How does DNS operate and what is it?

November 24, 2022
What is DNS and how does it work?

The Domain Name System (DNS) links the names of websites to their corresponding IP addresses, therefore increasing efficiency and even security.

One of the pillars of the internet is the Domain Name System , which operates in the background to link the names of websites that users put into search boxes with the accompanying IP addresses—a lengthy string of digits that no one could reasonably be expected to remember.

Although entering an IP address into a browser to access a website is still an option, most users prefer domain names, which are short, simple terms that are easy to remember. (Take Network World, for instance.)
In the 1970s and the beginning of the 1980s, Stanford Research Institute employee Elizabeth Feinler was tasked with the responsibility of connecting domain names with IP addresses. Feinler kept a master list of all computers that were linked to the internet. Given the internet’s explosive expansion, this was plainly unsustainable, therefore in 1983 Paul Mockapetris created DNS, an automated, scalable system that manages domain-name to IP-address translation.

How does DNS work

Keeping all of those names in a single directory would be challenging because there are already more than 342 million registered domains. Like the internet itself, the directory is spread globally on domain name servers that regularly exchange information with one another to give updates and remove duplications.

Performance improvement is a further justification for developing a distributed system. Imagine, for instance, that a single place would handle all of the simultaneous requests from around the world to resolve the domain name Google with its underlying IP address. Numerous servers trade DNS information in order to solve this problem.

This implies that a domain may have many IP addresses. For instance, when you type into your browser on your laptop or smartphone, a different physical server from the one you would access in a different country gets reached. No matter where you are in the globe, DNS still directs you to the correct location.

How does DNS function?

Root, top-level, and name servers, as well as recursive resolvers

Your computer initially does a DNS query using a DNS client, which is generally found in a Web browser, to determine the IP address associated with a domain name. A recursive DNS server, sometimes referred to as a recursive resolver, receives the query after that. Recursive resolvers are often run by Internet Service Providers (ISPs), such as AT&T or Verizon (or any other third-party), and they are aware of which further DNS servers to query in order to match a domain name with an IP address. Authoritative name servers are the ones that truly have the required servers.

The DNS is set up in a hierarchy. An initial DNS query is sent to a recursive resolver for an IP address. A root server that holds data on top-level domains (.com,.net, as well as country domains is the first place this search leads. The DNS system directs the request to the closest root server since root servers are dispersed around the globe.

A top-level domain server (TLD nameserver), which houses data for the second-level domain, which are the words you put into a search box, receives the request after it has reached the right root server. The DNS client device then sends the request to a domain nameserver, which searches up the IP address and delivers it back so it can access the correct website. It all happens in a matter of milliseconds.

Describe DNS caching.

You probably use Google numerous times every day. This information is kept on your own device so that your computer doesn’t have to call a DNS server in order to resolve the domain name with the IP address. Instead of asking the DNS nameserver for the IP address each time you input the domain name.

Additional caching can take place on the servers of the user’s ISP as well as on the routers that link clients to the internet. With so much caching taking place, there are much fewer queries that reach the DNS name servers, which improves the system’s speed and effectiveness.

How does the DNS addressing scheme operate?

For traffic to be correctly routed to any device that connects to the internet, it has to have a distinct IP address. It uses the IPv4 or IPv6 network to convert human requests into numbers. With IPv4, the figures are 32-bit integers written in decimal form.

Similar to a phone number that could contain a country code, an area code, etc., the string of numbers is broken up into pieces that comprise the network component, the host, and the subnet. The network portion of a number indicates the kind and classification of network that is associated with it. The particular computer on the network is identified by the host. Even though it is optional, the subnet portion of the number is utilized to navigate the often very enormous number of subnets and other divisions that make up a local network.

In contrast to the 32-bit numbers used by IPv4, which was developed to answer worries that the internet will run out of IPv4 addresses, IPv6 employs 128-bit integers. There are 340 trillion trillion IPv6 address combinations.

How are IP addresses distributed?

The Internet Corporation for Assigned Numbers and Names was given the responsibility of allocating IP addresses by the American government in 1998. (ICANN). Since since, the non-profit group has managed that function without any apparent interruptions. The development of new top-level domains is one area where ICANN establishes policy (such as .io).

ICANN generally plays a neutral and advising role. For instance, the current state of the internet allows anybody who wishes to register a domain to do so at any of the ICANN-accredited registrars, effectively decentralizing the already decentralized DNS system. New domains can quickly fill and be accessed from anywhere in the globe using DNS servers after being registered.

DNS security

Cybercriminals are quite skilled in finding flaws that may be used to their advantage in almost any system, and DNS has undoubtedly been the target of many attacks. 87% of the firms surveyed by IDC in 2021—which included more than 1,100 from North America, Europe, and Asia-Pacific—had encountered DNS assaults.

Each attack cost, on average, roughly $950,000 across all areas, and about $1 million for North American businesses. According to the survey, firms across all industries saw 7.6 assaults annually on average.

According to the analysis, the COVID-related shift to off-premises work and the subsequent response by businesses to migrate resources to the cloud to make them more accessible have given attackers new targets.

Additionally, 26% of firms reported that sensitive customer information was taken, up from 16% in 2020, according to the researchers, who also discovered a dramatic increase in data theft via DNS.

DNS amplification, DNS spoofing or cache poisoning, DNS tunneling, and DNS hijacking or DNS re-direction are examples of common forms of DNS assaults.

Describe DNSSec.

A security protocol called DNSSec was developed by ICANN to improve the security of communication between the various layers of servers participating in DNS lookups. It fixes flaws that would let hackers hijack lookups in the communication between DNS top-level, second-level, and third-level directory servers.

Through this hijacking, attackers are able to react to user requests for lookups to trustworthy websites by sending them to a malicious website. These websites can let visitors download malware or engage in phishing scams.

In order to prevent queries transmitted by end users from being intercepted by attackers, DNSSec solves this by requiring that each level of DNS server digitally sign its requests. This establishes a chain of trust that allows the integrity of the request to be verified at every stage of the search.

Additionally, it can ascertain whether a domain name actually exists, and if not, it can stop a fake domain from being transmitted to innocent requesters who are trying to resolve a domain name.

DoH stands for DNS over HTTPS.

DNS-based assaults that utilize some type of deceit to introduce malicious code into the DNS system have undoubtedly continued despite the fact that DNSSec attempts to address possible vulnerabilities within the scattered network of DNS servers.

The adoption of DNS over HTTPS, or DoH, an IETF standard that encrypts it requests in the same way that the HTTPS protocol already protects the majority of web traffic, would represent one of the biggest changes in the long history of DNS. DoH would be supported by companies like Google, Mozilla, and others.

But there is some dispute around the move to DoH. Parents have claimed that DoH might prevent them from putting parental controls over their children’s internet usage by preventing business IT from monitoring employee online activity. DoH could do this by encrypting DNS queries.

DNS over HTTPS adoption has been sluggish. The most recent versions of Google Chrome and Mozilla Firefox are installed on the client side of DoH, but the user has the option to disable them. Companies can choose to disable it if they want to exert some control over the browsers and browser versions that their staff use. Many of the top ISPs have not yet made DoH available on their end.

Finding my DNS server

In general, when you connect to the internet, your ISP will immediately set up the DNS server that you use. There are online tools that can reveal information about your current network connection, such as, if you want to know which servers are your primary name servers.

You are not required to utilize the default DNS server that your ISP has selected. If an ISP uses its DNS servers to route requests for nonexistent addresses to sites containing advertisements, for instance, some consumers may have good reason to avoid using their ISP’s DNS.

You may also direct your computer to a public DNS server that will operate as a recursive resolver as an option. Google’s DNS server is among the most well-known servers. is the IP address.