What is DNS?

The Domain Name System is an Internet service that allows computers to find the IP address of a given website or hostname. This system consists of a group of global servers, called name servers, that share a distributed, hierarchical database of lookup entries. In general, a lookup entry contains a hostname and its corresponding IP address.

Why do we need DNS?

We need DNS because humans are better at remembering names rather than numbers. On the other end, computers use IP addresses to communicate with each other. Moreover, DNS also makes it easy to implement load balancing because, with each request, the name server can return a different IP address. Without it, many services would stop working, impacting our day-to-day life, as it happened in the past when companies like Google and Amazon suffered global outages.

Brief history

Before the introduction of the DNS service, humans had to manually configure hostname resolutions by editing a file called hosts.txt. However, it became quickly evident that such a method was inefficient and error-prone. As a result, in November 1983 RFC 882 and RFC 883 introduced the first concepts of what would then be DNS. These two specifications suggested using a distributed database that would carry the association between hostnames and IP addresses. Eventually, in 1987 two new RFCs (RFC 1034 and RFC 1035) defined DNS as we know it. With the advent of the world wide web, the DNS service quickly became a critical internet service. 

DNS components

The DNS has three main components:

  1. The Domain Name Space and Resource Records specify how the data is organized. The data is organized like a tree, where each branch and leaf holds specific information. When you want to know something about a website, you ask DNS with a question called a query. 
The Domain Name Space and Resource Records.
  1. The Nameservers hold the information about a particular domain’s tree. A name server could hold complete information about a subset of the domain space, and pointers to other name servers that can be used to lead to information from any part of the domain tree. A name server is an AUTHORITY for these parts of the name space. Authoritative information is organized into units called ZONEs, and these zones can be automatically distributed to the name servers which provide redundant service for the data in a zone.
  2. The Resolvers are applications that extract information from the name servers in response to client requests. Generally a resolver is a system routine or call that is accessible to user programs. Simply put, a resolver is running on every networked host that needs to use DNS, including our own computers.

Records types

As mentioned above, the Domain Name Space is organized in Resource Records of different types. The following tables list the most common ones.

TypeDescriptionFunction
AAddress recordReturns a 32-bit IPv4 address of the associated hostname
AAAAIPv6 address recordReturns a 128-bit IPv6 address of the associated hostname
CAACertification Authority AuthorizationContains acceptable Certification Authorities for a specific host or domain
CNAMECanonical NAME recordAlias of a hostname, returns another hostname to lookup
DNAMEDelegation NAME recordAlias for a hostname and all its subnames
DNSKEYDNS KEY RecordUsed in DNSSEC
IPSECKEYIPSEC KEYKey record that can be used with IPsec
MXMail eXchange recordList of mail exchange servers for a specific domain
NSName Server recordDelegates a DNS one to use the given authoritative name servers
PTRPTR Resource RecordPointer to a canonical name, mostly used for reverse DNS lookups
SOAStart Of a zone of Authority recordProvides authoritative information about a DNS zone, including the primary name server, and the email of the domain administrator.
SRVSeRVice locatorGeneral service location record, similar to the MX record but for other protocols
TXTTeXT recordOriginally used to carry human readable text, now often used to include machine readable data

Servers types

In the Domain Name System there are four main types of name servers. As mentioned before, the name space is divided into sections called zones. Zones are distributed among the name servers. Name servers can have several optional functions and sources of data. The essential task of a name server is to answer queries using data in its zones. It is worth briefly describing the function of each one of them to better understand how DNS works.

  1. Root Servers: These are the top-level servers in the DNS hierarchy. They provide information about the top-level domain names (like .com, .org, .net, etc.) and the associated Top-Level Domain (TLD) name servers.
  2. Top-Level Domain (TLD) Servers: These servers manage specific top-level domains (like .com, .org, .edu) and provide information about the authoritative name servers for each domain.
  3. Authoritative Name Servers: These servers hold the official DNS records for individual domain names and provide the IP addresses associated with the domain names they are responsible for.
  4. Recursive Resolvers: These servers are contacted by the clients and generally managed by internet service providers (ISPs), enterprises, or third-party DNS services. When a computer requests a domain name, the device’s resolver contacts these above servers to recursively find the correct IP address. Some resolvers may cache data to reduce the time and traffic required to return results. Think about a large ISP that handles millions of requests per second, very similar to each other (e.g. google.com or facebook.com).

How does a DNS resolution work?

Putting this all together, we can now briefly describe how a DNS resolution works, and what’s happening behind the scenes. Let’s take the simple example of a user that wants to learn more about this cool network monitoring application called NetBeez. They will open their browser, type https://netbeez.net, and get the homepage of the website. Here’s what’s going on behind the scenes:

  1. The browser executes a system call to get the IP address of https://netbeez.net
  2. The client’s resolver checks the local hosts.txt file and, if there’s no static entry, contacts the DNS server configured, either statically or dynamically via DHCP.
  3. The client contacts the Recursive Resolver to request the IP address of the hostname.
  4. The Recursive Resolver contacts the Root Server to find who’s the TLD Server handling the .net portion.
  5. The Recursive Resolver contacts the TLD Server responsible for the .net portion to find who’s the Authoritative Server managing the netbeez.net portion.
  6. The Recursive Resolver finally contacts the Authoritative Name Server that is responsible for managing the netbeez.net domain and gets the IP address associated.
  7. The Recursive Resolver returns the IP address to the client’s resolver.
  8. The client establishes a TCP/IP socket with the server’s IP address on port 443 (HTTPS).
Anatomy of a DNS query.

Monitoring DNS with NetBeez

A brief word about DNS monitoring and NetBeez capabilities. DNS performance is tightly associated with end-user experience. If a DNS resolution is slow, it will also slow web applications and other digital services down. For this reason, it’s very important to constantly monitor DNS resolution time and detect performance issues.

DNS monitoring target in NetBeez.

NetBeez provides an easy way to monitor DNS services and detect performance issues before they impact the end users. On the dashboard the administrator configures a DNS target, and applies it to end-user clients and dedicated cloud appliances. Learn more about it by requesting a demo.

Further Readings

If you want to learn more about DNS, we wrote other articles about it:

decoration image

Get your free trial now

Monitor your network from the user perspective

You can share

Twitter Linkedin Facebook

Let's keep in touch

decoration image