match for the query and send this information back to the DNS recursive server.
  4. The recursor/resolver makes a request for the matched TLD server for the respective domain.
  5. The TLD server responds with a match for an authoritative DNS name server.
  6. The DNS resolver makes a unified resource locator (URL) request to the name server of a domain registrar or organisation.
  7. The name server responds with the corresponding IP address.
  8. The DNS recursor/resolver sends the IP address match to your web browser. Typically, it will cache this information for future requests. That said, all DNS caching has an expiry date.

Once your web browser has the matched IP address, it makes a request to the server hosting the website. The host server answers this request by sending URL data and content to your device, and your browsers then display the fully functional website. 

Still with us? We know that’s a lot to take in. Luckily, all of these processes are handled behind the scenes. The entire DNS resolution journey takes place virtually instantaneously. In less than a second, you arrive at your intended destination. 

However, sometimes, not everything goes according to plan. A DNS server may not be responsive, a host server may be down, or a web address may be incorrect. In these cases, your request will time out, eventually leading nowhere.

Using DNS: Making Life Easier and More Secure

Using DNS servers isn’t an option for most organisations. But businesses like yours can still make it easy for customers to find you online. 

What is a DNS Address, and How Do I Find It?

A DNS address is also known as a DNS server address. This is the first line of defence during the DNS resolution process. There are two main types of DNS server address:

Primary DNS server: The preferred DNS server for looking up and making domain name requests. If this DNS address is online, it will handle your URL requests.

Secondary DNS server: This alternate DNS address is your device’s backup. The second DNS server will be queried if the primary DNS server is unavailable or fails to resolve a request. 

Using two DNS servers adds a level of redundancy that makes DNS resolution speedy. 

Your DNS server addresses are typically configured by your ISP by default, and you can contact them to find more information. But you can also manually configure DNS addresses in your network, browser, or device settings. 

Manual settings let you set a primary and secondary DNS server address. These will be the default servers that your browser uses for domain lookups. To find your current DNS server address, you can run ipconfig /all from the Windows command prompt. Or just run the command “cat /etc/resolv.conf” in macOS.

For your website, your domain registrar will send you the IP addresses of their primary and secondary name servers. You need this information to configure your host servers to link with your domain URL. 

You can also use DNS lookup tools like dnschecker.org and whatsmydns.net to find your DNS server address.

What is DNS on My Phone Used For?

The DNS works on your mobile phone in the same way as any other Internet-connected device. First and foremost, it enables ease of use with domain names and your phone’s web browser. When you enter a web address, the DNS resolution process happens as usual. 

DNS on your smartphone also streamlines connectivity for the following areas:

  • Email servers: Built-in and third-party email apps use DNS to connect your email accounts to hosted email servers.
  • Media streaming: Apps like Netflix and Hulu use DNS resolution to connect to media content.
  • Navigation apps: DNS processes connect location-based services like Google Maps to map data servers.
  • Phone security: DNS filtering maintains data security and user privacy.

Essentially, DNS servers keep your phone connected to the Internet and your mobile apps up to date and working well. 

What is DNS Settings on WiFi, and What Should My Settings Be?

It may seem confusing, but DNS settings on WiFi are configurable server addresses that affect every connected device. The DNS server acts as a phonebook during the resolution process. Remember, it saves you from having to type long strings of numbers and being able to type out memorable domain names.

While your browser or OS may have its own settings, so will any WiFi router. That means the router’s default settings initiate the process when trying to find a website. When a smartphone or laptop connects to a WiFi network, the wireless router directs domain requests according to DNS settings.

Your home or business networks usually have DNS servers automatically configured by default, and leaving this setting on will work fine in most cases.

However, a manual DNS configuration can optimise browsing for speed, performance, and security. For businesses dealing with sensitive data, security may be number one. Speed or performance might be the priority for organisations using a private network. A manual DNS configuration allows you to find a balance between all three aspects that work for your business.

You can configure your wireless network to use popular public DNS servers such as:

  • Cloudflare: 1.1.1.1 and 1.0.0.1 
  • Google Public DNS: 8.8.8.8 and 8.8.4.4
  • Quad9: 9.9.9.9 and 149.112.112.112
  • OpenDnS: 208.67.222.222 and 208.67.220.220
  • Cleanbrowsing: 185.228.168.9 and 185.228.169.9

Public DNS servers are free for any business to use. They offer improved speed and security over standard ISP servers. Or you can opt for a paid and managed DNS solution. Managed DNS services streamline things like performance optimization, load balancing, and traffic management. 

They also provide enterprise-grade security and offer analytics and tracking software. Google Analytics for example.

Managed DNS services like Amazon Route 53 offer 100% uptime, meaning they guarantee your customers will always be able to find your website (as long as your host servers are working).

What is a DNS Record? Allow Us to Explain…

A DNS record is also known as a zone file. These records are a set of instructions stored in authoritative name servers and contain the IP address of a domain. When you begin the DNS resolution process, it is the DNS record your browser searches for.

DNS records contain a standardised mapping of domain addresses, and there are many types of DNS records, including:

A record: “A” stands for address. This is the most standard type of DNS record. It contains the IP address and the domain URL.

AAAA record: Similar to an A record but matches for an IPv6 address. IPv6 is the latest version of Internet protocol, and it’s longer than IPv4 addresses.

CNAME record: Does not provide an IP address. Instead, this record is for forwarding one domain or subdomain to another. You need it for using multiple domains with one canonical website or forwarding for a migrated website with a new domain name.

MX record: Stands for “mail exchange. This DNS record is used for email servers and routes email to the right domain.

Certificate Authority Authorization (CAA) Record: Controls security certificate issuance e.g. SSL certificates, TLS certificates.

These are just a few examples of DNS record types, but there are many others. Each one serves a specific purpose and maintains the integrity of the domain name system.

What is DNS Traffic? How Does it Work and Is it Safe?

DNS traffic is the exchange of queries and responses due to the domain name system. Traffic flows between your device, the DNS resolver, and the many servers of the DNS hierarchy. One request sends off a cascade of traffic as an IP address is requested.

DNS traffic is made up of:

  • Queries
  • Responses
  • DNS caching
  • Recursive DNS traffic
  • Authoritative DNS traffic

All this traffic happens within a fraction of a second, providing an easy user experience. The downside is it does leave you at risk of DNS attacks. With so much information coming and going, hackers can get in at various steps in the process. This is because DNS traffic can reroute a user’s device and gain control or compromise sensitive information. 

One common way hackers do this is through what’s known as DNS cache poisoning, where they feed false data into a server’s caches. When a request is made, the DNS recursor checks the cache and pulls up the false IP address. Users then arrive at a professional and/ or similar-looking website. From here, they can give away their login credentials and financial details without realising it. 

Another popular method used by hackers is DNS tunnelling. Seemingly harmless DNS traffic can hide malicious software in the system. From here, hackers can control and command devices on your computer or network. 

This is why it’s best to include security measures during DNS resolution. DNS Security Extensions, or DNSSEC, add security layers that screen traffic. You can also go for private DNS in some circumstances.

What is Private DNS Mode? What Are the Benefits and How Do I Manage It?

Private DNS networks are separate from the more commonly used public DNS networks, which use encryption between your device and the DNS recursor. 

Two things make up a private DNS mode:

  • DNS over TLS (DoT): A cybersecurity standard for websites that use transport layer security protocols to secure data packet transfers.
  • DNS over HTTPS (DoH): Hypertext transfer protocol that provides a high level of website security. 

Private DNS mode also encrypts all DNS queries and responses, making it much more difficult for hackers to access your information and protect you from DNS spoofing and DNS tunnelling. A huge plus is that your browsing activity is also made more secure. 

All private DNS traffic is prevented from being logged by your ISP, so, in this way, nasty users can’t track your activity and use this to their advantage.

Using private DNS mode but configuring your network devices is also possible. Many public DNS resolver services mentioned earlier also support private DNS browsing.

What’s the Difference Between DNS Security and DNSSEC? Why Are They Important?

When creating a business website, you need to understand how DNS security operates. DNSSEC is crucial to cybersecurity but is only one component of DNS security. DNS security extensions help to authenticate DNS traffic, like queries and responses. The main purpose of DNSSEC is to prevent spoofing.

There are four common types of DNS security extensions:

  • Cryptographic: A symmetric key for DNS data authentication.
  • Response policy zones: Rules-based validation of DNS queries.
  • Data authentication and integrity: Digital signatures generated cryptographically. 
  • Authenticated denial of existence (DoE): Helps a recursor determine if a domain exists or not.

Each of these extensions adds a security layer for DNS authentication. For example, when a DNS recursor queries a TLD server, the response is validated by DNSSEC. If the data passes the checks, it is sent to the DNS recursor. 

DNS security also involves other areas, including:

  • Server redundancy: If a server goes down, a secondary DNS server steps in to keep IP addresses accurate and up to date.
  • DNS firewalls: Prevent users from visiting malicious websites that could infect networks. 
  • System and control: Pertains to the OS and all software being updated for cyber security and compatibility. 
  • DNS threat intelligence: External implementation of third-party response policy zones (RPZs). The DNS vendor can identify and quarantine attack patterns before they affect the system.

Take Control of Your Websites With a Safe and Reliable DNS Management System

When you build a website, you want everything to go smoothly. Once you’re up and running, you’re focused on brand awareness, reaching your audience more effectively, and making more sales. 

Don’t have time to sweat over a question like what is DNS management? With OnlyDomains, we can help you generate a perfect domain name in seconds. What about a website builder and hosting? We’ve got you covered for that too. 

Sign up with our service, and we will handle all of your DNS management for you, including authoritative name servers for your domain. We also provide SSL/TLS certificates for your website. 

And if you want to configure your DNS system for public or private DNS, our customer support team can help you with that, too. Register your domain with OnlyDomains today, and you’ll have a secure, reliable website up and running in no time.