The Domain Name System is an Internet service that allows computers to find the IP address of a given website or hostname. This system consists of a group of global servers, called name servers, that share a distributed, hierarchical database of lookup entries. In general, a lookup entry contains a hostname and its corresponding IP address.
Why do we need DNS?
We need DNS because humans are better at remembering names rather than numbers. On the other end, computers use IP addresses to communicate with each other. Moreover, DNS also makes it easy to implement load balancing because, with each request, the name server can return a different IP address. Without it, many services would stop working, impacting our day-to-day life, as it happened in the past when companies like Google and Amazon suffered global outages.
Brief history
Before the introduction of the DNS service, humans had to manually configure hostname resolutions by editing a file called hosts.txt. However, it became quickly evident that such a method was inefficient and error-prone. As a result, in November 1983 RFC 882 and RFC 883 introduced the first concepts of what would then be DNS. These two specifications suggested using a distributed database that would carry the association between hostnames and IP addresses. Eventually, in 1987 two new RFCs (RFC 1034 and RFC 1035) defined DNS as we know it. With the advent of the world wide web, the DNS service quickly became a critical internet service.
DNS components
The DNS has three main components:
- The Domain Name Space and Resource Records specify how the data is organized. The data is organized like a tree, where each branch and leaf holds specific information. When you want to know something about a website, you ask DNS with a question called a query.
- The Nameservers hold the information about a particular domain’s tree. A name server could hold complete information about a subset of the domain space, and pointers to other name servers that can be used to lead to information from any part of the domain tree. A name server is an AUTHORITY for these parts of the name space. Authoritative information is organized into units called ZONEs, and these zones can be automatically distributed to the name servers which provide redundant service for the data in a zone.
- The Resolvers are applications that extract information from the name servers in response to client requests. Generally a resolver is a system routine or call that is accessible to user programs. Simply put, a resolver is running on every networked host that needs to use DNS, including our own computers.
Records types
As mentioned above, the Domain Name Space is organized in Resource Records of different types. The following tables list the most common ones.
| Type | Description | Function |
|---|---|---|
| A | Address record | Returns a 32-bit IPv4 address of the associated hostname |
| AAAA | IPv6 address record | Returns a 128-bit IPv6 address of the associated hostname |
| CAA | Certification Authority Authorization | Contains acceptable Certification Authorities for a specific host or domain |
| CNAME | Canonical NAME record | Alias of a hostname, returns another hostname to lookup |
| DNAME | Delegation NAME record | Alias for a hostname and all its subnames |
| DNSKEY | DNS KEY Record | Used in DNSSEC |
| IPSECKEY | IPSEC KEY | Key record that can be used with IPsec |
| MX | Mail eXchange record | List of mail exchange servers for a specific domain |
| NS | Name Server record | Delegates a DNS one to use the given authoritative name servers |
| PTR | PTR Resource Record | Pointer to a canonical name, mostly used for reverse DNS lookups |
| SOA | Start Of a zone of Authority record | Provides authoritative information about a DNS zone, including the primary name server, and the email of the domain administrator. |
| SRV | SeRVice locator | General service location record, similar to the MX record but for other protocols |
| TXT | TeXT record | Originally used to carry human readable text, now often used to include machine readable data |
Servers types
In the Domain Name System there are four main types of name servers. As mentioned before, the name space is divided into sections called zones. Zones are distributed among the name servers. Name servers can have several optional functions and sources of data. The essential task of a name server is to answer queries using data in its zones. It is worth briefly describing the function of each one of them to better understand how DNS works.
- Root Servers: These are the top-level servers in the DNS hierarchy. They provide information about the top-level domain names (like .com, .org, .net, etc.) and the associated Top-Level Domain (TLD) name servers.
- Top-Level Domain (TLD) Servers: These servers manage specific top-level domains (like .com, .org, .edu) and provide information about the authoritative name servers for each domain.
- Authoritative Name Servers: These servers hold the official DNS records for individual domain names and provide the IP addresses associated with the domain names they are responsible for.
- Recursive Resolvers: These servers are contacted by the clients and generally managed by internet service providers (ISPs), enterprises, or third-party DNS services. When a computer requests a domain name, the device’s resolver contacts these above servers to recursively find the correct IP address. Some resolvers may cache data to reduce the time and traffic required to return results. Think about a large ISP that handles millions of requests per second, very similar to each other (e.g. google.com or facebook.com).
How does a DNS resolution work?
Putting this all together, we can now briefly describe how a DNS resolution works, and what’s happening behind the scenes. Let’s take the simple example of a user that wants to learn more about this cool network monitoring application called NetBeez. They will open their browser, type https://netbeez.net, and get the homepage of the website. Here’s what’s going on behind the scenes:
- The browser executes a system call to get the IP address of https://netbeez.net
- The client’s resolver checks the local hosts.txt file and, if there’s no static entry, contacts the DNS server configured, either statically or dynamically via DHCP.
- The client contacts the Recursive Resolver to request the IP address of the hostname.
- The Recursive Resolver contacts the Root Server to find who’s the TLD Server handling the .net portion.
- The Recursive Resolver contacts the TLD Server responsible for the .net portion to find who’s the Authoritative Server managing the netbeez.net portion.
- The Recursive Resolver finally contacts the Authoritative Name Server that is responsible for managing the netbeez.net domain and gets the IP address associated.
- The Recursive Resolver returns the IP address to the client’s resolver.
- The client establishes a TCP/IP socket with the server’s IP address on port 443 (HTTPS).
Monitoring DNS with NetBeez
A brief word about DNS monitoring and NetBeez capabilities. DNS performance is tightly associated with end-user experience. If a DNS resolution is slow, it will also slow web applications and other digital services down. For this reason, it’s very important to constantly monitor DNS resolution time and detect performance issues.
NetBeez provides an easy way to monitor DNS services and detect performance issues before they impact the end users. On the dashboard the administrator configures a DNS target, and applies it to end-user clients and dedicated cloud appliances. Learn more about it by requesting a demo.
Further Readings
If you want to learn more about DNS, we wrote other articles about it:
