How DNS Works: Domain Name System Explained

DNS or Domain Name System is an integral part of Internet, and is quintessential for the web to work altogether, all of the internet would fall apart without DNS. What is DNS? DNS or Domain Name System is a system, of computers all around the world …

DNS or Domain Name System is an integral part of Internet, and is quintessential for the web to work altogether, all of the internet would fall apart without DNS.

What is DNS?

DNS or Domain Name System is a system, of computers all around the world with the goal of converting Domain Names like google.com into their respective IP Addresses.

What is DNS?

Everything on the Internet starts with a DNS request, whether you open a website, an app, send an email, etc, the Domain Name System can be seen as a computer version of phone book which can be used to find IP addresses of a particular device on the internet.

Everything connected to the Internet, including your device, has a unique IP address which other devices use to connect and find a particular device on the internet.

When you type in a URL like google.com in your browser, the browser goes on a quest to find the IP address of google.com, as it does not know how to open a website just by the domain name, and needs to know the IP addresses to make connection.

DNS eliminates the need to memorize IP addresses, and helps convert domain names into IP addresses and vice versa, this whole system is called DNS or Domain Name System, and the computers that run DNS are called DNS servers. Without DNS, we’d have to remember the IP address of all the websites we wanted to connect to — no fun.

How DNS Works?

Domain Name System (DNS) is all about converting a domain name into its IP address, let’s follow the path of a DNS lookup as it travels from a web browser, through the DNS lookup process, and back again:

Complete DNS Lookup

The complete process of querying and connecting to the desired website is a 10-step process, as explained in the diagram above:

Step 1: Everything starts when you type in a URL like example.com or open an app, and the query request is received by the configured DNS Resolver aka Resolving Name Server

Your OS or even the web browser may already have the IP address of the URL you are trying to connect in its memory cache or may have been configured already, but I have assumed that’s not the case here

Step 2: The Resolving Name Server then queries the Root Name Server aka the enigmatic (.) at the end of the URL you are trying to connect

Your Resolving Name Server may have the IP address of the URL you are trying to connect in its memory cache, but I have assumed that’s not the case here so that it can make the query to the Root Name Server.

Step 3: The Root Name Server responds to the Resolving Name Server with the address of the Top Level Domain (TLD) Name Servers (such as .com or .net); which stores information for its domains

Step 4: The Resolving Name Server then queries the TLD Name Server (.com)

Step 5: The TLD Name Server responds to the Resolving Name Server with the address of the Domain’s Name Server aka Authoritative Name Server — example.com.

Step 6: Now, The Resolving Name Server queries the Authoritative Name Server for the IP address of the particular domain (example.com)

Step 7: The Authoritative Name Server responds to the Resolving Name Server with the IP address of that particular website.

Step 8: Now, Your DNS Resolver of Resolving Name Server will respond to the web browser with the IP address of the website.

The DNS lookup is complete here, and now your web browser just needs to connect with the website or the service to receive & send data.

Step 9: Your web browser now makes an HTTP request to the IP address provided by the Resolving Name Server.

Step 10: The Server of the concerned website responds with the web page to be rendered by your web browser.

And, that’s the whole process, as you can see that’s a lot of querying and responding just to open a website, however all of that happens in just a few milliseconds. DNS was designed to be extremely fast and efficient, not really with privacy and security in mind, newer protocols like DNSSEC, DoH, DoT, etc. try to solve this problem.

Here’s a cool explainer on DNS by DNSMadeEasy:

DNS Explained by DNSMadeEasy

DNS Server Types

There are basically 4 kinds of DNS servers that are needed to do a DNS lookup, apart from your device and the main server used to fetch data:

Resolving Name Server

Resolving name server or DNS resolver or DNS recursor or recursive resolver is the actual workhorse of a DNS request, it essentially acts as the middleman between a client and a DNS nameserver.

Once it receives a DNS query from a web client, it will either respond with cached data, or send a request to a root nameserver, followed by another request to a TLD nameserver, and then one last request to an authoritative nameserver.

And, after receiving a response from the authoritative nameserver containing the requested IP address, the recursive resolver then sends a response to the client; it also caches the information received from authoritative name servers so that it can respond to any later DNS queries for the same domain faster, without going through the whole process again.

This is the only name server that an end user has a bit of control over, you should switch to a privacy-respecting encrypted DNS resolver instead of using the DNS resolver of your ISP.

All resolving name servers have the address of the root name servers, where they query for the TLD as well as the authoritative name servers iteratively; storing all of that information in its memory to resolve the IP address.

Root Name Server

Root Name Servers are the ones who have information about TLD name servers, and responds to the request based on the extension of that domain (.com, .net, .org, etc.). The root nameservers are overseen by a nonprofit called the Internet Corporation for Assigned Names and Numbers (ICANN).

There are 13 logical root name servers, with logical names in the form letter.root-servers.net, where the letter ranges from a to m, the Internet Corporation for Assigned Names and Numbers (ICANN) operates servers for one of the 13 IP addresses in the root zone and delegated operation of the other 12 IP addresses to various organizations including NASA, the University of Maryland, and Verisign.

However, there aren’t just 13 root name servers, in fact, there are many more, but still only 13 IP addresses used to query the different root server networks.

Limitations in the original architecture of DNS require there to be a maximum of 13 server addresses in the root zone, and in the early days of the Internet, there was only one server for each of the 13 IP addresses.

Today, there are over 600 different DNS root servers all over the globe, which use each Anycast routing to distribute requests based on load and proximity.

These root name servers respond to the query made by the resolving name server, with a TLD nameserver, based on the extension of that domain name (.com, .net, .org, etc.).

TLD Name Server

A TLD name server has information about the authoritative name servers of all the domain names that share a particular domain extension, such as .com, .net, .org, or whatever that comes after the last (.) dot of the URL.

For Example, a query for techcorpus.com will be queried to a .com TLD name server, which will then respond with the authoritative name server of the domain techcorpus.com.

TLD Name Server are maintained by Internet Assigned Numbers Authority (IANA), a branch of ICANN, which breaks up TLD servers into two main groups:

  • Generic Top-Level Domains (gTLDs) — Domains that are not country specific, like .com, .org, .net, .edu, and .gov, etc.
  • Country Code Top-Level Domains (ccTLDs) — Domains that are specific to a country or state, like .uk, .us, .ru, and .jp, etc.

Authoritative Name Servers

Authoritative Name Servers are the ones that have the actual IP addresses and other information of the actual website that was queried to the DNS resolver.

It has all the DNS records like A, CNAME, MX, TXT, and all other DNS records for a particular domain.

Authoritative name servers are usually maintained either by the domain registrar or the web server provider for the website, the developer, or the website owner can also use a third-party DNS hosting provider for better reliability and speed.

DNS Caching: Why, Where?

The whole point of caching (storing) the IP address and other DNS results locally on the browser, or on the operating system, or on the DNS resolver is to improve performance, and efficiency, by not querying the same request over and over again, however, sometimes you might need to clear the DNS cache to have the update DNS results.

DNS Caching is done for a set amount of time determined by a time-to-live (TTL), and it can be done at 3 levels:

Browser DNS Caching

All modern browsers have built-in caching capability to store or cache DNS records. This is the first place where your browser checks for the IP address of the concerned domain name.

In chrome, you can check your DNS cache by going to – ⁣chrome://net-internals/#dns

In Firefox, you can check your DNS cache by going to – ⁣about:networking#dns

Operating System (OS) DNS Caching

Your operating system also caches DNS records; this where your browser checks for the IP address, before sending the query to the resolving name server.

  • Windows: Open your command prompt, enter the command, ipconfig /displaydns to view DNS records.
  • macOS: Open the Terminal app, enter the command, sudo discoveryutil udnscachestats to view Unicast DNS cache, use the command, sudo discoveryutil mdnscachestats for Multicast DNS cache results.
  • Linux: There is no OS-level DNS caching unless a caching service such as Systemd-Resolved, DNSMasq, or Nscd is installed and running, and the process of viewing the DNS cache is different depending on the Linux distribution and the caching service you’re using.

DNS Resolver DNS Caching

All DNS resolvers also have a DNS cache for storing DNS records it knows to use for the next request.

How do I clear the DNS cache? 

Even though all DNS records come with a TTL or time-to-live value after which they expire and need to be queried again, there are times when you might need to force-clear the cache for your device to ask the DNS resolver to fetch updated DNS results.

Here’s how you can clear DNS records:

  • Firefox: go to about:networking#dns and click on “Clear DNS cache”
  • Chrome: go to chrome://net-internals/#dns and click on “Clear host cache”
  • Windows: type in ipconfig /flushdns in the command prompt
  • macOS: type in sudo killall -HUP mDNSResponder in the terminal
  • Linux: There is no OS-level DNS caching unless a caching service such as Systemd-Resolved, DNSMasq, or Nscd is installed and running, and the process of clearing the DNS cache is different depending on the Linux distribution and the caching service you’re using:
    • for Systemd Resolved: sudo systemd-resolve --flush-caches
    • for DNSMasq: sudo systemctl restart dnsmasq.service or sudo service dnsmasq restart
    • for Nscd: sudo systemctl restart nscd.service or sudo systemctl restart nscd.service

DNS records

DNS records or zone files on an authoritative DNS contains a lot of information about a domain, not just the IP address, in fact, it consists of a series of text files written in what is known as DNS syntax, which are basically commands that tell the DNS server what to do.

All DNS records also have a TTL or time-to-live that tells how often a DNS server will refresh that record, all domains will at least have an A record if it’s hosting a website, here are a few of the most common DNS records:

  • A record – contains the IPv4 address of a domain
  • AAAA record – contains the IPv6 address for a domain
  • CNAME record – used for forwarding one domain or subdomain to another domain, does contain an IP address
  • MX record – used for directing mail to an email server
  • TXT record – used for storing text notes
  • NS record – used for storing the name server for a DNS entry
  • SOA record – used for storing admin information about a domain
  • SRV record – used for specifying a port for specific services
  • PTR record – used for providing a domain name in reverse-lookups
  • CERT Record – used for storing encryption certificates like PKIX, SPKI, PGP, and so on

There are more such DNS records like AFSDB, CAA, APL, DNSKEY, etc. that are used for various other purposes.

DNS Security Protocols

Numerous DNS security protocols have been introduced since the earlier days of DNS to make DNS more private, secure, and reliable, here are a few of ’em:

DNSSEC

DNSSEC or Domain Name System Security Extensions strengthens authentication in DNS using digital signatures based on public key cryptography, with DNSSEC, it’s not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data.

These digital signatures are stored in DNS name servers alongside common record types like A, AAAA, MX, CNAME, etc. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered en-route, opposed to a fake record injected in a man-in-the-middle attack.

DNSSEC adds two important features to the DNS protocol:

  • Data origin authentication, allowing a resolver to cryptographically verify that the data it received actually came from the zone where it believes the data originated.
  • Data integrity protection, allowing the resolver to know that the data hasn’t been modified in transit since it was originally signed by the zone owner with the zone’s private key.

DNSSEC has been implemented by most authoritative DNS severs, check with your DNS provider for more details on how to implement it on your domain.

DNS over TLS

DNS over TLS or DoT works by encrypting your DNS queries and answers via TLS, the same protocol that HTTPS websites use to encrypt and authenticate communications, with the goal of increasing user privacy and security by preventing eavesdropping and manipulation of DNS data.

DoT adds TLS encryption on top of the user datagram protocol (UDP), which is used for DNS queries on port 853.

DNS over HTTPS

DNS over HTTPS or DoH, similar to DoT encrypts your DNS queries and answers via the TLS, however it sent via the HTTP or HTTP/2 protocols instead of UDP.

Just like DoT, DoH ensures that attackers can’t forge or alter DNS traffic, however, DoH traffic looks like any other HTTPS traffic from a network administrator’s perspective; aka normal user-driven interactions with websites and web apps.

DNS over HTTPS uses port 443, the same port used by HTTPS, making it indistinguishable from the normal HTTPS traffic from websites and apps.

Additional Resources

That’s all folks!

Our privacy tools page has recommendations for encrypted DNS resolvers.

Leave a Comment