Skip to main content

What is a DNS and How it Works? Domain Name System Explained

Have you ever wondered how the internet came to be? How is it that we can type down a web address and instantly be connected to it? There was once a time when this wasn't possible, at least not until DNS was introduced.

To understand how DNS came to be (and why it came to be) let's take a glimpse into the history of the internet. In 1958, President Eisenhower started the APRA a.k.a. The Advanced Research Projects Agency. The APRA was meant to help link computers at various Pentagon-funded institutions through telephone lines.

By the 60s, ARPA had grown rapidly, and the concept of computer networking was not too far behind. They developed ARPANET, the first wide area network capable of packet switching, and implemented TCP/IP protocols. ARPANET is considered the forerunner of the internet. At that time, the Stanford Research Institute maintained a centralized HOSTS.TXT file that mapped current sites by their numeral addresses. But with the rapid growth of internet technology around the globe, it has become difficult to keep track of all sites.

It was then that DNS was formed to help counter this bookkeeping problem. Paul Mockapetris (American computer scientist and internet pioneer) and his team were given the task of simplifying networking. In 1983, DNS was created and soon after became the Internet Standard. DNS was generally decentralized and allowed people to navigate the internet without having to remember the IP address of every computer.

DNS helped create easily identifiable names that would represent IP addresses, making it easier for users to surf the internet. This is because remembering a domain name such as ABC.com is much simpler than having to remember an entire IP address. Recall, that an IP address consists of complex digits and characters, which are simply not feasible to remember.

Now that we understand why DNS was formed and why it is important, let us take a closer look at how DNS works.

What is a Domain Name System(DNS)?

Think of DNS or Domain Name System as the phonebook of the internet. It is a naming database in which internet domain names are resolved into IP addresses. It essentially helps convert human-readable domain names in the alphabetical form to IP addresses in complex numerical form.

But why not simply rely on domain names and cut IP addresses out of the equation? Computers can only communicate with one another using numerical IP addresses. For your browser to connect you to a domain name you've entered, the DNS will first have to translate it into a computer-readable IP. You can still type an IP address into a browser to reach a website, but using an easy-to-remember domain name is preferable.

Today, there are over 359 million registered domains, but keeping a single directory of these domains would, once again, not be feasible. This directory has been distributed around the world on domain name servers. These servers regularly communicate with one another to keep their directories updated and to remove redundancies.

But who manages these DNS servers?

ICANN, also known as the Internet Corporation for Assigned Names and Numbers, was formed in 1998 and is tasked with managing the domain name system and root servers. The root servers tend to form the very top of the Domain Name System hierarchy. This hierarchy tends to start at the root servers, followed by the top-level domain (TLD) servers (such as ".com", ".net") and other authoritative name servers.

A common misconception is that we only have 13 root servers. In reality, there are 13 IP addresses that are assigned to multiple servers around the globe. Today there are over 600 DNS root servers distributed among all the populated continents in over 130 locations.

How Does DNS Work?

We know that DNS helps us access a website by converting a domain name like abc.com into a numerical IP address. But how does this work?

Behind the scenes, the DNS processes take place step by step, which ensures this conversion takes place. This conversion process is referred to as a "query". Here we'll be taking a closer look at the DNS process and how it works:

  1. Searching for a website: First, a user will type a hostname into a web browser. Your computer will search for the IP address associated with the site from its local DNS cache. The DNS cache is the temporary storage of information about previous DNS searches on your web browser. If the IP is found here, the website will be displayed. Your computer will start a DNS query to find the relevant IP address if it has not been recently accessed.
  1. Querying to Recursive DNS servers: In the next step, the request is carried to your ISP, where its recursive DNS servers will look into its records for the correct IP address. These recursive DNS servers also have a local cache and may have stored the web browser you've requested.
  1. Contacting outside DNS servers: If the domain is found in the recursive DNS cache, it will be displayed and the DNS process terminates here. If not, the ISP DNS resolvers will contact other DNS servers to get the correct IP address. If the server doesn't have the IP, the request will continue to carry on to the lower DNS server in the hierarchy and so on. This starts from root name servers to TLD servers and the final authoritative DNS servers.
  1. Retrieving and storing records: Next, the recursive server will retrieve the A (address) record of the domain from the target server and add it to its cache.
  1. Displaying website: Once your computer receives the A records, and stores them in its local cache, the browser will display the webpage relevant to the IP address of the domain it has received.

The structure of DNS are summarized below.

The DNS hierarchy is composed of 5 elements in the following order:

  • Root Level Domain
  • Top Level Domains (TLD)
  • Second Level Domains (SLD)
  • Subdomains
  • Hosts

When the DNS IP resolution process starts, it passes from the root level DNS to the top level domain DNS, followed by the second level DNS, and the various subdomains until they reach the actual hostname we want to resolve.

In a Domain Name System, you'll find two servers:

  1. Primary DNS server,
  2. Secondary DNS server.

A primary DNS server hosts a website's primary zone file. It is the first point of contact for a browser that needs to resolve an IP address. If the primary DNS server is unavailable or slow to respond, the browser will connect with the secondary DNS server.

The secondary DNS server will contain a recent copy of the same DNS records in the form of a secondary DNS zone file. Note that changes to DNS records can only be made through the primary server, which is then updated on the secondary DNS server. Moreover, secondary DNS servers are not mandatory but recommended as a backup in case your primary DNS server goes down.

What are the Features of DNS?

The Domain Name System has simplified the way we search for web pages on the internet. A Domain Name System has the following features:

  • Can easily map to a new IP if the old host IP address is altered
  • Are much easier to recall by memory than entire numerical IP addresses
  • Allow meaningful domain names to be converted into IP addresses so these addresses can be located
  • Can be managed by even novice users owing to its simplicity

Let us go over the various types of DNS servers:

  • Recursive resolvers: Recursive resolvers are the first step in a DNS query. They act as a middleman between the client and a DNS name server. Once they receive the response from an authoritative nameserver they will send it to the client and will cache the information for storage.
  • Root name servers: Root name servers are the first stop a recursive resolver makes when resolving an IP address. The root server will accept the query and respond by directing it to the TLD name server based on the final extension i.e. ".com", ".net" and so on, any of the root name servers present today.
  • TLD name servers: TLD name servers tend to store information for all domain names within one common domain extension, such as ".com" or ".net". If your website ends in .com the query will be forwarded to a .com TLD nameserver. The TLD name server will then respond by pointing it to the authoritative name server.
  • Authoritative nameservers: Authoritative nameservers form the final step in the recursive resolver's journey. The authoritative nameserver will contain specific domain information for the domain name it serves and will be able to provide the IP address of the server.

What are the Common DNS Records?

A DNS record is a database that is used to direct a URL to an IP address. DNS records are further stored in DNS servers where they can assist in delivering user website queries. Usually, when a DNS query is sent by a browser/device, it gets its response from these records with the help of DNS resolvers and the DNS server.

There are 4 commonly found DNS records, we'll be discussing each of them briefly:

  • A Record: The A (address) record is one of the most common DNS record types. These records map domain names to IPv4 addresses.
  • NS Record: The NS (nameserver) record is a DNS record that indicates which authoritative DNS server is responsible for the domain you are searching for.
  • TXT Record: The TXT (text) record is used to store any descriptive information in the form of text. Some domains add a certain string of characters to their TXT files so search engines can search for a domain and verify domain owners' ownership.
  • CNAME Record: The CNAME (canonical name) record helps redirect a domain to a new domain. These can come in handy if you wish to direct a part of your website to an external link.

What is DNS Security?

Like all things hosted online, DNS is also prone to cyber attacks. Cybercriminals may try to attack DNS infrastructure to keep it from performing reliably. Attackers have found many ways to exploit DNS servers. Some of the most common DNS attack types include:

  • DNS spoofing: DNS spoofing, also known as DNS cache poisoning, is when an attacker uses altered domain name records to redirect traffic to a malicious website. Recall how we discussed DNS servers storing DNS records in the form of a DNS cache, which could be reused in the future. During DNS spoofing, the attacker will place false information in the DNS resolver cache.
  • DNS tunneling: DNS tunneling allows the attacker to tunnel malware and other data through the client-server model without being detected by an organization's defenses.
  • DNS hijacking: DNS hijacking will allow the attacker to redirect your organization's web traffic to a malicious website. Users may think they are connected to a legitimate domain even though they are connected to a malicious domain.
  • DDOS attacks: DDOS attacks can render the DNS servers unavailable by flooding the particular domain's DNS servers with seemingly legitimate traffic.
  • DNS fast-flux attacks: DNS fast-flux attacks begin with fast fluxing, a technique that helps associate multiple changing IP addresses with a single domain. This way attackers can keep their web properties up and running without security teams blocking their IP addresses.

Your DNS needs to be secured just as you would your network. The DNS protocol was initially built without any integrated security. With more sophisticated threats emerging day by day, they are quick to exploit any vulnerabilities in the DNS protocols. It is for this very reason that you need to maintain multiple layers of security around your DNS. Reputation filtering, DNS inspection, IPS, protocol, and channel security can all help to keep your DNS secure.

What is a DNS Leak and How to Protect from a DNS leak?

A DNS is a type of security flaw that occurs when an IP query is sent to an ISP's DNS servers while the user is using a VPN, a virtual private network. A VPN is intended to mask a user's internet connection and keep their browsing activity limited to a private tunnel. In this way, their internet browsing history is hidden from everyone but the VPN provider. A DNS leak will compromise this privacy, allowing the user's DNS requests to move outside the private tunnel and expose them to their ISP.

To protect yourself from a DNS leak, first, determine if your DNS is leaking. This is done through a DNS leak test. Most VPN suppliers provide these tests to show the user's active IP address and location while using a VPN and their real IP address and location. Both can be compared to identify a DNS leak. To fix a DNS leak, you will have to reconfigure your VPN so it only connects to its DNS servers.

What is DNS Tunneling? How to Detect and Prevent DNS Tunneling?

As discussed earlier, DNS tunneling is a type of DNS attack wherein the attacker uses the DNS protocol to tunnel malware and exfiltrate the data. The attackers will first set up a server that runs malware and a domain to point towards it. They will use an infected host to query the attacker-controlled domain. When the DNS recursive resolver follows the query, it will create a tunnel for the attacker to reach their target, allowing them to take control of the host or extract data.

You can detect DNS tunnel attacks by looking out for unusual domain requests, and high DNS traffic volume, and through detection techniques such as payload analysis and traffic analysis. Furthermore, to prevent DNS tunneling, you should have an effective DNS filtering system in place. A DNS filtering system will be able to monitor, detect, and block malicious DNS queries.

What is DNS over TLS?

DNS over TLS or DoT is a type of network security protocol that provides full stream encryption between a DNS client and server. Since most communications between DNS clients and DNS servers are unencrypted they are prone to spoofing, interception, and other DNS attacks. DNS over TLS will help encrypt exploitable DNS traffic.

DNS over TLS will use the same security protocol (TLS/SSL) as most HTTPS websites use to encrypt their communications. Establishing TLS encryption for DNS resolution will help mitigate the chances of tampering with requests and responses across your DNS requests and responses.

What is DNS over HTTPS?

DNS over HTTPS, or DoH, like DNS over TLS, is another network security protocol. This one also functions by encrypting DNS queries and responses, but in this case, it uses the HTTP or HTTP/2 protocols, not the TLS protocols.

What is the Difference Between Name Server and DNS?

DNS and name server are two separate things. DNS, or Domain Name System, is an umbrella term that describes the underlying distributed database for devices connected to the internet. Think of it as a phone directory of the internet, converting human-readable domains into their relevant IP addresses. The protocols used by DNS are what allow computers to communicate via the internet.

A name server, on the other hand, is a part of your larger DNS system. Name servers are what hold the DNS records that connect a domain name to an IP address.

How to configure your DNS?

To configure your DNS settings, follow the step-by-step guide outlined below.

To configure DNS on Windows 10 you may follow these steps:

  1. Go to your control panel.
  2. From here, click Network and Internet > Network and Sharing Center.
  3. Click on "Change Adapter Settings" from the left menu.
  4. Now, right-click on the active connection you want to configure. If you are connected via WiFi or Ethernet, select the respective one.
  5. From the drop-down click "Properties".
  6. From the new window that opens, check the box "Internet Protocol Version 4 (TCP/IPv4).
  7. Now click Properties and at the bottom select "Use the following DNS server addresses".
  8. Under "Preferred DNS Server," add the primary DNS address. For the "Alternate DNS Server" add the secondary DNS address.
  9. Finally, select "OK".

To configure DNS on Android you may follow these steps:

(Note that these steps may differ slightly from model to model)

  1. Open your WiFi settings through "System" or by pulling down the notification bar, and long pressing the Wifi icon.
  2. Go to your Wifi network options.
  3. Scroll to the bottom of your network details until you find "IP Settings".
  4. Configure this to "Static".
  5. You can now make changes to DNS 1 and DNS 2 as needed by filling in your primary and secondary DNS servers.
  6. Save and exit.

To configure DNS on iPhone you may follow these steps:

  1. Launch "Settings"
  2. Click on "Wifi" and click on your connected WiFi network.
  3. Scroll down and click on "Configure DNS"
  4. Select "Manual" to mark it.
  5. You can now switch out the DNS servers with new DNS servers of your choosing.
  6. Click "Save".

To configure DNS on Linux you may follow these steps:

  1. For most Linux operating systems, the DNS servers are defined in the /etc/resolv.conf file.
  2. To edit this configuration file, open the /etc/resolv.conf file with an editor such as nano.
  3. If the file doesn't exist, use the following command to create it:
sudo nano /etc/resolv.conf
  1. Now, add lines for the DNS name servers you'll be using. These depend on the data center where your cloud servers are hosted.
  2. Once added, save the file,

How to Set up FreeDNS with pfSense?

FreeDNS is a DNS hosting service that helps people with a registered domain, use their DNS, free of charge. Is it safe to use FreeDNS? Absolutely! Most users review FreeDNS as not only safe but also reliable and secure. If you're wondering how you can setup FreeDNS with pfSense, follow the simple steps we've outlined below:

  1. Start by creating an account on FreeDNS by going to either Domains or Subdomains from the sidebar.
  2. You will be greeted by a new window where you should enter your subdomain
  3. Make sure you define this as an "A record" type.
  4. Once done, click save.
  5. Next, open Dynamic DNS and locate your record. You'll see a 'Direct URL" link. Copy this link. and You'll notice the link follows a string of characters after '.php?' and ends with '=', this is the unique identifier key you will be using to configure.
  6. Next, log in to pfSense. Go to Services > Dynamic DNS > Add (+)
  7. Fill in the necessary information. The type will be "FreeDNS '', the interface will be WAN and add the hostname/subdomain from FreeDNS. In the password section, add the unique identifier key you copied. Add the description as you wish. Leave the username blank.
  8. Finally, click save.

How to set up Unbound DNS on OPNsense?

Unbound DNS is a type of cache server, but it also offers recursions and keeps records from other DNS servers. It is quick and incorporates modern features based on open standards. It further is built in DNS over TLS support. As of OPNsense 17.7 Unbound is their standard DNS service, which is present by default on installation.

The Best DNS servers of 2022

Your internet service provider (ISP) will automatically assign your smartphone or router a DNS server when you connect to the internet. However, you can switch to an alternative of your own choice as well. If you're wondering which alternative may be the right one for you, take a look at some of the best DNS servers of this year:

  • Google Public DNS
  • Quad9
  • OpenDNS Home
  • Cloudflare
  • CleanBrowsing
  • Alternate DNS
  • AdGuard DNS