Domain Name System (DNS)
Overview
The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, and other resources connected to the internet or a private network. It translates human-readable domain names (like www.example.com) into IP addresses (like 93.184.216.34), allowing browsers and devices to locate and access websites and other online services.
How DNS Works
When you type a URL into your browser, DNS performs the following steps:
- DNS Query Initiation: The browser checks if the IP is already cached locally.
- Recursive DNS Resolver: If not cached, it queries a recursive resolver (usually provided by your ISP or a third-party like Google DNS).
- Root Name Server: The resolver first contacts a root name server (e.g.,
.) to locate the Top-Level Domain (TLD) name server. - TLD Name Server: It responds with the location of the authoritative name server for the domain.
- Authoritative Name Server: This server returns the IP address associated with the requested domain name.
- Browser Connection: The browser connects to the IP address and loads the website.
DNS Components
- Domain Name: A string like
example.com. - IP Address: The numerical label of a device (IPv4 or IPv6).
- Name Server: Stores DNS records and responds to queries.
- Resolver: Intermediary that fetches records for the client.
- Zone File: Contains mappings of domain names to IPs.
Types of DNS Records
| Record Type | Purpose |
|---|---|
A | Maps a domain to an IPv4 address |
AAAA | Maps a domain to an IPv6 address |
CNAME | Canonical name alias (e.g., www to root domain) |
MX | Mail exchange servers for email routing |
TXT | Arbitrary text (e.g., SPF, DKIM for email validation) |
NS | Nameserver records for the domain |
PTR | Reverse lookup from IP to domain |
SRV | Defines services (e.g., for SIP, XMPP) |
SOA | Start of Authority, contains domain admin info |
DNS Hierarchy
- Root Level: Managed by IANA; represented as a dot
. - TLDs (Top-Level Domains): Examples:
.com,.org,.net,.gov - Second-Level Domains: Custom domains like
google.com - Subdomains:
mail.google.com,support.microsoft.com
DNS Security
- DNSSEC (DNS Security Extensions): Adds cryptographic signatures to DNS data to protect against spoofing.
- DNS over HTTPS (DoH) and DNS over TLS (DoT): Encrypt DNS queries for privacy and integrity.
Popular DNS Providers
| Provider | DNS Address(es) |
|---|---|
| Google DNS | 8.8.8.8, 8.8.4.4 |
| Cloudflare DNS | 1.1.1.1, 1.0.0.1 |
| OpenDNS | 208.67.222.222, 208.67.220.220 |
| Quad9 | 9.9.9.9 |
Use Cases
- Website access and browsing
- Email delivery
- VPN routing
- Load balancing (via round-robin DNS)
- Content delivery networks (CDNs)
- IoT device communication
Fun Fact
The DNS system processes billions of requests daily, and the .com TLD alone contains over 150 million domain names!