What is DNS? A Beginner's Guide to Domain Name System

What is a Domain Name System Server?

A DNS server is a computer with a database containing public IP addresses mapped along with the names of the websites that these IP address brings a user to. It is a phonebook, a directory, the yellow pages of the internet.

Whenever people type domain names (Think of www.facebook.com, www.youtube.com, etc.), what we type to a computer, the computer will use the DNS service to look up the IP address to then communicate with the server with said address.

A deep dive into DNS queries

What types of DNS queries exist? During a DNS lookup process, there can be three different queries that are performed. A query is a request for information, so if we want to know what IP address will lead us to the server that belongs to the URL we typed, we make a DNS Query. How a DNS query is fulfilled is a process involving 4 servers with different functionalities.

Recursive Query

A recursive query is where a DNS client requires that a DNS server responds to their request, either with the successful lookup result (which is the ip of the domain we want to access) or an error message if the resolver cannot find the record (this would result in a blank page with an error message saying the there is a resolution error).

Iterative Query

A DNS client will allow a DNS server to return the best answer possible. If the DNS server does not have any match results, it will respond by giving a lower-level authoritative DNS server. The DNS client will then make another query towards the new DNS server. This process continues until either a timeout (TTL) or an error occurs.

Non-Recursive Query

When a DNS resolver client queries a DNS server for a record it has access to, this is due to either being authoritative for the record or it exists inside the cache. Cache is used to prevent additional bandwidth consumption if the record was previously queried by another client or by the same client.

DNS Recursor

The first server, referred to as a DNS resolver, receives the query from the client, and it communicates with other DNS servers to find the right IP address. After it receives a request, it acts like a client itself, making the query towards other servers.

Root Nameservers

A root server is designed for the Internet’s DNS root zone. It answers the incoming requests by sending a list of authoritative nameservers that go with the correct TLD nameservers. It is the first step in translating the hostname into an IP address.

TLD Nameservers

A TLD Name server keeps the IP address of the second-level domain contained within the TLD name. It then releases the website’s IP address and sends the query to the domain’s nameserver. If a domain contains a “.com” at the end, there would be a TLD nameserver that contains all of the “.com” records, which will then point to an authoritative nameserver for that domain name.

Management of TLD nameservers is handled by the Internet Assigned Numbers Authority — IANA, which breaks TLD servers into two main groups:

• Generic Top-Level domains: Not country-specific, some of the best-known generic domains such as .com, .org, .net, .edu, and .gov

• Country Code top-Level domains: These include any domains that are specific to a country or state. Some examples: .uk, .us, .ru, and .jp.

  

Authoritative Nameservers

An authoritative nameserver answers the original DNS query. There are two types of servers in this category: master and slave (or primary and secondary). The master keeps original copies of the zone records, while the slave keeps an exact copy of the master. It can be used either as a backup for issues with the master server, or it can be used to balance the load, or both.

Authoritative DNS Servers vs DNS Servers

Authoritative DNS Server

An authoritative DNS server provides answers to the queries sent by the recursive DNS nameservers, providing information on where to find specific websites. They are responsible for specific regions such as a country, organization, or local area. The server keeps lists of domain names and the IP addresses that go with them.

Recursive DNS Server

After a user types in a URL in their web browser, the recursive DNS server first checks its cache memory to see if it has the IP address for the URL from a previous request. If it does exist in its memory, then the recursive DNS server sends back a response to the user, without having to proceed with the authoritative server. If it does not exist, it will go through the procedure of getting the IP address. Then the server’s next step is to store the IP address for a specific amount of time, which typically is defined by the owner of the domain using a TTL (Time To Live) variable as the parameter.

DNS Caching

The purpose of caching is to reduce resource consumption; instead of using bandwidth and processing power to send and receive messages from all servers, we can query once, and the query will be cached. DNS data can be cached, but to avoid storing too many DNS records, the records will have a determined time frame for which they will remain there.

Browser DNS Caching

The OS device you use to browse the web also stores DNS cache records, preventing redundancy when you try to go to the same site. What this does is it takes less time for your device to connect to the website. If your device goes in for the first time or you have deleted the cache and try to access the website, it will request the IP address and store it within itself for later use, without involving the DNS Server.

How to perform a DNS Lookup

A simple way of doing a DNS Record Lookup is by going to a Windows computer, opening the command prompt and typing NSLOOKUP, hitting enter, typing “set type=A”, hitting enter, and then entering the domain name you want to look up. A is a record type; in this article, it will be explained what it means and how many exist.

Domain Records Types

A and AAAA

This is the most fundamental type of DNS record, which indicates the IP address of a given domain. An “A” returns only an IPv4 address. If we want to hold an IPv6 address, we instead use “AAAA”.

example.com. 3600 IN A 93.184.216.34
example.com. 3600 IN AAAA 2606:2800:220:1:248:1893:25c8:1946

The majority of websites use only one “A” record, but it is possible to have multiple records with different IPs, but the same domain name. This lets the domain resolution process choose one of the IPs using a technique called round robin load balancing, which helps with the distribution of traffic to multiple servers that have the same purpose and reduces stress on one server if there is a surge in traffic.

CNAME

CNAME is short for “Canonical Name”; it is typically used when a domain or subdomain is an alias of another domain, so this means any CNAME records must point towards another domain, not to an IP Address.

In the next example, we have “www.example.com", which is the canonical name for “example.com”, so we use the CNAME to point to the domain, which may or may not be the A record, given that “example.com” may be another CNAME for a specific A record.

www.example.com. 3600 IN CNAME example.com.

For many cases, it is best not to create a chain of CNAME records just to point to a final A record. This is because we would then require extra steps to find the domain we are looking for, slowing the user experience, stressing out the DNS servers, and storing extra cache when it is probably unnecessary.

Another point to consider, a CNAME is unique, meaning that there cannot be multiple records with the same canonical name, but there can be multiple records with different CNAMEs pointing towards the same domain. So if we have “www.example.com", there can also be a “shop.example.com” or “blog.example.com” record pointing towards “example.com”.

MX

Also known as “Mail Exchange”, an MX record directs any and all emails to the mail servers. These records indicate how emails should be routed with SMTP.

example.com. 3600 IN MX 10 mail.example.com.

When a user sends an email, the Message Transfer Agent sends a DNS query to identify the mail servers for email recipients. Then the MTA establishes an SMTP connection.

An MX record cannot be pointed towards a CNAME; it needs to be pointed either towards an A record or an AAAA record.

TXT

A “text” record lets strings of text be stored in the DNS. Its purpose was mostly to place human-readable notes, though it has evolved to other purposes, such as preventing email spam and also domain ownership verification. Typically, a DNS imposes a limit on the length of a String, so it is not used for storing large amounts of data.

example.com. 3600 IN TXT “v=spf1 include:_spf.example.com ~all”

An “official” format that can be used in Domain Administration, though an admin can add anything they want, is to add attributes with their values, separated by an equal sign. So in the example above, we have “v” followed by an equal sign, then the value. A simpler way of looking at this format is if we add as a record “favorite color = orange” as a TXT record, where “orange” is my value of the attribute describing my “favorite color”. As mentioned, this record is mostly for adding notes that may be relevant to an administrator.

Spammers often fake the domains from which they send their email messages, so TXT records are one of the several authentication methods an email server uses to verify if the message is from a trusted source. Common email authentication methods include Domain Keys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication, Reporting & Conformance (DKIM, SPF, and DMARC, respectively). DKIM uses TXT for digital signatures for public-private key pairs, SPF uses TXT to list all servers authorized to send emails from a domain, and DMARC references both SPF and DKIM policies.

TXT records can verify domain ownership; usually, web services and cloud providers use this to confirm a user has ownership. An administrator verifies their control by adding or editing a specific TXT record in the DNS. The provider queries the DNS for this unique record; its presence confirms the administrator has the authority to manage this domain’s settings.

CAA

A Certificate Authority Authorization record specifies which certificate authorities (CAs) are allowed to issue certificates for a domain. This record reduces the chance of unauthorized certificate issuance and promotes standardization across your organization.

example.com. 3600 IN CAA 0 issue “letsencrypt.org”

SRV

A service record specifies a host and port for specific services, for example: VoIP, instant messaging, and other services.

ldap.tcp.example.com. 3600 IN SRV 10 5 389 ldapserver.example.com.

SVCB and HTTPS

Service Binding and HTTPS service records provide a client with information about how it should connect to a server upfront, without the need for an initial plaintext HTTP connection.

example.com. 3600 IN SVCB 1 svc.example.net. port=443 alpn=h2,h3
example.com. 3600 IN HTTPS 1 . alpn=h2,h3 ipv4hint=93.184.216.34

PTR

A DNS Pointer Record provides the domain name associated with an IP address. A DNS PTR is the opposite of the “A” record, which provides an IP address associated with a domain name.

34.216.184.93.in-addr.arpa. 3600 IN PTR server.example.com.

DNS PTR is used for reverse DNS lookups. When a user wants to reach a domain name, a DNS lookup occurs, matching the domain name to the IP address, while a reverse starts with the IP address and looks up the domain name.

SOA

Start of Authority records help store important information about a domain or zone, such as the email address of the administrator, the last updated date, and other information. All DNS zones need an SOA record in order to conform to IETF standards.

example.com. 3600 IN SOA ns1.example.com. admin.example.com. (
2025010101 ; Serial
3600 ; Refresh
1800 ; Retry
1209600 ; Expire
86400 ) ; Minimum TTL

admin.example.com is the administrator’s email address, though it does not have the @ sign. The line marked “serial” is the zone serial number, which is a version number for the SOA record. When the number changes, this alerts secondary nameservers that they should update their copies of the zone file.

NS

A “NameServer” record indicates which DNS server is the authoritative server for a specific domain. An NS record tells the Internet where to find the IP address they are looking for. A domain often has multiple NS records, which can be categorized as a primary or secondary nameserver. Without this record type, users are unable to load any website or application.

example.com. 3600 IN NS ns1.example.com.

An NS record can be updated either rarely or frequently, depending on the use case. For example, a cloud provider can change or add nameservers, which means that the records our DNS has could be old and need to be changed. Another example is for the distribution of traffic based on domains. If we have 2 nameservers, “ns1.example.com” and “ns2.example.com”, we can send traffic from “example.com” to “ns1” and “blog.example.com” to “ns2”.

NAPTR

Naming Authority Pointer Records are used in conjunction with SRV records. NAPTR records point to domains to specific services.

example.com. 3600 IN NAPTR 100 10 “U” “E2U+sip” “!^.*$!sip:info@example.com!” .

URI

Uniform Resource Identifier records are commonly used as a complement to NAPTR records and can be used to replace SRV records. They contain a Weight and Priority field as well as a Target.

_service.example.com. 3600 IN URI 10 1 “https://api.example.com/v1/resource"

DNS Terms

Domain name

A domain name is an easy-to-remember name that is associated with a physical IP address on the Internet.

Subdomain

A subdomain is a domain that’s part of a larger domain. Domain owners can create a subdomain to provide easy-to-remember addresses for web pages or services within their top-level domain.

Naked Domain

A naked domain simply is a domain address without the “www” prefix, such as google.com instead of www.google.com.

Primary Domain

The primary domain is the main domain that users commonly use to access the website that the organization or entity provided.

Secondary Domain

A secondary domain is the complement of the primary domain, where in some cases, the domain name may be similar to the primary domain, but with a different name. This could be a .com website and a .net website sharing the same name (“example.com” & “example.net”) or a similar name (“example.com” & “websiteexample.com”).

Domain Alias

A domain alias is a domain name that acts as an alias for another domain. You can add a domain to your account as a domain alias to give everyone in your domain another email address at the domain alias.

IP Address

An Internet Protocol Address is a series of numbers that identifies a device in a network. This can be in a Local Access Network (LAN) or a Wide Area Access Network (WAN).

Domain Registrar

A domain registrar is a company that sells available domain names that are available.

Domain Host

A domain host can be a server that runs the DNS service for existing domains and manages DNS records.

WHOIS Directory

The WHOIS directory is a public listing of domain names and the people or organizations associated with each name. You can use the WHOIS directory to determine the owner of domain names and IP addresses. There are many free web-based directories available on the Internet. The information provided in the WHOIS directory includes a mailing address and a telephone number.