What is DNS and how does it?work?
I am grateful to have worked on a really cool project over the past few months, which involved revamping our DNS application. Along the way, I have learned a lot about DNS, and I would like to share some of that knowledge with you.
Understanding DNS
DNS, or Domain Name System, is a crucial part of the internet, often called the “phonebook of the internet.” Here’s a closer look at how it works:
In the early days of the internet, DNS queries were handled by a hosts file, which system administrators updated manually. If you wanted to update your domain name on connected computers, you had to email the hostmaster, who would then manually update the information on the machines.
you can find the hosts file in your operating system:
Windows - C:\Windows\System32\drivers\etc\hosts
Linux - /etc/hosts
note: your dns query first reaches this file to resolve domain name before going out to the internet.
There were several significant issues with this approach:
Slow: The process of manually updating the hosts file was time-consuming. Each change required direct intervention by the hostmaster, leading to delays.
Scalability: As the number of internet-connected devices grew, maintaining a single hosts file became impractical. The flat architecture of the hosts file meant that every entry had to be managed individually, which didn’t scale well.
Reliability: The system was prone to errors. Manual updates could lead to inconsistencies and mistakes, making the system less reliable.
Emergence of Hierarchical Namespace Architecture:
To address these problems, the hierarchical namespace architecture of DNS was introduced. This new system was designed to be more efficient, scalable, and reliable. Here’s how it consists of:
Root - (.) - Top level of a domain, nothing can preside over it.
Top-Level Domain (TLD) – Examples include .com, .net, .org, .io, .ai.
Second-Level Domain - Examples include google, example.
Third-Level Domain - www, mail, ftp
note: your domain is interpreted in reverse order while querying - com.example.www
How it works:
Hierarchical Structure: Unlike the flat architecture of the hosts file, DNS uses a hierarchical structure. This means that domain names are organized in a tree-like structure, with different levels of domains (e.g., top-level domains like .com, .org, country codes like .us, .uk).
Distributed Management: DNS is managed in a distributed manner. Instead of a single hostmaster, multiple DNS servers around the world handle different parts of the domain name space. This distribution reduces the load on any single server and improves reliability.
Caching: DNS servers cache responses to queries, which speeds up the resolution process. Once a DNS server has resolved a domain name, it can quickly respond to subsequent queries for the same domain.
Redundancy: The hierarchical structure allows for redundancy. If one DNS server fails, others can take over, ensuring continuous availability.
The hierarchical DNS architecture is implemented globally, with root servers at the top of the hierarchy. These root servers manage the top-level domains and delegate authority to other DNS servers for lower levels of the hierarchy. This system ensures that DNS can handle the vast number of domain names and queries generated by the modern internet.
Domain Names and IP Addresses:
Every device connected to the internet has a unique IP address, which is a series of numbers. However, remembering these numbers is impractical for humans. DNS translates human-friendly domain names (like www.example.com) into IP addresses (like 192.0.2.1) that computers use to identify each other on the network.
The DNS Query Process:
When you type a website address into your browser, the first step is a DNS query. This query is sent to a DNS resolver, which is usually provided by your Internet Service Provider (ISP). The DNS resolver then checks its cache and root hints file to see if it has the IP address for the requested domain. If not, it queries other DNS servers, starting with the root DNS servers which then sends back with information such as IP address and other information about the top-level domain (TLD) servers (like .com or .org) which in turn send the information about the authoritative servers, and finally the authoritative DNS servers for the specific domain.
Types of DNS Records:
command to check this information:
nslookup -type=soa www.example.com
you can change the soa to any record type (a/aaaa/cname)to get the relevant information
DNS Caching:
To improve efficiency and reduce latency, DNS responses are cached. This means that once a DNS resolver has retrieved the IP address for a domain, it stores this information for a certain period (defined by the Time-To-Live or TTL value) to quickly respond to future queries. There are multiple caches within your query lifecycle, first the browsers cache, your local system dns cache, dns resolver cache. If there is no answer for your query in the cache, the query will follow the dns query process.
DNS Protocol:
DNS uses Layer 7 protocol the physical layer, it uses both UDP and TCP for communication
UDP – for operations that require speed, name resolution, and data is <= 512 bytes
TCP – Data needs to be delivered reliably, > 512 bytes
Default port on which server listens is 53
Security Considerations:
DNS is a critical part of internet infrastructure, and its security is paramount. Techniques like DNSSEC (DNS Security Extensions) add a layer of security by enabling DNS responses to be verified for authenticity.
Types of DNS attacks:
Cache Poisoning: Attackers insert false DNS data into a resolver’s cache, redirecting users to malicious sites.
Mitigation: Use DNSSEC (DNS Security Extensions) to authenticate DNS data.
NXDomain Attack: Attackers flood the DNS server with requests for non-existent domains, overwhelming it.
Mitigation: Implement rate limiting and use DNS firewalls to filter out malicious traffic.
DNS Query Flood: Attackers overwhelm DNS servers with a high volume of queries, causing denial of service.
Mitigation: Deploy load balancing and anycast routing to distribute the traffic load.
Phantom Domain Attack: Attackers set up domains that respond slowly or not at all, tying up DNS resolvers.
Mitigation: Use aggressive caching and timeout policies to minimize the impact of slow or unresponsive domains.
I hope this provides insights into DNS and its significance. Please reach out to me if you have any additional questions.